A Role Hierarchy Model for Role-Based Access Control and Its Application
Author:
Affiliation:
Fund Project:
摘要
|
图/表
|
访问统计
|
参考文献
|
相似文献
|
引证文献
|
资源附件
|
文章评论
摘要:
基于网络的大规模软件应用系统面临着日益复杂的数据资源安全管理的难题.基于角色的访问控制方法(role-based access control,简称RBAC)实现用户与访问权限的逻辑分离和构造角色之间的层次关系,从而方便了数据的安全管理.该文在RBAC96模型的基础上,对角色之间的层次关系进行了扩充,定义了角色的公共权限和私有权限,引入了一般继承和扩展继承机制,形成了一个能描述复杂层次关系的角色访问控制模型EHRBAC(extended hierarchy role-based access contro
Abstract:
One of the most challenging problems in managing large computer software systems on global network is the complexity of security administration. The RBAC (role-based access control) method shows powerful capability on access control by realizing logical separation between users and permissions and constructing role hierarchies. This paper presents a role hierarchy model EHRBAC (extended hierarchy role-based access control) based on RBAC96, which defines common permissions and private permissions and imports normal inheritance and extended inheritance. Based on EHRBAC, the authors realize the security administration for the Petrochemical Market Information System. The EHRBAC model can specify the complex inheritance of roles and simplify their relation hierarchies. It minimizes the role access permissions by the separation of private permissions from common permissions.