| 基于互斥角色约束的SSOD策略实现研究 |
| |
| 引用本文: | 王婷,陈性元,张斌,任志宇,王鲁.基于互斥角色约束的SSOD策略实现研究[J].计算机应用,2011,31(7):1884-1886. |
| |
| 作者姓名: | 王婷 陈性元 张斌 任志宇 王鲁 |
| |
| 作者单位: | 信息工程大学 电子技术学院,郑州 450004 |
| |
| 摘 要: | 静态职责分离(SSOD)是保证计算机安全的重要策略。在基于角色的权限控制(RBAC)中直接基于互斥角色约束(2-2 SMER)实现最简单的SSOD策略(2-n SSOD)是困难的。通过对互斥角色的权限分配进行约束,研究并证明了基于2-2 SMER实现2-n SSOD策略的充分条件,此充分条件和现有研究相比具有更弱的约束力,支持更灵活的权限分配。进一步给出了实现2-n SSOD策略的授权管理操作规则,以确保权限的动态管理始终满足此充分条件,维持系统对2-n SSOD策略的满足状态。最后,通过应用实例说明了实现2-n SSOD策略方法的有效性和可行性
|
| 关 键 词: | 静态职责分离 互斥角色约束 授权管理 访问控制 |
| 收稿时间: | 2010-12-20 |
| 修稿时间: | 2011-02-04 |
Static eparation of duty policy base on mutually exclusive role constraints |
| |
| WANG Ting,CHEN Xing-yuan,ZHANG Bin,REN Zhi-yu,WANG Lu.Static eparation of duty policy base on mutually exclusive role constraints[J].journal of Computer Applications,2011,31(7):1884-1886. |
| |
| Authors: | WANG Ting CHEN Xing-yuan ZHANG Bin REN Zhi-yu WANG Lu |
| |
| Affiliation: | Institute of Electronic Technology, Information Engineering University, Zhengzhou Henan 450004, China |
| |
| Abstract: | Static Separation Of Duty (SSOD) is an important principle of information system security. In Role-Based Access Control (RBAC), it is difficult to enforce 2-n SSOD policy directly based on 2-2 Static Mutually Exclusive Role (SMER) constraints. In this paper, the necessary and sufficient conditions of realizing 2-n SSOD policy based on 2-2 SMER constraints were proposed and proved. The sufficient condition proposed was less restrictive than the existing research and allowed more flexible privilege assignment. By the operation rules of authorization management, the sufficient condition was kept and the satisfaction of 2-n SSOD policy during the dynamic change of application environment could be maintained. The application example shows that the method is correct and effective. |
| |
| Keywords: | static separation of duty mutual exclusive roles authorization management access control |
| 本文献已被 CNKI 万方数据 等数据库收录! |
| 点击此处可从《计算机应用》浏览原始摘要信息 |
|
点击此处可从《计算机应用》下载全文 |
|
