Computer Engineering and Applications ›› 2008, Vol. 44 ›› Issue (36): 244-248.DOI: 10.3778/j.issn.1002-8331.2008.36.071

• 工程与应用 • Previous Articles    

Role-based constrained delegation model and constraints specification

SUN Wei1,WU Chang-an1,WANG Rui-min2   

  1. 1.College of Computer & Information Technology,Xinyang Normal University,Xinyang,Henan 464000,China
    2.School of Information & Engineering,Zhengzhou University,Zhengzhou 450001,China
  • Received:2007-12-19 Revised:2008-03-17 Online:2008-12-21 Published:2008-12-21
  • Contact: SUN Wei

角色转授权模型中授权冲突问题的解决方案

孙 伟1,邬长安1,王瑞民2   

  1. 1.信阳师范学院 计算机与信息技术学院,河南 信阳 464000
    2.郑州大学 信息工程学院,郑州 450001
  • 通讯作者: 孙 伟

PDF

Abstract: Existing user to user role-based delegation models did not solve the problem of delegation conflicts.This paper describes role-based delegation module of RBAC,its properties,constraint rules and supposes a Role-based Constrained Delegation Model(RCDM),its structure and function in the practice,which satisfies the least privilege and separation of duty principles.This paper also presents the delegation constraints specification language RDCL based on RCDM.RCDL is proved equivalent to RFOPL by reduction algorithm and construction algorithm,and the soundness and completeness of RDCL is discussed.Finally,expressions of RCDM are described by RDCL,and the problem of delegation conflicts is solved efficiently.

Key words: Role-Based Access Control(RBAC), delegation conflicts, constrained rules, Role-based Delegation Constraints Specification Language(RDCL), Restricted First-Order Predicate Logic(RFOPL)

摘要: 针对现有用户-用户的角色转授权模型存在授权冲突问题,基于转授权的组件、相关性质以及约束规则,提出了一种约束转授权模型,该模型满足最小特权和职责分离两安全原则,给出了该模型的体系架构和功能描述;以此模型为背景介绍了一种约束描述语言及其形式化语义描述;通过规约算法和构造算法论证了它与严格形式上的一阶谓词逻辑是等价的,并对该约束语言的合理性和完整性进行了讨论;最后用该约束语言给出了模型的表现能力,较好的解决了转授权冲突问题。

关键词: 基于角色的访问控制, 转授权冲突, 约束规则, 约束描述语言, 一阶谓词逻辑

京ICP备13024262号-1
Copyright © Computer Engineering and Applications
Powered by Beijing Magtech Co., Ltd.
Total visitors:
Visitors of today:
Now online: