计算机工程与应用
計算機工程與應用
계산궤공정여응용
COMPUTER ENGINEERING AND APPLICATIONS
2015年
15期
86-91,128
,共7页
安全审计%访问控制%委托%授权
安全審計%訪問控製%委託%授權
안전심계%방문공제%위탁%수권
security audit%access control%delegation%authorization
针对访问控制中委托在安全性和功能性上的不足,通过对比分析RBAC委托模型的特点,结合安全审计概念提出了具有安全审计功能的RBAC委托模型,并给出了形式化的定义和描述。该模型定义了委托的限制条件和传递约束来体现委托的特性,利用审计记录集合实现了委托、撤销和会话授权的过程,通过审计监控和规则事件响应完善了安全审计功能,使委托授权具有自主性和可变性的特点。在管理信息系统的应用和实践表明,该模型是一种安全易管理的委托授权机制,能适应多种委托策略。
針對訪問控製中委託在安全性和功能性上的不足,通過對比分析RBAC委託模型的特點,結閤安全審計概唸提齣瞭具有安全審計功能的RBAC委託模型,併給齣瞭形式化的定義和描述。該模型定義瞭委託的限製條件和傳遞約束來體現委託的特性,利用審計記錄集閤實現瞭委託、撤銷和會話授權的過程,通過審計鑑控和規則事件響應完善瞭安全審計功能,使委託授權具有自主性和可變性的特點。在管理信息繫統的應用和實踐錶明,該模型是一種安全易管理的委託授權機製,能適應多種委託策略。
침대방문공제중위탁재안전성화공능성상적불족,통과대비분석RBAC위탁모형적특점,결합안전심계개념제출료구유안전심계공능적RBAC위탁모형,병급출료형식화적정의화묘술。해모형정의료위탁적한제조건화전체약속래체현위탁적특성,이용심계기록집합실현료위탁、철소화회화수권적과정,통과심계감공화규칙사건향응완선료안전심계공능,사위탁수권구유자주성화가변성적특점。재관리신식계통적응용화실천표명,해모형시일충안전역관리적위탁수권궤제,능괄응다충위탁책략。
Considering the security and functionality deficiencies of delegation in access control, this paper proposes an RBAC delegation model with security audit function and gives its formal definition and description based on the contras-tive analysis of RBAC delegation model’s features and the concept of security audit. This model defines the restrictions and transmission constraints for delegation, which reflects the traits of delegation, implements the process of delegation, revocation and session authorization by applying audit record sets, and improves the security audit function by audit moni-toring and rule event response to make the delegation authorization have its autonomy and variability. The application and practice in management information system implies that this model is a secure and easily manageable delegation authori-zation mechanism, which can suit multiple delegation strategy.
