| 基于角色的用户权力限制 |
| |
| 引用本文: | 陈松政,谢欣伟,何连跃. 基于角色的用户权力限制[J]. 计算机工程与设计, 2010, 31(12) |
| |
| 作者姓名: | 陈松政 谢欣伟 何连跃 |
| |
| 作者单位: | 国防科学技术大学计算机学院,湖南,长沙,410073 |
| |
| 基金项目: | 国家863高技术研究发展计划基金项目 |
| |
| 摘 要: | 基于角色提出并实现了一个用户权力限制模型.该模型通过角色授权控制,缺省不赋予登录用户任何特权.当用户操作或应用需要特权时,根据操作需求提升权限,并且一次有效;操作结束后,特权及时撤销.模型实现时,通过在用户与系统之间建立可信路径来防止权限提升过程中恶意程序进行篡改和窃取;通过改进访问控制列表检查算法减少了不必要的权限提升.用户权力限制模型能让用户更加安全、方便地控制系统,并有效地解决了用户权力最小化问题.
|
| 关 键 词: | 用户权力限制 最小特权 权限提升 访问控制框架 可信路径 |
Role-based user right confinement |
| |
| CHEN Song-zheng,XIE Xin-wei,HE Lian-yue. Role-based user right confinement[J]. Computer Engineering and Design, 2010, 31(12) |
| |
| Authors: | CHEN Song-zheng XIE Xin-wei HE Lian-yue |
| |
| Affiliation: | CHEN Song-zheng,XIE Xin-wei,HE Lian-yue(Department of Computer Science,National University of Defense Technology,Changsha 410073,China) |
| |
| Abstract: | A model of user right confinement(URC) based on roles is proposed and implemented.Under this model,the login user can not own any privilege by default via the role-based authorization control.The privilege would be promoted properly when it is required by an operation of the user or an application;however,it is available only once and would be disposed as soon as the operation had been finished.In order to protect the system from compromising and thieving by the malware,a trusted path between the user and s... |
| |
| Keywords: | user right confinement least privilege privilege promotion access control framework trusted path |
| 本文献已被 CNKI 万方数据 等数据库收录! |
|
