计算机工程与应用 ›› 2014, Vol. 50 ›› Issue (13): 77-81.

• 网络、通信、安全 • 上一篇    下一篇

一种基于权限的使用控制委托模型

叶春晓1,余一丰1,余龙龙2   

  1. 1.重庆大学 计算机学院,重庆 400044
    2.西南财经大学 经济信息工程学院,成都 611130
  • 出版日期:2014-07-01 发布日期:2015-05-12

Permission-based delegation model for Usage Control

YE Chunxiao1, YU Yifeng1, YU Longlong2   

  1. 1.College of Computer Science, Chongqing University, Chongqing 400044, China
    2.College of Economics and Information Engineering, Southwestern University of Finance and Economics, Chengdu 611130, China
  • Online:2014-07-01 Published:2015-05-12

摘要: 使用控制(Usage Control)作为下一代访问控制模型,综合并扩展了传统访问控制模型,提出了属性可变性和决策连续性的概念,能为现代开放性网络环境下的数字资源提供丰富的细粒度的访问控制保护。权限委托是访问控制系统的组成部分,是实现角色备份、权力分散和协同工作的重要途径。针对UCON的委托需求和已有研究成果的不足,提出了一种基于权限的委托模型,利用委托授权、委托职责和委托条件三个委托决策因素控制和约束委托过程。给出了模型的形式化定义,利用一个定义的最小断言集合实现了权限的委托和撤销过程。该模型延续了UCON的可变性和连续性特点,是一种易操作的权限委托机制,能够方便实现UCON系统用户间使用权限的相互委托。

关键词: 使用控制, 访问控制, 权限, 委托

Abstract: As the next generation of access control model, Usage Control integrates and extends the traditional access control models with distinguishing properties of decision continuity and attribute mutability, providing a wide range and fine-grain access control protection for digital resources under modern open network environment. Right delegation is a part of the access control system, it’s an important way to realize role backup, decentralization of authority and collaborative work. Considering the demand of delegation for UCON and the shortage of research results, this paper proposes a permission-based delegation model for UCON, controlling and constraining the delegation process with authorizations, obligations and conditions decision factors. A formalized definition has been given, permission delegation and revocation are realized by using a defined minimum assertion collection. This model extends the continuity and mutability characteristics of UCON, it’s easy to use mechanism for rights delegation, can facilitate rights delegation between users in a UCON system.

Key words: Usage Control, Access Control, right, delegation