摘要： 针对钥－锁对访问控制方案存在的问题，基于整数二进制表示的唯一性，该文提出了一种新的双钥—锁对访问控制方案。该方案实现简单，有良好的动态特性，从系统删除一个用户(文件)时，不必保留用户(文件)行的任何信息，而直接将之删除，提高了空间利用率。而所有的双钥－锁对访问控制方案都存在严重的溢出问题，且在实现用户对文件的多种访问权限时，均假设权限具有递增关系，这使得访问控制系统不适合对文件进行细粒度保护。该方案实现了用户对文件的多种访问控制权限，并减少了溢出问题的发生。

关键词: 访问控制, 二进制, 双钥－锁对, 时间戳

Abstract: All the two-key-lock-pair access control schemes are threatened by overflow problem. Besides that, under old scheme, user can own several kinds of right on one file only based on the supposition that the access right is increased by degrees.T o overcome the shortcoming of key-lock-pair access control scheme at present, a new two-key-lock-pair access control scheme is proposed, based on the property that integer can be denoted into only one binary digital. With perfect dynamic feature, the new scheme is simply realized. When a user (file) is deleted by system, it is no need to keep any information about the user (file). Thus, the efficiency of space usage is increased. Under new access control scheme, user can own several kinds of access right upon one file, and the possibility of overflow problem is significantly reduced with the new method.

Key words: Access control, Binary, Two-key-lock-pair, Time stamp

中图分类号: 

• TP309