高级检索

    基于角色的扩展可管理访问控制模型研究与实现

    Research and Implementation of an Extended Administrative Role-Based Access Control Model

    • 摘要: 基于角色的访问控制(RBAC)具有简单灵活、细粒度控制、可用性强等特点,受到广泛的关注,近10年来,RBAC得到了广泛的研究与扩展.针对RBAC模型中存在的不足,提出了一种基于 角色的可管理访问控制模型EARBAC. EARBAC通过对客体资源、访问类型的进一步抽象,对NI ST RBAC参考模型进行了有效的扩展,更具通用性与更强的现实世界表达能力,同时与ARBAC 96的结合,使其具有良好的可管理能力.基于该扩展模型,实现了一个安全的网络文件原型 系统.

       

      Abstract: RBAC(role-based access control) is emphasized recently due to its simpleness, fl exibility, fine-grained control ability and strong usability, and has been prove n to be efficient to improve security administration with flexible authorization management. During the past decade, RBAC has been studied by many researchers a nd many extensions have been proposed to perfect it. Now, studies on the object part of RBAC model are relatively insufficient compared with those on the user-r ole part. A new administrative role-based access control model is proposed in th is paper, which extends the proposed NIST standard for RBAC effectively. The new model is more integrated and closer to most organizational structures by extend ing the abstracts about the objects and access type, and it can be administrated more conveniently combining with ARBAC 96 model. Based on this extended model, a secure network file system prototype is implemented.

       

    /

    返回文章
    返回