一种基于TRBAC的动态多级Web服务访问控制模型

计算机科学 ›› 2014, Vol. 41 ›› Issue (3): 181-184.

一种基于TRBAC的动态多级Web服务访问控制模型

陈学龙,郑洪源,丁秋林

南京航空航天大学计算机科学与技术学院南京210016;南京航空航天大学计算机科学与技术学院南京210016;南京航空航天大学计算机科学与技术学院南京210016

出版日期:2018-11-14 发布日期:2018-11-14

TRBAC-based Dynamic Multilevel Access Control Model for Web Services

CHEN Xue-long,ZHENG Hong-yuan and DING Qiu-ling

Online:2018-11-14 Published:2018-11-14

摘要/Abstract

摘要： 在分析面向Web服务访问控制研究现状的基础上,针对当前Web服务访问控制模型中存在的不足,提出了一种基于TRBAC的动态多级Web服务访问控制模型(DMWS-TRBAC)。给出了其概念定义、形式化表示及约束规则。新模型引入了服务及其属性,设计了三级访问控制机制,达到了更加安全的细粒度授权。提出了角色扮演者和任务管理者的概念,扩充并严格定义了角色约束和任务约束的内涵,综合考虑时限约束、任务上下文、任务状态及职责分离原则,实现了更加灵活的动态授权。本模型提高了Web服务的安全性,完善了Web服务的访问控制机制,在某军工企业条件保障系统中的初步应用效果良好。

关键词: TRBAC,动态多级,Web服务,访问控制中图法分类号TP393文献标识码A

Abstract: Based on the research status of access control for Web services and according to the shortcoming in current models,a TRBAC-based dynamic multilevel access control model for Web services was proposed．The model defines some concepts and gives the formal representation and constraint rules．To achieve fine-grained permission,the model introduces services and services attributes,and designs the mechanism of three levels access control．The concepts of Role Actor and Task Manager were presented．The connotation of role constraint and task constraint were extended and defined strictly．The model combines temporal constraint,task context,task state and SSOD principle to describe dynamic permission,and improves the security of Web services and the mechanism of access control for Web services．The preliminary result of the model applied in the condition security system of some defense industry enterprise is good.

Key words: TRBAC,Dynamic multilevel,Web services,Access control

陈学龙,郑洪源,丁秋林. 一种基于TRBAC的动态多级Web服务访问控制模型[J]. 计算机科学, 2014, 41(3): 181-184. https://doi.org/

CHEN Xue-long,ZHENG Hong-yuan and DING Qiu-ling. TRBAC-based Dynamic Multilevel Access Control Model for Web Services[J]. Computer Science, 2014, 41(3): 181-184. https://doi.org/

参考文献

[1] Hosseinkhani M,Tarameshloo E,Shajari M．AMVPayword:Secure and efficient anonymous payword-based micropayment scheme[C]∥International Conference on Computational Intelligence and Security．2010:551-555
[2] Kreger H．Web Services Conceptual Architecture 1.0[S/OL]．IBM SoftwareGroup．http://www.ibm.com/software/solution/webservices/pdf/WSCA.pdf,2001
[3] 颜学雄,王清贤,马恒太.Web服务访问控制模型研究[J]．计算机科学,2008,35(5):38-41
[4] 唐金鹏,李玲琳,杨路明.面向用户属性的RBAC模型[J]．计算机工程与设计,2010,31(10):2184-2186
[5] 冯翔,甘灵,倪凯,等．基于Web Service的授权访问控制方法[J]．计算机应用与软件,2007,24(10):58-59
[6] 许峰,赖海光,黄皓,等．面向服务的角色访问控制技术研究[J]．计算机学报,2005,28(4):686-693
[7] Wonohoesodo R,Tari Z．A role based access control for Webservices[C]∥IEEE International Conference on Services Computing．Shanghai:IEEE Computer Society Press,2004:49-56
[8] 朱一群,李建华,张全海,等.一种面向Web服务的动态分级角色访问控制模型[J]．上海交通大学学报,2007,41(5):783-787
[9] 霍远国,马殿富,刘建,等．面向Web服务资源的两层访问控制方法[J].计算机科学,2010,37(7):125-129
[10] 翟治年,奚建清,卢亚辉,等.任务状态敏感的访问控制模型及其CPN仿真[J].西安交通大学学报,2012,46(12):y1-y7

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed