| 一种基于RBAC的多域间角色映射机制 |
| |
| 引用本文: | 周鑫,潘理.一种基于RBAC的多域间角色映射机制[J].信息安全与通信保密,2012(5):78-80,83. |
| |
| 作者姓名: | 周鑫 潘理 |
| |
| 作者单位: | 上海交通大学电子信息与电气工程学院,上海,200240 |
| |
| 基金项目: | 国家自然科学基金资助项目,信息网络安全公安部重点实验室开放课题 |
| |
| 摘 要: | 针对基于角色的访问控制(RBAC)的多域系统,提出了一套安全而高效的满足策略合成与冲突解决要求的角色映射机制。通过引入对等权限概念,明确了策略合成的目标;支持了基于混合角色层次的RBAC系统上的多域间策略合成;提出了权限非上升原则和角色映射的3个属性来使得角色映射细粒度化,同时获得安全的全局策略。所提出的算法在策略合成过程中,自动检测和避免了策略冲突,合成算法的复杂度低,便于实际应用。
|
| 关 键 词: | RBAC模型 角色映射 继承环 SOD约束 策略合成 |
A Role Mapping Mechanism for RBAC-Based Multi-Domains |
| |
| ZHOU Xin,PAN Li.A Role Mapping Mechanism for RBAC-Based Multi-Domains[J].China Information Security,2012(5):78-80,83. |
| |
| Authors: | ZHOU Xin PAN Li |
| |
| Affiliation: | (School of Electronic Information and Electrical Engineering, Shanghai Jiaotong University, Shanghai 200240, China) |
| |
| Abstract: | For RBAC-based multi-domain systems, a reliable static role mapping mechanism that integrates multidomain policies without any constraint conflict is presented. By introduction of the equivalent permission concept, the goal of policy integration is defined, and the hybrid hierarchy is supported in this integration mechanism. The principle of non-rising permission and the role mapping attributes are proposed in order to achieve fine granulation and secure global policies. Due to the low algorithm complexity, this algorithm could be easily applied in practical scenarios. |
| |
| Keywords: | RBAC model role mapping cyclic inheritance SOD constraint policy integration |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
