###
DOI:
Journal of Software:2000.11(6):779-784

扩充角色层次关系模型及其应用
钟华,冯玉琳,姜洪安
(中国科学院软件研究所对象技术中心,北京,100080;中国科学院软件研究所计算机科学开放研究实验室,北京,100080;中国石油化工集团公司信息中心,北京,100029)
A Role Hierarchy Model for Role-Based Access Control and Its Application
ZHONG Hua,FENG Yu-lin,JIANG Hong-an
()
Abstract
Chart / table
Reference
Similar Articles
Article :Browse 3170   Download 2837
Received:March 16, 1999    Revised:June 07, 1999
> 中文摘要: 基于网络的大规模软件应用系统面临着日益复杂的数据资源安全管理的难题.基于角色的访问控制方法(role-based access control,简称RBAC)实现用户与访问权限的逻辑分离和构造角色之间的层次关系,从而方便了数据的安全管理.该文在RBAC96模型的基础上,对角色之间的层次关系进行了扩充,定义了角色的公共权限和私有权限,引入了一般继承和扩展继承机制,形成了一个能描述复杂层次关系的角色访问控制模型EHRBAC(extended hierarchy role-based access contro
Abstract:One of the most challenging problems in managing large computer software systems on global network is the complexity of security administration. The RBAC (role-based access control) method shows powerful capability on access control by realizing logical separation between users and permissions and constructing role hierarchies. This paper presents a role hierarchy model EHRBAC (extended hierarchy role-based access control) based on RBAC96, which defines common permissions and private permissions and imports normal inheritance and extended inheritance. Based on EHRBAC, the authors realize the security administration for the Petrochemical Market Information System. The EHRBAC model can specify the complex inheritance of roles and simplify their relation hierarchies. It minimizes the role access permissions by the separation of private permissions from common permissions.
文章编号:     中图分类号:    文献标志码:
基金项目:本文研究得到国家“九五”重点科技攻关项目基金(No.97-567)、国家863高科技项目基金(No.863-306-ZD02-01)和国爱自然科学基金(No.69833030)资助。 本文研究得到国家“九五”重点科技攻关项目基金(No.97-567)、国家863高科技项目基金(No.863-306-ZD02-01)和国爱自然科学基金(No.69833030)资助。
Foundation items:
Reference text:

钟华,冯玉琳,姜洪安.扩充角色层次关系模型及其应用.软件学报,2000,11(6):779-784

ZHONG Hua,FENG Yu-lin,JIANG Hong-an.A Role Hierarchy Model for Role-Based Access Control and Its Application.Journal of Software,2000,11(6):779-784