| 基于RBAC的授权管理安全准则分析与研究 |
| |
| 引用本文: | 熊厚仁,陈性元,张 斌,杨 艳.基于RBAC的授权管理安全准则分析与研究[J].计算机科学,2015,42(3):117-123. |
| |
| 作者姓名: | 熊厚仁 陈性元 张 斌 杨 艳 |
| |
| 作者单位: | 1. 解放军信息工程大学 郑州450001
2. 河南省信息安全重点实验室 郑州450001 |
| |
| 基金项目: | 本文受国家“863”高技术研究发展计划(2012AA012704),国家“973”重点基础研究发展计划 (2011CB311801),河南省基础研究计划项目(142300413201),河南省科技创新人才计划(114200510001)资助 |
| |
| 摘 要: | 针对安全准则在授权管理安全性验证中具有的重要意义,提出了基于RBAC的授权管理安全准则。以保障授权管理的安全性为目标,分析了授权管理中的RBAC安全特性,深入剖析了授权管理安全需求,从数据一致性、授权无冗余、权限扩散可控、管理权限委托可控、满足职责分离和访问权限可用等方面给出了一致性准则、安全性准则和可用性准则3项授权管理安全准则。分析表明,该安全准则与现有的RBAC安全特性相一致,能够为基于RBAC授权管理的安全性提供有效支撑,为衡量其安全性提供标准和依据。
|
| 关 键 词: | 访问控制 授权管理 基于角色的访问控制 安全准则 职责分离 互斥 |
Security Principles for RBAC-based Authorization Management |
| |
| XIONG Hou-ren,CHEN Xing-yuan,ZHANG Bin and YANG Yan.Security Principles for RBAC-based Authorization Management[J].Computer Science,2015,42(3):117-123. |
| |
| Authors: | XIONG Hou-ren CHEN Xing-yuan ZHANG Bin and YANG Yan |
| |
| Affiliation: | The PLA Information Engineering University,Zhengzhou 450001,China Henan Key Laboratory of Information Security,Zhengzhou 450001,China,The PLA Information Engineering University,Zhengzhou 450001,China Henan Key Laboratory of Information Security,Zhengzhou 450001,China,The PLA Information Engineering University,Zhengzhou 450001,China Henan Key Laboratory of Information Security,Zhengzhou 450001,China and The PLA Information Engineering University,Zhengzhou 450001,China Henan Key Laboratory of Information Security,Zhengzhou 450001,China |
| |
| Abstract: | Security principles are greatly significant to security analysis of authorization management model,but they are given little attention and are open problems.This paper proposed many security principles for RBAC-based authorization model with the aim at the security of the model.The security properties of RBAC were presented,including simple safety,simple availability,bounded safety,liveness and containment.Based on deep anatomy of security requirement in authorization management,the problems including data consistency,authorization without redundancy,controllable privi-lege diffusing,controllable management privilege delegating,satisfaction of separation of duty and privilege availability were discussed.The proposed security principles include consistency,security and availability principles.Analysis result indicates that the security principles are consistent with the security properties of RBAC,which can support the security requirements of authorization management efficiently and provide criterions for evaluating the security of RBAC-based authorization model. |
| |
| Keywords: | Access control Authorization management Role-base access control Security principles Separation of duty Mutually exclusive |
| 本文献已被 CNKI 万方数据 等数据库收录! |
|
点击此处可从《计算机科学》下载全文 |
|
