| RBAC职责分割定义及实现模型分析 |
| |
| 引用本文: | 欧阳昱. RBAC职责分割定义及实现模型分析[J]. 计算机工程与应用, 2005, 41(2): 112-115,190 |
| |
| 作者姓名: | 欧阳昱 |
| |
| 作者单位: | 北京理工大学信息科学技术学院计算机科学与工程系,北京,100081 |
| |
| 基金项目: | 国家“十五”科技攻关计划(编号:2001BA105A1006) |
| |
| 摘 要: | 访问控制是信息安全领域的重要问题之一;目前,基于角色的访问控制模型(RBAC)已被广泛接受,并成为领域专家学者研究的热点;职责分割(SoD)是RBAC的重要方面,它为增强高层次的组织安全策略提供了强大的机制,RBAC职责分割定义给出了各种职责分割约束的具体内容;针对不同的职责分割需求,各种基于角色的访问控制职责分割约束实现模型不断出现;根据应用系统的实际需求选择合适的访问控制模型必须了解各种模型的特点,该文通过分析RBAC中不同SoD模型的特点,指出其适用范围。
|
| 关 键 词: | 安全 访问控制 RBAC 约束 职责分割 |
| 文章编号: | 1002-8331-(2005)02-0112-04 |
Analysis on Definition and Realization Models of SoD in RBAC |
| |
| Ouyang Yu. Analysis on Definition and Realization Models of SoD in RBAC[J]. Computer Engineering and Applications, 2005, 41(2): 112-115,190 |
| |
| Authors: | Ouyang Yu |
| |
| Abstract: | Access control is an important content in the field of information security.At present ,the model of Role-Based Access Control(RBAC)has been widely accepted and has becoming the hotspot of related experts and scholars.Separation of Duty(SoD)is an important aspect of RBAC and is a powerful mechanism to enforce high-level security policy of an organization.The specific contents of constraints in each kind of SoDs are given by the definitions of SoDs in RBAC.Variant realization models of SoDs in RBAC have been emerged to satisfy different requirements on SoDs.To select a suitable access control model according to the real requirements in an application system,the advantages of each model must be carefully analysised.In this paper,the advantages of variant SoD models in RBAC are analysised and the suitable application fields of those models are pointed out. |
| |
| Keywords: | security access control RBAC constraint SoD |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
