计算机工程与应用 ›› 2007, Vol. 43 ›› Issue (5): 146-149.

• 网络、通信与安全 • 上一篇    下一篇

基于代理属性证书的分布式RBAC系统

胡坤华 粟栗   

  1. 湖北民族学院计算机系 华中科技大学
  • 收稿日期:2006-03-16 修回日期:1900-01-01 出版日期:2007-02-11 发布日期:2007-02-11
  • 通讯作者: 粟栗

Distributed RBAC system based on proxy attribute certificates

  • Received:2006-03-16 Revised:1900-01-01 Online:2007-02-11 Published:2007-02-11

摘要: 采用属性证书的方式可对分布式RBAC系统中的用户进行有效的管理,并通过证书中的签名确保证书的有效性.但全部工作都由系统管理员完成,管理员的负担重,在大型分布式的应用中存在瓶颈.设计基于可跟踪代理签名的证书及其代理发布,不仅有效的分散了管理员的任务,而且管理员和代理者不能滥用权力,攻击者也不能伪造证书和冒充用户,解决了管理员签发证书的效率问题,提高了RBAC系统的效率和安全性.

关键词: 分布式系统, RBAC, 代理签名, 证书

Abstract: Using attribute certificates can manage users of RBAC models in distributed system efficiently, the signature in certificate guarantees the validity of the certificate. While the entire work of validating and publishing certificates done by system manager, the task is heavy, so bring out bottleneck in large distributed application. Designed a certificate structure and its proxy publishing based on traceable proxy signature, not merely scattered the task of manager, publisher and proxy signatures can’t abuse their power, attackers can not forgery and imitation. In this way, solved the problem of manager’s efficiency, and improved the efficiency and security of RBAC system as well.

Key words: distributed system, RBAC, proxy signature, certificate