一种层次信任的多粒度RBAC扩展模型

J4 ›› 2013, Vol. 48 ›› Issue (7): 51-55.

一种层次信任的多粒度RBAC扩展模型

卢清平1,苏守宝1,2*,郁书好1,3,4,杨柳1

1.皖西学院信息工程学院, 安徽六安 237012; 2.金陵科技学院信息技术学院，江苏南京 211169；
3.合肥工业大学管理学院, 安徽合肥 230009; 4.合肥工业大学计算机网络系统研究所, 安徽合肥 230009

收稿日期:2013-07-11 发布日期:2013-12-03
通讯作者: 苏守宝(1965- ),博士,教授,博士后,硕士生导师,主要研究群智能计算与信息安全等. Email:cstry@wxc.edu.cn
作者简介:卢清平(1974- ),硕士,讲师,主要研究网络信息安全与WEB服务. Email:luqingping@wxc.edu.cn
基金资助:
国家自然科学基金资助项目(61075049, 61375121);国家科技型中小企业技术创新基金资助项目(12C26243403509);安徽高校省级自然科学研究项目(KJ2010B268, KJ2011A268);六安市委托产学研重点项目(2012LWB010, 2012LWA018)

An expanded RBAC model of multi-granularity based on trust hierarchies

LU Qing-ping1, SU Shou-bao1,2*, YU Shu-hao1,3,4, YANG Liu1

1. School of Information Engineering, West Anhui University, Liu’an 237012, Anhui, China;
2. School of Information Technology, Jinling Institute of Technology, Nanjing 211169, Jiangsu, China;
3. School of Management, Hefei University of Technology, Hefei 230009, Anhui, China;
4. Institute of Computer Network System, Hefei University of Technology, Hefei 230009, Anhui, China

Received:2013-07-11 Published:2013-12-03

摘要/Abstract

摘要：

针对企业级网络应用集成环境中授权和访问控制要求,提出一种以信任角色授权的分层和多粒度的访问控制扩展模型(EmRBAC),结合NIST-RBAC的标准模型,利用可信凭证扩展用户和角色之间的层次,增加角色的信任层次,并从系统、应用、操作对象的功能和级别、操作数据的时间周期等多个维度对标准模型进行了访问权限的粒度细化,加强访问权限的多粒度控制,并通过角色状态分层预处理,降低权限判别时的复杂性,提高访问控制效率。最后以开源门户eXo Platform为实验平台,给出了模型的访问控制流程以及应用实例,以验证提出模型的有效性。

关键词: 扩展RBAC;信任层次;角色状态;多粒度

Abstract:

Based on the application integration environment for enterprise network authorization and access control requirements, a trust role authorization by stratified and multi-granular access control extension model (EmRBAC) is proposed, which is combined with NIST RBAC standard model, use the trusted credentials extension level between users and roles, and increase the role of trust level. From the system, applications, functions and operation of the object level, operating data time period and many other dimensions of the standard model, the elaboration of granularity of access rights is carried out. Through the role of the state stratification pretreatment reduced privileges determine the complexity and increase the efficiency of access control. Final, as an open source portal exobiology platform for experimentation platform, the model of access control processes and application examples are obtained to verify the effectiveness of the proposed model.

Key words: extended multi-granularity RBAC (EmRBAC); trust hierarchy; role status; multi-granularity

中图分类号:

TP309

卢清平1,苏守宝1,2*,郁书好1,3,4,杨柳1. 一种层次信任的多粒度RBAC扩展模型[J]. J4, 2013, 48(7): 51-55.

LU Qing-ping1, SU Shou-bao1,2*, YU Shu-hao1,3,4, YANG Liu1. An expanded RBAC model of multi-granularity based on trust hierarchies[J]. J4, 2013, 48(7): 51-55.

参考文献

多维度评价

Viewed

Full text

Abstract

Cited

Shared

Discussed

[1]	邱修峰1,2,刘建伟1,伍前红1,刘建华1. 多路径域间路由决策检测协议[J]. J4, 2013, 48(7): 39-45.
[2]	倪亮1,2,3,陈恭亮3,李建华3. eCK模型的安全性分析[J]. J4, 2013, 48(7): 46-50.