一种基于可信度和属性的RBAC授权模型*

针对传统RBAC模型中存在用户角色指派的模糊性、用户授权认证决策的单一性及角色数量与管理的冲突等问题，提出一种结合属性与可信度的改进型RBAC授权模型——TA-RBAC模型。该模型通过增加对用户及所在平台的可信性认证，使得传统模型的认证方式得到了完善，保证了系统授权过程更为安全可靠；同时利用可信度和属性概念对传统模型的授权机制进行了扩展，通过用户认证可信度指派相应的系统角色，实现了动态的用户角色指派；在权限指派过程中引入属性实现对象激活操作，有效地减少了角色的设置数量并实现了更细粒度的授权。最后给出模型授

Trust-degree and attributes based RBAC authorization model

For the problems including the ambiguity of user role assignment, the unitary of user authorization certification decision-making, and the conflicts between role number and management etc in the traditional RBAC, the paper presented an improved RBAC model named TA-RBAC that combined attribute and trust-degree. The model made the authentication for the traditional model perfected by adding to the credibility authentication of user and their platforms, ensured that authorized process of the system was more reliable. Meanwhile, it extended authorization mechanism of traditional model using the concept of trust-degree and attributes. It implemented user dynamic role assignment through the corresponding user authentication credibility assigned. By introducing attribute into assign permissions, it realized object activation operation, effectively reduced the number of roles and implemented more fine-grained authorization. Finally, the paper gave the authorized process of the model and the application examples in digital home.