| 一种面向业务的动态访问控制模型 |
| |
| 引用本文: | 谭韧,殷肖川,李晓辉,卞洋洋.一种面向业务的动态访问控制模型[J].计算机科学,2017,44(8):140-145, 167. |
| |
| 作者姓名: | 谭韧 殷肖川 李晓辉 卞洋洋 |
| |
| 作者单位: | 空军工程大学信息与导航学院 西安710077,空军工程大学信息与导航学院 西安710077,中国人民解放军94789部队 南京210018,空军工程大学信息与导航学院 西安710077 |
| |
| 基金项目: | 本文受国家自然科学基金(61402510),陕西省工业科技攻关项目(2016GY-087)资助 |
| |
| 摘 要: | 针对基于角色的访问控制(RBAC)模型在业务处理流程中访问控制粒度过粗和无法动态调整授权等方面的问题,提出了一种面向业务的动态RBAC模型(BO-RBAC)。该模型参考基于任务的访问控制(TBAC)模型,引入了业务、业务步和授权步等概念,并形式化定义了模型的基本集合;同时将授权过程分为角色授权和授权步授权两部分,将业务执行视为随机过程,给出了基于马尔可夫链的动态授权方法;最后使用C++14对模型进行了实现。BO-RBAC模型结合了RBAC与TBAC的特点,具有访问控制粒度细、授权动态调整、满足安全规范等优点。
|
| 关 键 词: | RBAC TBAC 动态授权 访问控制 马尔可夫状态机 |
| 收稿时间: | 2016/9/28 0:00:00 |
| 修稿时间: | 2017/1/3 0:00:00 |
Dynamic Business-oriented Access Control Model |
| |
| TAN Ren,YIN Xiao-chuan,LI Xiao-hui and BIAN Yang-yang.Dynamic Business-oriented Access Control Model[J].Computer Science,2017,44(8):140-145, 167. |
| |
| Authors: | TAN Ren YIN Xiao-chuan LI Xiao-hui and BIAN Yang-yang |
| |
| Abstract: | Aiming at the problems of rough-grained access control and unable to adjust authorization dynamically in business process of traditional role-based access control (RBAC) model,a business-oriented dynamic RBAC model (BO-RBAC) was proposed in this paper.Taking TBAC model as reference,business step and authorization step are introduced into this model and basic model set is defined formally.Meanwhile,the authorization process is divided into two parts,role authorization and step authorization,and the execution is regarded as random process which shows a Markov chain-based dynamic authorization method.Finally,the model is implemented with C++14 programming language.BO-RBAC model combines the features of RBAC and TBAC,which introduces such advantages of fine-grained access control,dynamically-adjusting authorization and satisfy security specifications. |
| |
| Keywords: | RBAC TBAC Dynamic authorization Access control Markov state machine |
|
|
点击此处可从《计算机科学》下载全文 |
|
