作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2010, Vol. 36 ›› Issue (7): 132-135. doi: 10.3969/j.issn.1000-3428.2010.07.045

• 安全技术 • 上一篇    下一篇

面向分层式资源的基于属性的访问控制方法

陈 凯,郎 波   

  1. (北京航空航天大学软件开发环境国家重点实验室,北京 100191)
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2010-04-05 发布日期:2010-04-05

Attribute Based Access Control Method Oriented to Hierarchical Resource

CHEN Kai, LANG Bo   

  1. (State Key Lab of Software Development Environment, Beihang University, Beijing 100191)
  • Received:1900-01-01 Revised:1900-01-01 Online:2010-04-05 Published:2010-04-05

摘要: 针对Internet上经常使用的分层式资源管理模型,提出一种基于属性的访问控制模型HR_ABAC,采用XACML国际标准作为该模型的策略描述语言,研究实现基于属性的访问控制决策机制。对该决策机制进行测试与分析,结果表明所实现的基于属性的访问控制方法具有有效性和实用性。

关键词: 基于属性的访问控制, 可扩展访问控制标记语言, 策略决策点, 策略管理点

Abstract: This paper presents an Attribute Based Access Control(ABAC) model HR_ABAC for hierarchical resource model which is commonly used in Internet. An access control decision mechanism is proposed and implemented for this model by using eXtensible Access Control Markup Language(XACML). It tests and analyzes this decision mechanism, and result indicates the mechanism is valid and practical.

Key words: Attribute Based Access Control(ABAC), eXtensible Access Control Markup Language(XACML), policy decision point, policy administration point

中图分类号: