摘要： 随着信息系统复杂性不断增强，许多大型应用系统都具有动态性，但是传统的访问控制机制不能提供动态权限分配。该文提出一个实现动态安全策略的访问控制模型，在RBAC模型基础上通过代理动态地决定访问权限，代理根据抽象角色定义和上下文信息规则，通过推导模块得到用户的实际角色，阐述模型的组成并将它应用于一个项目管理系统中。结果表明，该模型比传统的访问控制模型更加高效、安全。

关键词: 访问控制, 安全模型, 抽象角色, 代理

Abstract: With the development of information system, most practical applications have dynamic attributes, but conventional access control mechanisms have not addressed the problem efficiently. This paper discusses how to realize an access control system that enables to manage dynamic security policies. The proposed method is based on Role-based Access Control (RBAC), and the agent decides access rights dynamically for the abstract role, according to the definitions of the abstract roles, context information and rules, agent acquire actual role by inference module, demonstrate the structure of the model and usefulness of the proposed system by presenting the project management application and its access control system. Experimental results verify that the model is more efficient and securer than traditional access control model.

Key words: access control, security model, abstract role, agent

中图分类号: 

• TP309