Abstract: The paper establishes a user behaviour trust and Role-Based Access Control（RBAC） model，which introduces the attribute concept and adds the user behaviour trust degree set on the basis of RBAC model.The detailed description and the authorization flow are given in the article.At last the model is analyzed from the dynamic performance and trust mechanism and role numbers and work performance.The new access control achieves the dynamic authorization by the dynamic assignment of role attributes and achieves the connection identity trust with behavior trust by setting the trust degree as an obligatory attribute，which changes the static authorization only based the identity of existing access control models.The model can reduce the role number by setting the attributes for the role，which can lighten the role management burden caused by the large number roles and improve the performance at the same time.

摘要： 在基于角色的访问控制（RBAC）模型基础上，引入了属性的概念，增加了用户行为信任级别集合，建立了一种基于用户行为信任评估的动态角色访问控制（UT-DRBAC）模型。对新的模型进行了详细的形式化描述并讨论了模型的授权流程，最后从动态性、信任机制、角色数量和性能方面对模型的优越性进行了分析。新的访问控制模型通过角色属性的动态指派实现了模型授权的动态性，通过把用户信任级别作为一个必需的角色属性实现了基于身份信任和行为信任相结合的访问控制，改变了现有访问控制模型单一基于身份信任的静态授权机制；通过设置角色属性减少角色数量，从而缓解了因角色过多而带来的角色管理问题，同时提高了性能。