首页 | 本学科首页   官方微博 | 高级检索  
     

基于角色的域-类型增强访问控制模型研究及其实现
引用本文:赵庆松,孙玉芳,张晓平. 基于角色的域-类型增强访问控制模型研究及其实现[J]. 电子学报, 2003, 31(6): 842-846
作者姓名:赵庆松  孙玉芳  张晓平
作者单位:1. 中国科学院软件研究所,北京 100080;2. 山东建筑工程学院,山东济南 250014
基金项目:国家 8 63高科技项目 (No 863 30 6 ZD1 2 1 4 2 ),国家自然科学基金项目 (No 60 0 730 2 2 ),中国科学院知识创新工程项目 (No KGCX1 0 9)
摘    要:安全系统只有能够支持多种安全政策才能满足实际需求.基于角色的访问控制(Role-Based Access Control,RBAC)是一种政策中性(Policy Neutral)的新模型,已经实现了多种安全政策.域-类型增强(Domain and Type Enforcement,DTE)安全政策充分体现了最小特权(Least Privilege)和职责分离(Separation of Duty)的安全原则,但是,RBAC96不便于直接实现DTE.根据RBAC和DTE的思想,本文提出了"基于角色的域-类型增强访问控制"(Role-Based Domain and Type Enforcement Access Control,RDTEAC)模型.该模型继承了RBAC96的优点,又体现了DTE的安全思想,并易于实现DTE安全政策.此外,我们还在Linux上实现了RDTEAC模型的一个原型.

关 键 词:信息安全  多安全政策  域-类型增强  基于角色的访问控制  基于角色的域-类型增强访问控制  
文章编号:0372-2112(2003)06-0842-05
收稿时间:2002-01-01

Research and Implementation of Role-Based Domain and Type Enforcement Access Control Model
ZHAO Qing-song ,SUN Yu-fang ,ZHANG Xiao-ping. Research and Implementation of Role-Based Domain and Type Enforcement Access Control Model[J]. Acta Electronica Sinica, 2003, 31(6): 842-846
Authors:ZHAO Qing-song   SUN Yu-fang   ZHANG Xiao-ping
Affiliation:1. Institute of Software,The Chinese Academy of Sciences,Beijing 100080,China;2. Shandong Institute of Architecture and Engineering,Jinan,Shandong 250014,China
Abstract:Only those systems which support multiple security policies can meet practical security requirements.The role-based access control (RBAC) is a new policy-neutral model,which has enforced multiple security policies.The domain and type enforcement security policy fully reflects the security principles of least privilege and separation of duties.According to RBAC and DTE,the role-based domain and type enforcement access control (RDTEAC) model is presented.RDTEAC not only inherits the advantage of RBAC,but also facilitates implementation of DTE security policy.A Linux prototype of RDTEAC was developed.
Keywords:information security  multi-policy security  domain and type enforcement  role-based access control  role-based domain and type enforcement access control  Linux
本文献已被 CNKI 维普 万方数据 等数据库收录!
点击此处可从《电子学报》浏览原始摘要信息
点击此处可从《电子学报》下载免费的PDF全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号