| 一种基于角色访问控制模型的约束规范描述 |
| |
| 引用本文: | 许春根 严悍 刘凤玉. 一种基于角色访问控制模型的约束规范描述[J]. 计算机科学, 2003, 30(7): 117-121 |
| |
| 作者姓名: | 许春根 严悍 刘凤玉 |
| |
| 作者单位: | 1. 南京理工大学应用数学系,南京,210094;南京理工大学计算机系,南京,210094
2. 南京理工大学计算机系,南京,210094 |
| |
| 基金项目: | 国防科工委基金(项目编号:J1300B004) |
| |
| 摘 要: | 传统的访问控制主要有自主型的访问控制DAC(Discretionary Access Control)和强制型的访问控制MAC(Mandatory Access Control)。强制型访问控制是“强加”给访问主体的,即系统强制主体服从访问控制政策。自主型的访问控制是在确认主体身份以及它们所属的组的基础上,对访问进行限定的一种方法。随着企业规模的增大,企业的信息化管理变得越来越重要,企业级访问控制和安全管理设计将是最难解决的问题之一,DAC和MAC已不能满足需要。20世纪90年代
|
| 关 键 词: | 角色 访问控制模型 约束规范描述 CORBA 计算机网络 模块化 |
Constraint Specification for the Model of Role-Based Access Control |
| |
| XU Chun-Gen YAN Han LIU Feng-Yu. Constraint Specification for the Model of Role-Based Access Control[J]. Computer Science, 2003, 30(7): 117-121 |
| |
| Authors: | XU Chun-Gen YAN Han LIU Feng-Yu |
| |
| Abstract: | The access control is very important for the information management of modern enterprises . This paper proposes a framework of well.defined constraint specifications for developers to build application.level access control based on users' roles. They ensure that each role is configured with consistent privileges, each actor is authorized to proper roles and then each actor can activate and play his authorized roles without interest conflicts. These formal constraint specifications are described by the first.order predicate logic, and also some properties are proved. The model provides relatively independent, consistent and inferable constraint specifications for developers to design access control of large and complex enterprise systems. |
| |
| Keywords: | Class Access control Model Role Security |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
点击此处可从《计算机科学》下载全文 |
