关键词: 角色模型, 访问控制, 角色管理, 关键权限, 安全冲突

Abstract: According to the exponential complexity and exile management measures of the most role-based access control model and algorithm when some services are requested, an efficient privilege manage method is put forward. After simplify system model (SSM) sets up, this paper proposes the privilege-based access control list (PBACL) and role plus(RP) aiming at managing the service authority effectively and more safely, then set up the structure of role relationship which divides the roles into transverse and longitudinal aiming at fast finding out the relationship of the roles. In view of different service request, the system can manage key privilege and correlated role by using PBACL; seek out the most appropriate roles set that satisfy the external service request by the user-defined RP algorithm, whose complexity is polynomial; resolve the conflict effectively because the key privilege is assigned to multiple users; support privilege fast reconstructed in the unstable systems. The scheme also adapts to access control in multi-domain. It can effectively avoid the problem that the key privilege is distributed to more than one user in multi-domain, and can also fast check out the security conflicts brought out by the roles mapped to other domains such as the cyclic inheritance conflict, the separation of duty, and so on.

Key words: role model, access control, role management, key privilege, security conflict