| 多域间动态角色转换的职责分离 |
| |
| 引用本文: | 廖俊国,洪帆,朱贤,肖海军.多域间动态角色转换的职责分离[J].计算机研究与发展,2006,43(6):1065-1070. |
| |
| 作者姓名: | 廖俊国 洪帆 朱贤 肖海军 |
| |
| 作者单位: | 1. 华中科技大学计算机科学与技术学院,武汉,430074;湖南科学技术大学计算机科学与工程学院,湘潭,411201
2. 华中科技大学计算机科学与技术学院,武汉,430074 |
| |
| 基金项目: | 国家高技术研究发展计划(863计划) |
| |
| 摘 要: | 两个或多个管理域间的安全互操作是一个重要的研究课题.Kapadia等人提出的IRBAC 2000模型通过动态角色转换灵活地实现了域间安全互操作.在IRBAC 2000模型中每个管理域均采用RBAC模型,职责分离是RBAC模型支持的最基本的3个安全原则之一,并可用一组静态互斥角色约束来表示.而IRBAC 2000模型没有考虑职责分离.因此,对动态角色转换违背静态互斥角色约束的各种情形进行了详细分析,并抽象出各种情形的本质特征;对动态角色转换是否会违背静态互斥角色约束提供了一种判定方法并给出了相应的算法;提出了使用先决条件来加强IRBAC 2000模型安全性的保护机制.
|
| 关 键 词: | IRBAC 2000模型 动态角色转换 互斥角色 先决条件 |
| 收稿时间: | 04 21 2005 12:00AM |
| 修稿时间: | 2005-04-212005-08-30 |
Separation of Duty in Dynamic Role Translations Between Administrative Domains |
| |
| Liao Junguo,Hong Fan,Zhu Xian,Xiao Haijun.Separation of Duty in Dynamic Role Translations Between Administrative Domains[J].Journal of Computer Research and Development,2006,43(6):1065-1070. |
| |
| Authors: | Liao Junguo Hong Fan Zhu Xian Xiao Haijun |
| |
| Abstract: | Secure interaction and interoperability between two or more administrative domains is d major concern. Kapadia et al. proposed the IRBAC 2000 model, which can be used to accomplish flexibly dynamic inter-domain role translations. However, in the IRBAC 2000 model, separation of duties is not considered, which is one of three basic security principles supported by the RBAC model, and enforced by statically mutually exclusive role constraints. Therefore, in this paper, the scenarios where dynamic role translations violate statically mutually exclusive role constraints are analyzed in detail, an approach to check the security problem is provided, and a protective mechanism utilizing prerequisite conditions to enforce the security of the IRBAC 2000 model is proposed. |
| |
| Keywords: | IRBAC 2000 model dynamic role translation mutually exclusive roles prerequisite conditions |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
