作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2018, Vol. 44 ›› Issue (10): 190-195,203. doi: 10.19678/j.issn.1000-3428.0048793

• 人工智能及识别技术 • 上一篇    下一篇

一种满足静态职责分离约束的角色划分方法

王静宇,董景楠,谭跃生   

  1. 内蒙古科技大学 信息工程学院,内蒙古 包头 014010
  • 收稿日期:2017-09-25 出版日期:2018-10-15 发布日期:2018-10-15
  • 作者简介:王静宇(1976—),男,副教授、博士,主研方向为云计算、数据挖掘;董景楠,硕士;谭跃生,教授。
  • 基金资助:
    国家自然科学基金(61462069,61662056);内蒙古自然科学基金(2016MS0608,2016MS0609)。

A Role Division Method Constrained by Static Separation of Duty

WANG Jingyu,DONG Jingnan,TAN Yuesheng   

  1. School of Information Engineering,Inner Mongolia University of Science and Technology,Baotou,Inner Mongolia 014010,China
  • Received:2017-09-25 Online:2018-10-15 Published:2018-10-15

摘要: 现有自顶向下的角色工程忽略企业对敏感任务的要求,产生的角色集安全性低。为提高角色定义的安全性,提出一种满足静态职责分离约束的用户角色分配方法。从静态互斥角色约束集出发,利用贪婪算法产生互斥角色对并将其映射为稀疏图。使用韦尔奇·鲍威尔着色法将相邻顶点染为不同的颜色,生成的着色数近似等于最小用户数。根据角色被染颜色进行角色划分,被划分为同一组的角色只能指派给同一个用户。实验结果表明,该方法执行效率快、安全性高,可有效节省存储空间。

关键词: 静态职责分离, 静态互斥角色约束, 角色划分, 最小用户数, 着色数

Abstract: The existing top-down role of the project ignores the requirements of the enterprise for sensitive tasks,resulting in a low set of security.In order to improve the security of role division,a user role assignment method constrained by static separation of duty is proposed.Based on the static mutex exclusive role constraint set,the greedy algorithm is used to generate mutex role pairs and map them to sparse graphs.By using Welch Powell coloring method,adjacent vertices are dyed into different colors,and the number of coloring is approximately equal to the minimum number of users.Roles are divided according to their colors,and roles assigned to the same group can only be assigned to the same user.Experimental results show that this method is efficient,secure and it can save storage space effectively.

Key words: static separation of duty, Static Mutual Exclusive Role(SMER) constraint, role division, minimum number of users, chromatic number

中图分类号: