节点文献

一种动态RBAC模型研究

Research of a Kind of Dynamic RBAC Model

【作者】 黄锐

【导师】 李涛;

【作者基本信息】 四川大学 , 计算机软件与理论, 2006, 硕士

【摘要】 访问控制是网络安全技术中一个重要的研究领域。传统的访问控制机制如自主型访问控制和强制型访问控制,随着应用环境逐渐复杂,已远远不能满足现代系统安全的需求。基于角色的访问控制RBAC(Role-Based Access Control)在系统中引入了角色的概念,去除了用户与资源之间关系的直接耦合,强调了访问控制中抽象的重要性,增加了系统在制定访问控制策略与管理时的灵活性。然而,传统的RBAC模型中并没有说明系统管理员如何为用户分配和撤销角色,实现中往往采用了手工的静态方式来完成,导致的结果是企业管理成本的增加。为解决上述问题,基于规则的角色访问控制模型RB-RBAC(Rule-Based RBAC),在RBAC模型中引入了规则的概念,通过规则采用隐式的方法为用户分配相应的角色,系统管理员的工作可以由规则来自动的完成一部分。但,上述模型中共同的问题是,对角色的定义过于宽泛,角色所代表的语义不明确,角色既要体现企业的逻辑结构又要反映系统的安全策略,然而这两个部分在企业中变化的程度是不同的,企业的逻辑结构在很长一段时间内是不会变化的,因为它涉及到企业业务功能的部署;另一方面,随着企业应用环境的变化,比如,新的用户和新的资源的引入,企业需要新的安全策略来应对。这种变化程度上的矛盾,需要对现有模型进一步改进和扩展。本文在研究了已有诸多RBAC模型的基础上,进一步对RBAC模型进行了扩展。重新定义了模型中角色的概念,在用户-角色分配方式上借鉴了基于规则的角色访问控制;在角色-权限的分配上,为了适应安全策略的灵活动态的调整,引入了上下文的概念。不仅具有基于规则的角色访问控制模型已有的特性,此外,还考虑了用户和系统资源本身的状态,并建立了权限动态转移的机制,增强了访问控制系统中的灵活性与动态性,为系统的决策者和安全管理员

【Abstract】 Access Control is an important field in network security research. There’re two traditional access control machanism, Discretionary Access Control, and Mandatory Access Control, which both cannot meet the demands in nowadays system security any more, as for the increasing complicated application. Role-Based Access Control, RBAC , introduces the concept of Role in the system, by which the direct relations between user and resource has been decoupled, and abstraction is emphasized in RBAC. So, the policy decision and administration to some extent in system become more flexible than ever.However, in the conventional Role-based access control, how to assign the proper roles to users and revoke them isnot clearly demonstrated. Many applications implement this manully by the static machanism, which increases the cost of enterprise. In order to solve the problem above, Rule-Based RBAC model introduces the concept of rule in RBAC model. In this model, roles are implicitly assigned to users based on the rules defined by the system administrator, so, some works of the system administrator can be completed automaticly. But, an important promblem still remains in the above models, that the definition of role in these RBAC models is more broader and unclear in semantics. The role doesnot only conclude the logic structure of enterprise, but also the security policy of system. However, these two parts in enterprise will change with a different degree, the logic structure of enterprise will not change within a long time, because it concerns about the deploy of enterprise business functions; on another hand, as the changing in application environment of enterprise, such as the introduction of new users and new resources, there will need new security policy in enterprise. It’s still necessary to improve and extend the model to counter this contradiction in

  • 【网络出版投稿人】 四川大学
  • 【网络出版年期】2007年 02期
  • 【分类号】TP393.08
  • 【被引频次】13
  • 【下载频次】314
节点文献中: 

本文链接的文献网络图示:

本文的引文网络