北京交通大学学报
北京交通大學學報
북경교통대학학보
JOURNAL OF NORTHERN JIAOTONG UNIVERSITY
2010年
2期
95-100
,共6页
唐为民%彭双和%韩臻%沈昌祥
唐為民%彭雙和%韓臻%瀋昌祥
당위민%팽쌍화%한진%침창상
访问控制%BLP模型%BIBA模型%RBAC模型%重要信息系统
訪問控製%BLP模型%BIBA模型%RBAC模型%重要信息繫統
방문공제%BLP모형%BIBA모형%RBAC모형%중요신식계통
access control%bell-la padula(BLP) model%BIBA model%role-based access control(RBAC) model%important information system
提出了RBMAC模型,将BLP、BIBA和RBAC融合.RBMAC模型以组织机构的层次化结构描述信息类别和用户角色,以文件处理过程的关键节点描述完整性级别,引入可信主体、任务、角色扮演者和角色聘请的概念,满足重要信息系统的访问控制需求.文中给出了RBMAC模型的形式化描述和安全性定理,提出了模型预定义、任务分配、角色聘请和安全级别匹配4个阶段的操作模式.模型以可信主体调整文件保密级别、完整性级别和信息类别,与重要信息系统的管理运行模式一致,经实际系统试验证明,具有较高的实用性.
提齣瞭RBMAC模型,將BLP、BIBA和RBAC融閤.RBMAC模型以組織機構的層次化結構描述信息類彆和用戶角色,以文件處理過程的關鍵節點描述完整性級彆,引入可信主體、任務、角色扮縯者和角色聘請的概唸,滿足重要信息繫統的訪問控製需求.文中給齣瞭RBMAC模型的形式化描述和安全性定理,提齣瞭模型預定義、任務分配、角色聘請和安全級彆匹配4箇階段的操作模式.模型以可信主體調整文件保密級彆、完整性級彆和信息類彆,與重要信息繫統的管理運行模式一緻,經實際繫統試驗證明,具有較高的實用性.
제출료RBMAC모형,장BLP、BIBA화RBAC융합.RBMAC모형이조직궤구적층차화결구묘술신식유별화용호각색,이문건처리과정적관건절점묘술완정성급별,인입가신주체、임무、각색분연자화각색빙청적개념,만족중요신식계통적방문공제수구.문중급출료RBMAC모형적형식화묘술화안전성정리,제출료모형예정의、임무분배、각색빙청화안전급별필배4개계단적조작모식.모형이가신주체조정문건보밀급별、완정성급별화신식유별,여중요신식계통적관리운행모식일치,경실제계통시험증명,구유교고적실용성.
A new Role-based Mandatory Access Control (RBMAC) model which combine BLP, BIBA and RBAC models is proposed. The model describes hierarchical organization structure as information categories and user's roles, define most critical links of file treatment as integral classification and clearance. We also apply some concepts as trusted subject, task, invite role and actor in order to satisfy access control request from important information systems. The formal definition, theorem systems and operation rules of RBMAC model are illustrated in this paper. Trusted subject is responsible for change confidential classification and integral classification and categories in RBMAC model, whose methodology is same as actual works. The experiment shows that RBMAC model is flexible and efficient.