作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2010, Vol. 36 ›› Issue (15): 131-133. doi: 10.3969/j.issn.1000-3428.2010.15.046

• 安全技术 • 上一篇    下一篇

基于属性的访问控制策略模型

程相然,陈性元,张 斌,杨 艳   

  1. (解放军信息工程大学电子技术学院,郑州 450004)
  • 出版日期:2010-08-05 发布日期:2010-08-25
  • 作者简介:程相然(1984-),男,硕士研究生,主研方向:访问控制策略,网络安全;陈性元,教授、博士、博士生导师;张 斌,副教授、博士;杨 艳,讲师、硕士
  • 基金资助:
    国家“863”计划基金资助项目(2006AA01Z457, 2009AA 01Z438)

Attribute-Based Access Control Policy Model

CHENG Xiang-ran, CHEN Xing-yuan, ZHANG Bin, YANG Yan   

  1. (Institute of Electric Technology, PLA Information Engineering University, Zhengzhou 450004)
  • Online:2010-08-05 Published:2010-08-25

摘要: 研究属性、属性谓词、属性名值对的抽象与描述,提出一种基于属性的访问控制策略模型,对策略、策略评估进行形式化定义。描述在设置策略合并算法和系统缺省授权下的访问控制判决过程,设计一种改进的策略管理框架并对其进行仿真测试。结果表明,该框架具有较强的可扩展性,能够为实施基于属性的访问控制提供依据。

关键词: 基于属性的访问控制, 策略模型, 策略评估, 策略管理框架

Abstract: Abstraction and description of attribute, attribute predicate and attribute-value pair are studied, and a policy model is proposed for Attribute-Based Access Control(ABAC) with formalization of policy and policy evaluation. Access control decision is described under policy combining algorithm and default authorization, an improved policy framework is devised and tested by simulation. Experimental result shows the framework has high scalability, which provides a basis for implementation of ABAC.

Key words: Attribute-Based Access Control(ABAC), policy model, policy evaluation, policy administration framework

中图分类号: