基于角色的受限委托模型

微信服务号

微信订阅号

2025年4月6日 14:39 星期日

首页 > 过刊浏览>2005年第16卷第5期 >970-978

基于角色的受限委托模型
DOI:
                        
                    
CSTR:
                        
                    
作者:
                        徐震徐震
中国科学院,软件研究所,信息安全国家重点实验室,北京,100080
在期刊界中查找
在百度中查找
在本站中查找
李斓李斓
中国科学院,软件研究所,信息安全国家重点实验室,北京,100080
在期刊界中查找
在百度中查找
在本站中查找
冯登国冯登国
中国科学院,软件研究所,信息安全国家重点实验室,北京,100080
在期刊界中查找
在百度中查找
在本站中查找

                    
作者单位:
作者简介:
通讯作者:
中图分类号:
基金项目:Supported bythe National Natural Science Foundation of China under Grant Nos.60025205,60273027(国家自然科学基金);the National High-Tech Research and Development Plan of China under Grant No.2004AAl47070(国家高技术研究发展计划(863));the National Grand Fundamental Research 973 Program ofChina under Grant No.G1999035802(国家重点基础研究发展规划(973))

A Constrained Role-Based Delegation Model

Author:

XU Zhen
XU Zhen

在期刊界中查找
在百度中查找
在本站中查找
LI Lan
LI Lan

在期刊界中查找
在百度中查找
在本站中查找
FENG Deng-Guo
FENG Deng-Guo

在期刊界中查找
在百度中查找
在本站中查找

Affiliation:

Fund Project:

摘要

图/表

访问统计

参考文献 [26]

相似文献 [20]

引证文献

资源附件

文章评论

摘要:

角色委托是RBAC模型需要支持的一种重要安全策略.它的主要思想是系统中的主动实体将角色委托给其他主动实体,以便以前者名义执行特定的工作.角色委托者要对委托角色的使用负责,所以对委托角色进行使用限制是整个模型的关键组成部分.目前已有一些模型扩展了RBAC模型以支持角色委托,但是这些模型对委托限制的支持非常有限.提出了角色委托限制的需求,包括临时性限制、常规角色关联性限制、部分性限制和传播限制.并且,给出了一个支持临时性限制和常规角色关联性限制的基于角色的委托模型.给出模型的形式化描述,为模型在实际环境中的应用奠定了基础.

关键词:信息安全;访问控制;委托;限制;委托票据

Abstract:

Delegation is an important security policy that should be supported by RBAC model. The basic idea of delegation is that some active entity in a system delegates authority to another active entity to carry out some functions on behalf of the former. The grantor of the delegated roles should be responsible for the usage of them, so constraints on the usage of the delegated roles are critical components of the whole delegation model. Currently, there’re some models that extend RBAC model to support role delegation. However, their supports for constraints on the usage of delegated roles are very limited. This paper presents the requirements of role-based delegation, including temporary constraints, regular role dependency constraints, partial delegation constraints and propagation constraints. The former two kinds of constraints are modeled with a formal model – CRDM, which provides the foundation for applications in need of the constrained delegation.

Key words:information security;access control;delegation;constraint;delegation ticket

参考文献

[1]Ferriaolo D, Cugini J,Kuhn R. Role-Based access control (RBAC): Features and motivations. In: Proc. of the 11th Annual Computer Security Application Conf. New Orleans: IEEE Computer Society Press, 1995. 241-248. http://csrc.nist.gov/rbac/ferraiolo-cugini-kuhn-95.pdf

[2]Sandhu RS, Coyne EJ, Feinstein HL, Youman CE. Role-Based access control models. IEEE Computer, 1996,29(2):38-47.

[3]Sandhu RS. Rationale for the RBAC96 family of access control models. In: Youman C, Sandhu R, Coyne E, eds. Proc. of the 1 st ACM Workshop on Role-Based Access Control. New York: ACM Press, 1996.

[4]Ferraiolo D, Kuhn R. Role-Based access control. In: Proc. of the 15th National Computer Security Conf. 1992. 554-563. http://csrc.nist.gov/rbac/ferraiolo-kuhn-92.pdf

[5]Zhang LH, Ahn G-J, Chu B-T. A rule-based framework for role-based delegation. In: Sandhu RS, Jaeger T, eds. Proc. of the 6th ACM Symp. on Access Control Models and Technologies. New York: ACM Press, 2001. 153-162.

[6]Barka E, Sandhu R. Framework for role-based delegation models. In: Proc. of the 16th Annual Computer Security Application Conf.IEEE Computer Society Press, 2000. 168-176. http://csdl.computer.org/comp/proceedings/acsac/2000/0859/00/08590168.pdf

[7]Barka E, Sandhu R. A role-based delegation model and some extensions. In: Proc. of the 23rd National Information Systems Security Conf. (NISSC 2000). 2000. http://www.list. gmu.edu/confrnc/nissc/rbdm00.pdf

[8]Zhang XW, Oh S, Sandhu RS. PBDM: A flexible delegation model in RBAC. In: Ferrari E, Ferraiolo D, eds. Proc. of the 8th ACM Symp. on Access Control Models and Technologies. New York: ACM Press, 2003. 149-157.

[9]ANSI INCITS 359-2004. Role Based Access Control. American National Standard for Information Technology, 2004.

[10]Chen F, Sandhu R. Constraints for role-based access control. In: Youman C, Sandhu R, Coyne E, eds. Proc. of the 1st ACM Workshop on Role-Based Access Control. New York: ACM Press, 1996.

[11]Simon RT, Zurko ME. Separation of duty in role-based environments. In: Proc. of the 10th Computer Security Foundations Workshop. Washington, DC: IEEE Computer Society Press, 1997. 183-194. http://csdl.computer.org/comp/proceedings/csfw/1997/7990/00/79900183.pdf

[12]Gligor VD, Gavrila SI, Ferraiolo D. On the formal definition of separation-of-duty policies and their composition. In: Proc. of the1998 IEEE Computer Society Symp. on Research in Security and Privacy. Washington, DC: IEEE Computer Society Press, 1998.172-183.

[13]Jaeger T. On the increasing importance of constraints. In: Proc. of the 4th ACM Workshop on Role-Based Access Control. New York: ACM Press, 1999.33-42. http://portal.acm.org/ft_gateway.cfm?id=319175&type=pdf

[14]Bertino E, Bonatti PA, Ferrari E. TRBAC: A temporal role-based access control model. ACM Trans. on Information and System Security, 2001,4(3): 191-233.

[15]Joshi JBD, Bertino E, Ghafoor A. Temporal hierarchy and inheritance semantics for GTRBAC. In: Proc. of the 7th ACM Symp. on Access Control Models and Technologies. New York: ACM Press, 2002. 74-83. http://shay. ecn.purdue. edu/～dmultlab/Security/sacmat2002.pdf

[16]Joshi JBD, Shafiq B, Ghafoor A, Bertino E. Dependencies and separation of duty constraints in GTRBAC. In: Proc. of the 8th ACM Symp. on Access Control Models and Technologies. New York: ACM Press, 2003. 51-64. http://shay. ecn.purdue.edu/～dmultlab/Security/p313 -joshi.pdf

[17]Ahn GJ, Sandhu R. Role-Based authorization constraints specification. ACM Trans. on Information and System Security, 2000,3(4):207-226.

[18]Dong GY, Qing SH, Liu KL. Role-Based authorization constraint with time character. Journal of Software, 2002,13(8):1521-1527(in Chinese with English abstract). http://www.jos.org.cn/1000-9825/13/1521.pdf

[19]Xu Z, Feng DG, Li L, Chen H. UC-RBAC: A usage constrained role-base access control model. In: Qing SH, Gollmann D, Zhou JY, eds. Proc. of the 5th Int'l Conf. on Information and Communications Security. LNCS 2836, Heidelberg: Springer-Verlag, 2003.337-347.

[20]Gasser M, McDermott E. An architecture for practical delegation in a distributed system. In: Cooper D, Lunt T, eds. Proc. of the1990 IEEE Computer Society Symp. on Research in Security and Privacy. Oakland: IEEE Computer Society Press, 1990. 20-30.

[21]Gladny HM. Access control for large collections. ACM Trans. on Information Systems, 1997,15(2):154-194.

[22]Moffett JD, Sloman MS. The source ofauthority for commercial access control. IEEE Computer, 1988,21(2):59-69.

[23]Nagaratnam N, Lea D. Practical delegation for secure distributed object environments. Distributed Systems Engineering, 1998,5(4):168-178.

[24]Bandmann O, Dam M, Firozabadi BS. Constrained delegation. In: Proc. of thc 23rd Annual IEEE Symp. on Security and Privacy.Oakland: IEEE Computer Society Press, 2002. 131-143. http://csdl.computer.org/comp/proceedings/sp/2002/1543/00/15430131abs.htm

[25]Niezette M, Stevenne J. An efficient symbolic representation of periodic time. In: Finin TW, Nicholas CK, Yesha Y, eds. Proc. of the 1st Int'l Conf. on Information and Knowledge Management. LNCS 752, Springer-Verlag, 1992.附中文参考文献:

[26]董光宇,卿斯汉,刘克龙.带时间特性的角色授权约束.软件学报,2002,13(8):1521-1527.http://www.jos.org.cn/1000-9825/13/1521.pdf

引用本文

徐震,李斓,冯登国.基于角色的受限委托模型.软件学报,2005,16(5):970-978

复制

文章指标

点击次数:4813
下载次数: 5998
HTML阅读次数: 0
引用次数: 0

历史

收稿日期:2003-11-20
最后修改日期:2004-08-10
录用日期:
在线发布日期:
出版日期:

微信服务号

微信订阅号

引用本文

分享

文章指标

历史

文章二维码

微信服务号

微信订阅号

引用本文

分享

微信扫一扫：分享

文章指标

历史

文章二维码