(國防科技大學 電子科學與工程學院 湖南省長沙市 410073)
摘要:訪問控制是保證數據安全性的必要條件��。提出了一個基于主體的訪問控制模型����,設計適合數據安全管理系統的權限管理方案�����,將參與者分為主體和客體��,角色作為主體的一個屬性�,角色劃分采用樹形結構����,角色添加與權限繼承更靈活����,通過定義權限管理中的組成要素��,可實現通用權限管理�,適用性廣���。
關鍵詞:數據安全����;權限管理��;訪問控制�;角色樹
Design of Access Control on Data Security Management System
Li Hai-feng��,Feng Chao�,Zhang Quan��,Tang Chao-jing
(School of Electronic Science and Engineering�,National University of Defense Technology��,Changsha Hunan�����,410073)
Abstract: Access control is the necessary conditions to ensure the data security .This paper proposes a access control model based on subject, and presents design plan for rights management of data security system, the participants divide into subject and object, and take the role as an attribute of the subject ,and mapping the roles to a role tree, so it makes the Expanding of roles and and permissions inheritance more flexible, by redefining elements of authority management system, we can achieve an universal rights management system, applicability and widely.
Key words:Data Security�����;Rights Management���;Access Control���;Role Tree
參考文獻 (References)
[1] 李南妮,張璟,李軍懷.一種基于樹型結構的B/S系統權限控制方法[J].計算機應用研究,2005,(10):128-130.
[2] 張立成,王小明.普適計算環境下的動態訪問控制模型[J].計算機應用,2008.28 (8):1931-1935.
[3] 劉儉,張權,解煒,唐朝京.電子文件系統保護設計與實現[J].計算機工程與設計,2010,31(12):2773-2777.
[4] D Ferraio, JCugini, R Kuhn. Role-Based Access Control ( RBAC) :Features and Motivations[ C] . New Orleans, LA: Proceedings of the 11 th Annual Computer Security Application Conference, 1995. 12-14.
[5] Ravi S Sandhu, David Ferraiolo, Richard Kuhn. The NIST Model forRole-based Access Control: Towards an Unified Standard[ J/OL] .ACM, 2000, 47- 63.
[6] Ahn GJ, Arvisandhu. Role-based Authorization Constrains Specification [ J] . ACM Transcations on Information and System Security,2002, ( 3) : 207- 226.
作者簡介:李海鋒(1986-)���,男����,湖北長陽人���,國防科技大學電子科學與工程學院2009級碩士����,主要研究方向為通信網信息安全與對抗���。
