细粒度的基于信任度的可控委托授权模型

微信服务号

微信订阅号

2025年4月4日 23:54 星期五

首页 > 过刊浏览>2007年第18卷第8期 >2002-2015

细粒度的基于信任度的可控委托授权模型
DOI:
                        
                    
CSTR:
                        
                    
作者:
                        翟征德翟征德
中国科学院,软件研究所,信息安全国家重点实验室,北京,100080
在期刊界中查找
在百度中查找
在本站中查找
冯登国冯登国
中国科学院,软件研究所,信息安全国家重点实验室,北京,100080
在期刊界中查找
在百度中查找
在本站中查找
徐震徐震
中国科学院,软件研究所,信息安全国家重点实验室,北京,100080
在期刊界中查找
在百度中查找
在本站中查找

                    
作者单位:
作者简介:
通讯作者:
中图分类号:
基金项目:Supported by the National Natural Science Foundation of China under Grant No.60603017 (国家自然科学基金); the National High-Tech Research and Development Plan of China under Grant No.2006AA01Z454 (国家高技术研究发展计划(863)); the National Key Technology R&D Program of China under Grant No.2006BAH02A02 (国家科技支撑计划)

Fine-Grained Controllable Delegation Authorization Model Based on Trustworthiness

Author:

ZHAI Zheng-De
ZHAI Zheng-De

在期刊界中查找
在百度中查找
在本站中查找
FENG Deng-Guo
FENG Deng-Guo

在期刊界中查找
在百度中查找
在本站中查找
XU Zhen
XU Zhen

在期刊界中查找
在百度中查找
在本站中查找

Affiliation:

Fund Project:

摘要

图/表

访问统计

参考文献 [18]

相似文献 [20]

引证文献

资源附件

文章评论

摘要:

综合基于角色的访问控制和信任管理各自的优势,提出了一个适用于开放式环境的细粒度可控委托授权模型--FCDAM(fine-grained controllable delegation authorization model),基于信任度实现了对角色中具有不同敏感度的权限传播控制.提出了为本地策略中的权限分配信任度阈值的方法,为RT₀添加了信任度支持,给出了在这种扩展后的信任管理系统中计算实体信任度的算法,并结合具体实例对模型的使用进行了说明.

关键词:委托;信任度;权限传播;信任管理;授权模型

Abstract:

A fine-grained controllable delegation authorization model (FCDAM) suitable for open environments is presented. It integrates the merits of both RBAC (role based access control) and role-based trust management and can effectively control the propagation of permissions of different sensitivity levels in roles. An approach for assigning trustworthiness thresholds to permissions in local access control policy is discussed. The RT₀ framework is extended to support trustworthiness and the algorithm of calculating the values of trustworthiness of entities in the extended framework is proposed. The usage of the FCDAM model is illustrated through a typical example.

Key words:delegation;trustworthiness;propagation of permission;trust management;authorization model

参考文献

[1]Sandhu RS,Coyne EJ,Feinstein HL,Youman CE.Role-Based access control models.IEEE Computer,1996,29(2):38-47.

[2]ANSI INCITS 359-2004.Role based access control.American National Standard for Information Technology,2004.

[3]Ferraiolo DF,Cugini J,Kuhn DR.Role-Based access control (RBAC):Features and motivations.In:Proc.of the 11th Annual Computer Security Application Conf.New Orleans:IEEE Computer Society Press,1995.241-248.

[4]Joshi JBD,Bertino E,Latif U,Ghafoor A.A generalized temporal role based access control model.IEEE Trans.on Knowledge and Data Engineering,2005,17(1):4-23.

[5]Li NH,Winsborough WH,Mitchell JC.Distributed credential chain discovery in trust management (full version).In:Proc.of the 8th ACM Conf.on Computer and Communications Security.New York:ACM Press,2001.156-165.http://crypto.stanford.edu/ ～ninghui/papers/disc.pdf

[6]Li NH,Mitchell JC,Winsborough WH.Design of a role-based trust management framework.In:Heather H,ed.Proc.of the IEEE Symp.on Security and Privacy.Washington:IEEE Computer Society Press,2002.114-130.

[7]Wainer J,Kumar A.A fine-grained,controllable user-to-user delegation method in RBAC.In:Proc.of the 10th ACM Symp.on Access Control Models and Technologies.New York:ACM Press,2005.59-66.

[8]Bandmann O,Dam M,Firozabadi BS.Constrained delegation.In:Proc.of the 23rd Annual IEEE Symp.on Security and Privacy.Oakland:IEEE Computer Society Press,2002.131-143.

[9]Zhang LH,Ahn GJ,Chu BT.A rule-based framework for role-based delegation.In:Sandhu RS,Jaeger T,eds.Proc.of the 6th ACM Symp.on Access Control Models and Technologies.New York:ACM Press,2001.153-162.

[10]Blaze M,Feigenbaum J,Lacy J.Decentralized trust management.In:Proc.of the '96 IEEE Symp.on Security and Privacy.Washington:IEEE Computer Society Press,1996.164-173.http://citeseer.ist.psu.edu/blaze96decentralized.html

[11]Blaze M,Feigenbaum J,Ioannidis J,Keromytis A.The KeyNote trust-management system version 2.IETF RFC 2704,1999.

[12]Becker MY,Sewell P.Cassandra:Distributed access control policies with tunable expressiveness.In:Proc.of the 5th IEEE Int'l Workshop on Policies for Distributed Systems and Networks (POLICY 2004).Los Alamitos:IEEE Computer Society Press,2004.159-168.

[13]Li NH,Grosof BN,Feigenbaum J.Delegation logic:A logic-based approach to distributed authorization.ACM Trans.on Information and System Security (TISSEC),2003,6(1):128-171.

[14]Hong F,Zhu X,Wang SB.Delegation depth control in trust-management system.In:Proc.of the 19th Int'l Conf.on Advanced Information Networking and Applications (AINA 2005).Washington:IEEE Computer Society,2005.411-414.

[15]Liao JG,Hong F,Zhu GM,Yang QW.Trustworthiness-Based authorization delegation model.Chinese Journal of Computers,2006,29(8):1265-1270 (in Chinese with English abstract).

[16]Chakraborty S,Ray I.TrustBAC-Integrating trust relationships into the RBAC model for access control in open systems.In:Proc.of the 11th ACM Symp.on Access Control Models And Technologies.New York:ACM Press,2006.49-58.

[17]Organization for Advancement of Structured Information Standard (OASIS).Core and hierarchical role based access control (RBAC) profile of XACML v2.0.2005.

[15]廖俊国,洪帆,朱更明,杨秋伟.基于信任度的授权委托模型.计算机学报,2006,29(8):1265-1270.

引用本文

翟征德,冯登国,徐震.细粒度的基于信任度的可控委托授权模型.软件学报,2007,18(8):2002-2015

复制

文章指标

点击次数:7987
下载次数: 8739
HTML阅读次数: 0
引用次数: 0

历史

收稿日期:2007-02-26
最后修改日期:2007-05-31
录用日期:
在线发布日期:
出版日期:

微信服务号

微信订阅号

引用本文

分享

文章指标

历史

文章二维码

微信服务号

微信订阅号

引用本文

分享

微信扫一扫：分享

文章指标

历史

文章二维码