| 一种可审计的角色访问控制模型 |
| |
| 引用本文: | 傅鹂,段鹏松,胡海波.一种可审计的角色访问控制模型[J].重庆工学院学报,2008,22(1):1-5. |
| |
| 作者姓名: | 傅鹂 段鹏松 胡海波 |
| |
| 作者单位: | 重庆大学软件工程学院 重庆400044 |
| |
| 摘 要: | 为了解决访问控制策略无审计功能的问题,首先对3种主要的访问控制模型(MAC,DAC,RBAC)进行了比较,然后对目前应用较为广泛的RBAC模型进行了分析,再针对此模型没有对用户使用权限进行约束的不足,提出了可审计的控制访问模型RBAC-a,并进行了较详细的可行性和实用性分析,结合一个实际项目阐述了RBAC-a的具体应用情况,最后提出了访问控制未来可能的发展方向.
|
| 关 键 词: | 访问控制 安全审计 信息安全 |
Research on Auditable Role-Based Access Control Model and Application |
| |
| FU Li,DUAN Peng-song,HU Hai-bo.Research on Auditable Role-Based Access Control Model and Application[J].Journal of Chongqing Institute of Technology,2008,22(1):1-5. |
| |
| Authors: | FU Li DUAN Peng-song HU Hai-bo |
| |
| Abstract: | Aiming to solve the disadvantage of no audition function of access control strategies,this paper firstly compares three kinds of access control models(MAC,DAC,and RBAC),and analyses popular RBAC model.Secondly,it presents a new access control,Auditable Role-Based Access Control Model(RBAC-a),to improve the traditional RBAC.The feasibility and practicability of RBAC-a are also analyzed and the application of RBAC-a based on a business project is presented in this paper.Finally,the paper points out the possible direction of the access control from author's viewpoint. |
| |
| Keywords: | access control security audit information security |
| 本文献已被 CNKI 维普 等数据库收录! |
|
