| 基于角色的访问控制中权限滥用的限制 |
| |
| 引用本文: | 王超. 基于角色的访问控制中权限滥用的限制[J]. 计算机工程, 2004, 30(6): 53-55,132 |
| |
| 作者姓名: | 王超 |
| |
| 作者单位: | 南京大学计算机科学与技术系,南京,210093 |
| |
| 基金项目: | 国家“863”高技术资助项目(2001AA144010) |
| |
| 摘 要: | 在实现基于角色访问控制(Role-Based Access Control,RBAC)的系统中,由于判断程序的权限仅仅根据启动该程序的角色,故一旦该程序有安全漏洞并被攻击,入侵者就会攫取该角色的全部权限进行权限滥用。该文提出程序角色(process role)的概念,并构建出动态生成程序角色的DKPRF(Double Knowledge based process Role Frame)框架,有效地限制了RBAC中权限的滥用。
|
| 关 键 词: | 基于角色访问控制 程序角色 基于双层知识的程序角色生成框架 |
| 文章编号: | 1000-3428(2004)06-0053-03 |
Prevent Misuse of Privileges in Role-based Access Control System |
| |
| WANG Chao. Prevent Misuse of Privileges in Role-based Access Control System[J]. Computer Engineering, 2004, 30(6): 53-55,132 |
| |
| Authors: | WANG Chao |
| |
| Abstract: | In RBAC(Role-Based Access Control) system, the privileges of a process is judged only by the role that runs the process, so the attacker will get all the privileges of the role and have the opportunity to misuse those when the process has some security vulnerabilities and is attacked successfully.This paper introduces a new concept:process role,and builds a frame of DKPRF(Double Knowledge based Process Role Frame) to produce the roles dynamically,so the misuse of privileges is prevented efficiently. |
| |
| Keywords: | Role-based access control Process role Double knowledge based process role frame |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
