计算机科学

计算机科学 ›› 2014, Vol. 41 ›› Issue (Z6): 429-432.

• 软件工程与数据库技术 • 上一篇    下一篇

基于RBAC的复杂信息系统中访问控制模型的设计

强振平,何丽波,陈旭,李彤   

  1. 西南林业大学计算机与信息学院 昆明650224;云南大学软件学院 昆明650500;西南林业大学计算机与信息学院 昆明650224;云南大学软件学院 昆明650500
  • 出版日期:2018-11-14 发布日期:2018-11-14
  • 基金资助:
    本文受国家自然科学基金项目:云计算环境下双模型驱动的面向软件动态演化的建模与分析(61379032)资助

Design of the RBAC-based Access Control Model in the Complex Information Systems

QIANG Zhen-ping,HE Li-bo,CHEN xu and LI Tong   

  • Online:2018-11-14 Published:2018-11-14

PDF (PC)

392

摘要: 针对复杂信息系统中因角色数量多、用户职责属性经常动态改变等导致访问控制复杂的问题,在充分考虑用户的组织形式与授权关系的基础上,以用户所在机构、用户分组信息为角色分配主体,同时增加信息系统中资源访问操作权限范围限定,改进了RBAC模型并设计了实现改进模型的数据关系。实践结果显示,改进模型不仅可以方便地完成机构和用户组职责改变时对所涉及用户授权的修改,而且可以快速响应因人员职责属性改变引起的授权修改,同时能够灵活地完成资源访问操作权限的控制。

关键词: RBAC,访问控制,权限管理,资源管理,用户组 中图法分类号TP311文献标识码A

Abstract: To the complexity control problems in a complex information systems which was usually caused by the mana-gement of large numbers roles and the dynamically changing of the user’s responsibilities attributes,in this paper,we based on the full consideration of the relationship between the user’s authorization and the form of the use’s organization,used the organization and group as the main body to assigned the roles,and increasing the resource access permissions scope defined in information system,we proposed an improved RBAC model and designed the realized data relationships.Practical results show that not only can be easily complete the authorization which caused by the responsibilities changing of the organization and groups,and can quickly respond to the change of the property caused by the personnel duty,at the same time can flexibly achieve the resource access permissions.

Key words: Role-based access control,Access control,Authority management,Resource management,User group

[1] Sandhu R,Coyne E,Feinstein H.Role-based Access ControlModels[J].IEEE Computer,1996,9(6):38-47
[2] Fereaiolo D F,Sandhu R,Gavrila S,et al.Proposed NIST Stan-dard for Role-Based Access Control[J].ACM Transactions on Information and System Security,2001,4(3):224-274
[3] ANSI.American National Standard for Information Technolo-gy—Role Based Access Control[C]∥ANSI Int’l Committee for Information Technology Standards.Feb.2004:359
[4] 刘强,王磊,何琳.RBAC模型研究历程中的系列问题分析[J].计算机科学,2012,39(11):13-18
[5] 沈海波,洪帆.访问控制模型研究综述[J].计算机应用研究,2005(6):9-11
[6] 李凤华,史国振,马建峰.访问控制模型研究进展及发展趋势[J].电子学报,2012,40(4):805-813
[7] Sandhu R,Bhamidipadi V.The URA97 Model for Role-BasedUser-Role Assignment,Database Security XI:Status and Prospects[J].Chapman & Hall,1998
[8] Sandhu R,Bhamidipati V,Munawer Q.The ARBAC97 modelfor role-based administration of roles[J].ACM Transactions on Information and System Security,1999,2(1):105-135
[9] Sandhu R,Munawer Q.The ARBAC99model for administration of roles[C]∥Proceedings of the Annual Computer Security Applications Conference.Phoenix,USA,1999
[10] Sandhu R,Munawer Q.A Model for Role Administration Using Organization[C]∥Proceedings of the SACMAT’02.Monterey,California,USA,2002:155-162
[11] Zhang Xin-wen,Oh S,Sandhu R.PBDM:A Flexible Delegation Model in RBAC[C]∥Proceedings of SACMAT’03.Como,Italy,2003:149-157
[12] 朱君.角色协同中群体感知和访问控制技术研究[D].广州:中山大学,2009
[13] Yuan E,Tong J.Attributed based access control(ABAC) for Web services[C]∥ 2005IEEE International Conference on Web Services,2005(ICWS 2005).2005:11-15
[14] Xin J,Krishnan R,Sandhu R.A Role-Based AdministrationModel for Attributes[C]∥Proc.1st Int’l Workshop Secure and Resilient Architectures and Systems.ACM,2012:7-12
[15] Coyne E,Weil T R.ABAC and RBAC:Scalable,Flexible,andAuditable Access Management[J].IEEE Computer Society,IT Professional,2013,5(3):14-16
[16] Kirkpatrick M S,Bertino E.Enforcing Spatial Constraints forMobile RBAC Systems[C]∥Symposium on Access Control Models and Technologies-SACMAT.2010:99-108
[17] Kirkpatrick M S,Damiani M L,Bertino E.Prox-RBAC:a proxi-mity-based spatially aware RBAC[C]∥Proceedings of GIS.2011:339-348
No related articles found!
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发