计算机科学 ›› 2015, Vol. 42 ›› Issue (3): 117-123.doi: 10.11896/j.issn.1002-137X.2015.03.024
熊厚仁,陈性元,张 斌,杨 艳
XIONG Hou-ren, CHEN Xing-yuan, ZHANG Bin and YANG Yan
摘要: 针对安全准则在授权管理安全性验证中具有的重要意义,提出了基于RBAC的授权管理安全准则。以保障授权管理的安全性为目标,分析了授权管理中的RBAC安全特性,深入剖析了授权管理安全需求,从数据一致性、授权无冗余、权限扩散可控、管理权限委托可控、满足职责分离和访问权限可用等方面给出了一致性准则、安全性准则和可用性准则3项授权管理安全准则。分析表明,该安全准则与现有的RBAC安全特性相一致,能够为基于RBAC授权管理的安全性提供有效支撑,为衡量其安全性提供标准和依据。
[1] Ferraiolo D,Kuhn D R.Role-Based access control[C]∥Procee-dings of the 15th National Computer Security Conference.1992:554-563 [2] Sandhu R,Coyne E,Feinstein H,et al.Role-based Access Control Models[J].IEEE Computer,1996,29(2):38-47 [3] Ferraiolo D,Sandhu R,Guirila S,et al.Proposed NIST Standard for Role-based Access Control[J].ACM Transactions on Information and System Security,2001,4(3):224-274 [4] Munawer Q,Sandhu R S.Simulation of the augmented typed access matrix model (ATAM) using roles[C]∥Proceedings of INFOSECU99 International Conference on Information and Security.1999 [5] Crampton J.Authorizations and antichains[D].Thesis,BirbeckCollege,University of London,UK,2002 [6] Koch M,Mancini LV,Parisi-Presicce F.Decidability of safety in graph based models for access control[C]∥Proceedings of the 7th European Symposiumon Research in Computer Security.2002:229-243 [7] Li N H,Mitchell J C,Winsborough W H.Beyond proof-of-compliance:Security analysis in trust management[J].Journal of the ACM,2005,2(3):474-514 [8] Li N,Tripunitara M.Security analysis in role based access control[J].ACM Transactions on Information and System Security,2006,9(4):391-420 [9] Sasturkar A,Yang P,Stoller S D,et al.Policy analysis for administrative role based access control[C]∥Proceedings of the 19th IEEE Workshop on Computer Security Foundations.Washington:IEEE Computer Society,2006:124-138 [10] Habib M A,Abbas Q.Mutually exclusive permissions in RBAC[J].Int.J.Internet Technology and Secured Transactions,2012, 4(2/3):207-220 [11] Ferrara A L,Madhusudan P,Parlato G.Security Analysis ofRole-based Access Control through Program Verification[C]∥Proceedings of 2012 IEEE 25TH Computer Security Foundations Symposium.2012:113-125 [12] Yang Ping,Gofman M,Yang Zi-jiang.Policy Analysis for Ad-ministrative Role Based Access Control without Separate Administration[C]∥Wang L,Shafiq B,eds.IFIP International Federation for Information Processing 2013(DBSec 2013).LNCS 7964,2013:49-64 [13] Liu Xiao-fan,Alechina N,Logan B.Expressing User Access Authorization Exceptions in Conventional Role-Based Access Control[C]∥Deng R H,Feng T,eds.Springer-Verlag Berlin Heidelberg 2013(ISPEC 2013).LNCS 7863,2013:233-247 [14] 王婷.面向授权管理的资源管理模型研究[D].郑州:信息工程大学,2011 [15] Harrison M A,Ruzzo W L,Ullman J D.Protection in operation systems[J].Communications of the ACM,1976,19(8):461-471 [16] 刘强,姜云飞,李黎明.RBAC系统的权限泄漏问题及分析方法[J].计算机集成制造系统,2010,16(2):431-438 [17] 徐璐.基于安全标记的Web应用访问控制技术研究[D].郑州:信息工程大学,2009 |
No related articles found! |
|