计算机工程与应用 ›› 2011, Vol. 47 ›› Issue (6): 93-98.

• 网络、通信、安全 • 上一篇    下一篇

带周期时间特性的自主访问控制委托树模型

石伟丞1,谭 良1,2,周明天3   

  1. 1.四川师范大学 计算机学院,成都 610066
    2.中国科学院 计算技术研究所,北京 100080
    3.电子科技大学 计算机科学与工程学院,成都 610054
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2011-02-21 发布日期:2011-02-21

Delegation tree model for DAC with character of periodicity constraints

SHI Weicheng1,TAN Liang1,2,ZHOU Mingtian3   

  1. 1.College of Computer,Sichuan Normal University,Chengdu 610066,China
    2.Institute of Computing Technology,Chinese Academy of Sciences,Beijing 100080,China
    3.School of Computer Science & Engineering,University of Electronic Science & Technology of China,Chengdu 610054,China
  • Received:1900-01-01 Revised:1900-01-01 Online:2011-02-21 Published:2011-02-21

摘要: 传统自主访问控制(DAC)不具有时间敏感性,也不支持权限委托策略,这使得DAC很难满足对时间敏感的需求,而且对授出权限使用的不可控也可能造成权限滥用而带来安全隐患。提出了带周期时间特性的自主访问控制委托树模型(PDACDTM)。PDACDTM不仅在DAC中引入了周期时间、访问持续时间、访问次数和时序依赖来限制主体对客体的访问,而且在权限委托方面提出了委托树模型。该委托树模型通过委托深度和委托广度来限制委托权限的传播,同时还支持复合权限委托。PDACDTM以树形结构刻画了委托权限的传播,使得委托关系的处理更为明确、完备,也更加灵活且易维护。

关键词: 自主访问控制, 周期限制, 委托树

Abstract: Traditional Discretionary Access Control(DAC) is not time-sensitive and doesn’t support the policy of permission delegation yet,which makes DAC difficult to meet the demand of time-sensitivity,and the using of granted permission with out control would bring risk by permission abuse.Therefore,a delegation tree model for DAC with periodicity constraints and time characters(PDACDTM) is proposed in this paper.PDACDTM not only introduces periodic time,durative access time,visits and timing-dependent to restrict subject’s accessing to object,but also puts forward a delegation tree model in permission delegation.The delegation tree model restricts the propagation of permission by depth and width,in addition it supports the delegation of complex permissions.PDACDTM uses the structure tree to depict the spread of delegation permissions,it makes the relationship of delegation clearer,more comprehensive,more flexible and easier to be maintained.

Key words: discretionary access control, periodicity constraints, delegation tree