基于属性的扩展委托模型
An Attribute-Based Extended Delegation Model
-
摘要: 为提高委托过程的安全性,对现有委托模型进行了扩展,提出了一个更加安全的基于属性的扩展委托模型(ABDM\-A). ABDM\-A中的委托约束不但包括委托先决条件(CR),还包含委托属性表达式(DAE).受托者必须同时满足委托先决条件和委托属性表达式才能被委托权限或角色.为保证委托过程的灵活性,ABDM\-A将委托属性表达式进一步分为永久和临时委托属性表达式,使得委托者可临时而不是永久地将某些高级权限委托给不具备资格的用户. ABDM\-A提高了委托过程的安全性,减轻了委托者和系统管理员的负担.Abstract: To increase the security of delegation, an attribute-based delegation model called ABDM\-A is presented, which is an extension of current delegation models. Delegation constraint in ABDM\-A consists of both delegation attribute expression (DAE) and delegation prerequisite condition (CR). Delegatees must satisfy delegation constraint (especially DAE) when assigned to a delegation role. For a better flexibility, delegation attribute expression is divided into two types: permanent and temporary delegation attribute expressions. With temporary delegation attribute expression, the delegator can temporarily, not permanently, delegate high level permission to low level delegatees. ABDM\-A relieves the security management effort of the delegator and the system administrator in delegation and increases the security of delegation.
-
Keywords:
- information security /
- access control /
- delegation /
- attribute
-
计量
- 文章访问数: 662
- HTML全文浏览量: 0
- PDF下载量: 530
下载:
