计算机科学 ›› 2010, Vol. 37 ›› Issue (3): 29-35.

• 计算机网络与信息安全 • 上一篇    下一篇

一种RBAC的描述逻辑表示方法

马丽,马世龙,睦跃飞,伊胜伟   

  1. (北京航空航天大学计算机学院 北京100191);(中国科学院计算技术研究所智能信息处理国家重点实验室 北京100190)
  • 出版日期:2018-12-01 发布日期:2018-12-01
  • 基金资助:
    本文受国家自然科学基金(60273019,60496326,60573063和60573064)和国家重点基础研究发展规划(973) (No. 2005CB321902)资助。

Representation for RBAC Model in Description Logic

MA Li,MA Shi-long,SUI Yue-fei,YI Sheng-wei   

  • Online:2018-12-01 Published:2018-12-01

摘要: 基于角色的访问控制(RBAC)通过角色来控制用户对资源的访问,极大地简化了安全管理。虽然对RBAC的研究比较成熟,但由于RBAC目前缺乏形式化的表示,使得RBAC中的一些概念和性质存在不同的理解。描述逻辑(DL)是一种基于对象的知识表示的形式化系统,它是一阶逻辑的一个可判定的子集,具有合适定义的语义,并且具有很强的表示能力。为了给出RBAC的形式化方法,以描述逻辑为工具,RBAC96模型为基础,提出了RBAC的描述逻辑DLRBAC。用描述逻辑的符号给出了RBAC中主要的元素和关系的形式化定义,并证明了这种描述逻辑表示对于RBAC模型的忠实性。所提出的RBAC形式化模型可以作为进一步研究RBAC的理论基础。

关键词: 访问控制,角色,权限,描述逻辑,角色继承

Abstract: Role-Based Access Control (RBAC) controls the user's access to resources by indirectly using roles,which simplifies the security management greatly. Although the research of RBAC model is a mature area, the lack of formalination of RBAC results in uncertainty and confusion about the concepts and meaning of RBAC. Description Logic (DL) is a kind of object based knowledge representation formalism, and also a decidable fragment of first order predicate logic, with well-defined semantics and powerful representation capability. To give a formal description of RBAC, this paper took RBAC96 as a reference model and proposed a new formalized method to RBAC with description logic, called DLRBAC,which gives formal definitions to the concepts and relations of RBAC. This paper also proved that the formal representation is faithful to RBAC model. Based on the formalized modcl,we can further study RBAC.

Key words: Access control, Role, Permission, Description logic, Role inheritance

No related articles found!
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!