摘要: 针对T-RBAC在权限控制及职责分离上存在的不足,提出一种改进模型。新模型简化T-RBAC模型的任务分类,为任务加入任务上下文及任务状态属性,使权限的授予与任务上下文、任务状态紧密联系,增强对权限的动态管理。利用私有角色解决互斥权限在继承过程中可能产生的权限共享问题。使用历史记录保证任务执行过程中的动态职责分离。该模型提供了更细粒度的权限管理,能更好地满足职责分离和最小特权原则。
关键词:
任务上下文,
任务状态,
权限动态管理,
职责分离,
互斥权限共享
Abstract: Because of the shortcoming of permission control and separation of duties in T-RBAC, an improved model is proposed. New model simplifies the task classification of T-RBAC, adds context and state property to task, and builds a close relationship between permissions granting and the task context and state property, which enhances the dynamic management of permissions. It also solves the problem of mutually exclusive rights possessed by one role while inherited in roles hierarchy using private roles, and ensures the dynamic separation of duties by checking the history of task performance. New model provides a better permissions management, and better meets the separation of duties and least privilege principles.
Key words:
task context,
task state,
dynamic management of permission,
separation of duties,
mutually rights sharing
中图分类号:
冯俊, 王箭. 一种基于T-RBAC的访问控制改进模型[J]. 计算机工程, 2012, 38(16): 138-141.
FENG Dun, WANG Jian. Improved Access Control Model Based on T-RBAC[J]. Computer Engineering, 2012, 38(16): 138-141.