| 基于属性的扩展委托模型 |
| |
| 引用本文: | 叶春晓,吴中福,符云清,钟将,冯永.基于属性的扩展委托模型[J].计算机研究与发展,2006,43(6):1050-1057. |
| |
| 作者姓名: | 叶春晓 吴中福 符云清 钟将 冯永 |
| |
| 作者单位: | 1. 重庆大学计算机学院,重庆,400044
2. 重庆大学网络教育学院,重庆,400044 |
| |
| 基金项目: | 高等学校博士学科点专项科研项目 |
| |
| 摘 要: | 为提高委托过程的安全性,对现有委托模型进行了扩展,提出了一个更加安全的基于属性的扩展委托模型(ABDMA).ABDMA中的委托约束不但包括委托先决条件(CR),还包含委托属性表达式(DAE).受托者必须同时满足委托先决条件和委托属性表达式才能被委托权限或角色.为保证委托过程的灵活性,ABDMA将委托属性表达式进一步分为永久和临时委托属性表达式,使得委托者可临时而不是永久地将某些高级权限委托给不具备资格的用户.ABDMA提高了委托过程的安全性,减轻了委托者和系统管理员的负担.
|
| 关 键 词: | 信息安全 访问控制 委托 属性 |
| 收稿时间: | 02 24 2005 12:00AM |
| 修稿时间: | 2005-02-242005-12-02 |
An Attribute-Based Extended Delegation Model |
| |
| Ye Chunxiao,Wu Zhongfu,Fu Yunqing,Zhong Jiang,Feng Yong.An Attribute-Based Extended Delegation Model[J].Journal of Computer Research and Development,2006,43(6):1050-1057. |
| |
| Authors: | Ye Chunxiao Wu Zhongfu Fu Yunqing Zhong Jiang Feng Yong |
| |
| Affiliation: | 1. College of Computer Science, Chongqing University, Chongqing 400044; 2 . College of Network Education, Chongqing University, Chongqing 400044 |
| |
| Abstract: | To increase the security of delegation, an attribute-based delegation model called ABDM_A is presented, which is an extension of current delegation models. Delegation constraint in ABDM_A consists of both delegation attribute expression (DAE) and delegation prerequisite condition (CR). Delegatees must satisfy delegation constraint (especially DAE) when assigned to a delegation role. For a better flexibility, delegation attribute expression is divided into two types: permanent and temporary delegation attribute expressions. With temporary delegation attribute expression, the delegator can temporarily, not permanently, delegate high level permission to low level delegatees. ABDM_A relieves the security management effort of the delegator and the system administrator in delegation and increases the security of delegation. |
| |
| Keywords: | information security access control delegation attribute |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
