访问控制策略的研究

访问控制策略在软件系统中起着重要的作用,与软件系统的安全性和可靠性有着直接的联系。选取何种访问控制策略,如何对系统的访问控制权限进行规划,是摆在软件分析设计人员面前的一个复杂课题。介绍了自主访问控制、强制访问控制和基于角色的访问控制三种主流的访问控制策略,并进行了对比分析。基于角色的访问控制策略依据两个重要的安全原则,强化了对访问资源的安全访问控制,并且解决了具有大量用户和权限分配的系统中管理的复杂性问题,广泛应用于当前流行的数据管理系统。

Research on Access Control Strategy

Access control strategy plays an important role in software system.It influences the security and reliability of software system.Which strategy will be applied,is a complex problem to plan and design authorization system.This paper presents three mainstream access control strategies:discretionary access control,mandatory access control and role-based access control,and compares with each other.Role-based access control policy strengthens access control to resources by two important security policies,and settles the management questions in a system of many users and permissions.It is applied to current data-management system widely.