计算机应用研究
計算機應用研究
계산궤응용연구
APPLICATION RESEARCH OF COMPUTERS
2010年
4期
1511-1513
,共3页
杨天怡%董红林%黄勤%刘益良
楊天怡%董紅林%黃勤%劉益良
양천이%동홍림%황근%류익량
职责分离%访问控制%最小权限%动态授权
職責分離%訪問控製%最小權限%動態授權
직책분리%방문공제%최소권한%동태수권
separation of duty%access control%least privilege%dynamic authorization
为实现职责分离和最小权限约束,在传统基于角色和任务访问控制模型的基础上,提出一种应用角色和任务访问控制的工作流动态授权模型.该模型主要包含:①引入了工作流上下文信息来加强职责分离约束;②把权限最小化到任务状态层次;③根据工作流的变化和执行任务所处的状态进行动态地授权.最后以驾驶员培训系统为例,说明了该模型怎样动态实现最小权限约束、职责分离和动态授权,以此说明该模型能够满足工作流动态变化频繁的复杂系统访问控制的需要.
為實現職責分離和最小權限約束,在傳統基于角色和任務訪問控製模型的基礎上,提齣一種應用角色和任務訪問控製的工作流動態授權模型.該模型主要包含:①引入瞭工作流上下文信息來加彊職責分離約束;②把權限最小化到任務狀態層次;③根據工作流的變化和執行任務所處的狀態進行動態地授權.最後以駕駛員培訓繫統為例,說明瞭該模型怎樣動態實現最小權限約束、職責分離和動態授權,以此說明該模型能夠滿足工作流動態變化頻繁的複雜繫統訪問控製的需要.
위실현직책분리화최소권한약속,재전통기우각색화임무방문공제모형적기출상,제출일충응용각색화임무방문공제적공작류동태수권모형.해모형주요포함:①인입료공작류상하문신식래가강직책분리약속;②파권한최소화도임무상태층차;③근거공작류적변화화집행임무소처적상태진행동태지수권.최후이가사원배훈계통위례,설명료해모형즘양동태실현최소권한약속、직책분리화동태수권,이차설명해모형능구만족공작류동태변화빈번적복잡계통방문공제적수요.
According to the traditional research on task-role-based access control model, the paper proposed a workflow dynamic authorization model with task-role-based access control to achieve the separation of duties and least privilege. The model main contain:①strengthening separation of duties by introducing the context information of workflow;②achieving the least privilege to task-status level;③performing dynamic authorization according to the changes of workflow and the status of task. Finally, gave an example of driver training management system to indicate how to implement the least privilege, separation of duty and dynamic authorization in the model, which could satisfy the requirements of frequent changes of workflow in the complex access control system.
