一种支持差异度量的角色动态转换方法

基于角色的访问控制(RBAC)因具有简单灵活、细粒度控制等特点，而广泛地应用于安全操作系统领域。基 于认证可信度模型，提出了支持角色转换的访问控制模型DRT-RBAC。模型中，通过量化认证系统不确定性和限定 角色的转换及转换范围，实现透明的角色转换，保证了系统的安全和稳定。为了度量角色的差异度，进一步提出了一 种基于层次分析的度量方法，通过分析角色中的内在关系，构造层次模型结构，计算每层权重和角色总权重，最后得到 角色差异度。在CentOS 5. 4系统中实现了DRT-RBAC模型，验证了其有效性。

Diversity-based Approach for Dynamic Role Transition

Role-Based Access Control(RBAC) has been widely applied to secure the operating system(OS) due to its flexibility and fine-granularity control. A novel access control model supporting dynamic role transition DRT-RBAC, is proposed on the foundation of authentication trustworthiness measurement system. In the model, through quantifying the uncertainty of authentication and constraining the bound of role transition, the process of role transition can be com- pletely transparent to the user, thus guaranteeing the safety and stability of OS. I''o measure the diversity of roles, we further introduce the Analytic Hierarchy Process(AHP) method. I3y analyzing the internal relation and structuring the hierarchical fabric,we calculate the weight for each layer. The diversity of two roles is finally obtained via comparing their weights. We implement the DRT-RBAC in CentOS 5. 4 and verify its effectiveness.