作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2011, Vol. 37 ›› Issue (24): 129-131. doi: 10.3969/j.issn.1000-3428.2011.24.043

• 安全技术 • 上一篇    下一篇

基于多维度量和上下文的访问控制模型

刘 飞,常朝稳   

  1. (信息工程大学电子技术学院,郑州 450004)
  • 收稿日期:2011-06-28 出版日期:2011-12-20 发布日期:2011-12-20
  • 作者简介:刘 飞(1984-),男,硕士研究生,主研方向:网络与信息安全;常朝稳,教授、博士
  • 基金资助:

    国家“863”计划基金资助项目(2007AA01Z479)

Access Control Model Based on Multidimensional Measurement and Context

LIU Fei, CHANG Chao-wen   

  1. (Institute of Electronic Technology, Information Engineering University, Zhengzhou 450004, China)
  • Received:2011-06-28 Online:2011-12-20 Published:2011-12-20

摘要: 在分布式系统中,用户身份难以确定、接入平台复杂,且网络环境动态多变,传统的基于角色或身份的访问控制模型已无法满足用户需求。为此,结合基于角色访问控制(RBAC)和信任管理(TM)的特点,在RBAC的基础上,引入信任与上下文的概念,对用户身份、接入平台及用户行为进行多维度量,根据网络环境和用户状态的动态多变性,提出一种基于多维度量和上下文的访问控制模型(MCBAC),该模型主要依据用户的身份信息和可信度分配角色,通过上下文约束,实现动态角色授权控制,具有较高的安全性及较好的灵活性。

关键词: 多维度量, 信任度, 上下文, 平台安全, 访问控制

Abstract: In distributed systems, the user’s identity is uncertain, the access platform is complex, and the network environment is changeable. The traditional simplex access control model such as role-based or identity-based access control model can not well meet the requirements. It combines the advantage of Role-based Access Control(RBAC) and Trust Management(TM), extends the traditional RBAC model with the notion of trust and context, performs a multidimensional measurement on user’s identity, access platform and user’s behavior, considering the security of user’s platform and the dynamic uncertainty of the network environment, promotes a new access control model called MCBAC. It is according to user’s identity information and trust degree assign roles. It realizes dynamic role authorization control. It has good security and flexibility.

Key words: multidimensional measurement, trust degree, context, platform security, access control

中图分类号: