Abstract: To satisfy the demand of access control in multi-domain systems, a developed RBAC model——Domain Role and Type-Based Access Control(DRTBAC) model is proposed. Concepts of domain, type, role association, etc. are introduced, mechanism of setting permissions flexibly is appended, and essential security principles penetrate roles partition, assignment and association. The problem that access control supports multi-domain systems is resolved, permission management is simplified, and access controls complying security principles are realized.

Key words: RBAC model, domain, type, Domain Role and Type-Based Access Control(DRTBAC) model, role association

摘要： 为了满足多域系统的访问控制需求，提出RBAC的扩展模型——DRTBAC模型。模型中引入域、型、角色关联等概念，增加了权限的灵活设置机制，并将基本安全原则融入到模型的角色划分、指派与关联中。解决RBAC对多域系统的支持问题，方便权限的管理，实现遵循安全原则的访问控制。

关键词: RBAC模型, 域, 型, DRTBAC模型, 角色关联

CLC Number: 

• N945.12