| 若干安全操作系统中的基于角色的访问控制特性 |
| |
| 引用本文: | 刘伟,孙玉芳. 若干安全操作系统中的基于角色的访问控制特性[J]. 计算机工程与应用, 2004, 40(4): 41-44 |
| |
| 作者姓名: | 刘伟 孙玉芳 |
| |
| 作者单位: | 中国科学院软件研究所,北京,100080;中国科学院软件研究所,北京,100080 |
| |
| 基金项目: | 国家自然科学基金项目(编号:60073022),国家863高科技研究发展计划项目(编号:863-306-ZD,12-14-2),中国科学院知识创新工程(编号:KGCX1-09) |
| |
| 摘 要: | 文章分析比较了三个安全操作系统对基于角色的访问控制(RBAC)特性的支持,分别是:TrustedSolaris8操作环境,Secure-EnhancedLinux和红旗安全操作系统。这里把RBAC特性概括为三点:用户和角色的关联、支持角色间层次和限制关系、可关联的特权。虽然三个系统都提供了对RBAC基本特性的支持,但在实现方法上不尽相同。TrustedSolaris只允许用户拥有一个活动角色,而SELinux和RFSOS支持用户的多个活动角色。三者都实现了角色间的层次关系,TrustedSolaris和SELinux只支持角色间的动态冲突关系,只有RFSOS既支持角色间的静态冲突又支持动态冲突。
|
| 关 键 词: | 基于角色的访问控制 安全操作系统 静态冲突 动态冲突 |
| 文章编号: | 1002-8331-(2004)04-0041-04 |
Role-Based Access Control Features in Secure Operating Systems |
| |
| Liu Wei Sun Yufang. Role-Based Access Control Features in Secure Operating Systems[J]. Computer Engineering and Applications, 2004, 40(4): 41-44 |
| |
| Authors: | Liu Wei Sun Yufang |
| |
| Abstract: | This paper analyzes and compares Role-Base Access Control(RBAC)features supported in three secure op-erating systems :Trusted Solaris8Operating Environment ,Security-Enhanced Linux and RedFlag Secure Operating Sys-tem.We categorize RBAC features under three broad areas:user role assignment ,support for role relationships and con-straints,and assignable privileges.Our finding is that these products provide a sound basis for implementing the basic features of RBAC,although there are significant differences.In particular,Trusted Solaris restricts users to a single active role at any time ,while SELinux and RFSOS allow multiple roles to be activated simultaneously as the user's selection.All three provide support for role hierarchies.Trusted Solaris and SELinux support dynamic separation of duties,while RFSOS is the only one to support both of static and dynamic separation of duties. |
| |
| Keywords: | Role-Based Access Control(RBAC) Secure Operating System Static separaction Dynamic separation |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
