基于组织的四层访问控制模型跨域访问过程中虚拟岗位构建方法

doi:10.11772/j.issn.1001-9081.2014.08.2345

计算机应用 ›› 2014, Vol. 34 ›› Issue (8): 2345-2349.DOI: 10.11772/j.issn.1001-9081.2014.08.2345

基于组织的四层访问控制模型跨域访问过程中虚拟岗位构建方法

彭友¹,宋艳¹,鞠航¹,王延章²

1. 哈尔滨工程大学经济管理学院，哈尔滨150001
2. 大连理工大学管理与经济学部，辽宁大连 116024

收稿日期:2014-02-19 修回日期:2014-03-25 出版日期:2014-08-01 发布日期:2014-08-10
通讯作者: 彭友
作者简介:彭友（1981-），男，黑龙江哈尔滨人，博士，主要研究方向：电子政务、复杂信息系统整合、信息安全；宋艳（1974-），女，黑龙江哈尔滨人，教授，博士生导师，主要研究方向：应急管理、复杂信息系统；鞠航（1981-），女，黑龙江哈尔滨人，副教授，主要研究方向：应急管理、项目管理；王延章（1952-），男，辽宁大连人，教授，博士生导师，博士，主要研究方向：复杂信息系统整合、决策支持、电子政务。
基金资助:
国家自然科学基金资助重点项目;中国博士后面上资助项目

Construction method of virtual position in process of cross-domain access control based on organization based 4 levels access control model

PENG You¹,SONG Yan¹,JU Hang¹,WANG Yanzhang²

1. School of Economics and Management, Harbin Engineering University, Harbin Heilongjiang 150001, China;
2. Faculty of Management and Economics, Dalian University of Technology, Dalian Liaoning 116024, China

Received:2014-02-19 Revised:2014-03-25 Online:2014-08-01 Published:2014-08-10
Contact: PENG You

摘要/Abstract

摘要：

对于基于组织的四层访问控制(OB4LAC)模型在跨域访问控制过程中如何依据外域用户的申请权限集构建本域内虚拟岗位的问题，提出基于如下三阶段的处理流程，包括申请权限集与角色集的匹配搜索阶段、角色集职责分离(SoD)约束和激活约束判断阶段以及虚拟岗位的生成和撤销阶段。针对申请权限集与角色集的匹配搜索阶段，分别给出了面向完全匹配、可用性优先匹配和最小特权优先匹配的搜索算法；针对角色集SoD约束和激活约束判断阶段，则通过定义SoD约束矩阵(SODM)、非连通继承关系矩阵(AIM)和基数约束矩阵(CCM)以及对应的约束判断流程予以解决；针对虚拟岗位的生成和撤销阶段，给出了完成这一过程所需的管理函数。通过上述具体处理流程和实现算法，很好地解决了OB4LAC模型跨域访问过程中虚拟岗位的构建问题。

Abstract:

For the problems of Organization Based 4 Levels Access Control (OB4LAC) model on how to build the virtual positions based on the requested permission sets from users in other domain, this paper proposed a detailed process based on the following three stages, which are the searching stage of the role sets based on the required permission, the determining stage of Separation of Duty (SoD) and activating constraints, the creation and revoke stage of virtual position. Aiming to the searching stage of the role sets based on the required permission, the authors gave three searching algorithms that match three different cases respectively, which are complete matching, available matching and least privilege matching; for the determining stage of SoD and activating constraints, the authors defines three kinds of matrixes which are Separate of Duty Matrix (SODM), Cardinality Constraint Matrix (CCM) and Anti-connection Inherit Matrix (AIM), then based on those matrixes and corresponding process to solve these problems of constraints; aiming to the creation and revoke stage of virtual position, this paper gave the management functions required for completing the process. Through these specific processes and realization algorithms, the authors resolved the problems of building the virtual positions in multi-domain environment for OB4LAC model.

中图分类号:

彭友宋艳鞠航王延章. 基于组织的四层访问控制模型跨域访问过程中虚拟岗位构建方法[J]. 计算机应用, 2014, 34(8): 2345-2349.

PENG You SONG Yan JU Hang WANG Yanzhang. Construction method of virtual position in process of cross-domain access control based on organization based 4 levels access control model[J]. Journal of Computer Applications, 2014, 34(8): 2345-2349.

参考文献

［1］PENG Y. Research of the organization-based access control method and model for e-government ［D］. Dalian: Dalian University of Technology, 2012.(彭友.电子政务中基于组织的访问控制方法及模型研究［D］.大连:大连理工大学,2012.)
［2］LI H. Research of organization based access control model for electronic government system ［D］. Dalian: Dalian University of Technology, 2009.(李怀明.电子政务系统中基于组织的访问控制模型研究［D］.大连:大连理工大学,2009.)
［3］DING F. Research on model of government organization authoriza-tion system based on OB4LAC ［D］. Dalian: Dalian University of Technology, 2009.(丁锋.基于OB4LAC的政府组织授权系统模型研究［D］.大连:大连理工大学,2009.)
［4］SHAFIQ B, JOSHI J B D, BERTINO E, et al. Secure interoperation in a multi-domain environment employing RBAC policies ［J］. IEEE Transactions on Knowledge and Data Engineering, 2005, 17(11):1557-1577.
［5］ZHONG L. Research on role-based inter-domain access control model ［D］. Hangzhou: Zhejiang Normal University, 2011.(钟丽丽.基于角色的跨域访问控制模型研究［D］.杭州：浙江师范大学,2011.)
［6］LIU M, WANG X, HUANG H, et al. A detection model based on Petri nets of SMER constrains violation in dynamic role translation ［J］. Journal of Computer Research and Development, 2012, 49(9):1991-1998.(刘猛,王轩,黄荷娇,等.基于Petri网的IRBAC 2000域间动态转换SMER约束违反检测［J］.计算机研究与发展,2012,49(9):1991-1998.)
［7］LIAO J, HONG F, ZHU X, et al. Separation of duty in dynamic role translations between administrative domains ［J］. Journal ofComputer Research and Development, 2006, 43(6):1065-1070.(廖俊国,洪帆,朱贤,等.多域间动态角色转换的职责分离［J］.计算机研究与发展,2006,43(6):1065-1070.)
［8］LIU S, HUANG H. Role-based access control for distributed cooperation environment ［C］// Proceedings of 2009 International Conference on Computational Intelligence and Security. Washington, DC: IEEE Computer Society, 2009: 455-459.
［9］MA M, WOODHEAD S. Constraint enabled distributed RBAC for subscription-based remote network services ［C］// Proceedings of the Sixth IEEE International Conference on Computer and Information Technology. Washington, DC: IEEE Computer Society, 2006: 1-6.
［10］PENG Y, JU H, SONG Y, et al. OB4LAC: an organization-based access control model for e-government system ［J］. Applied Mathematics and Information Science, 2014, 8(3): 1467-1474.
［11］LI F, SU M, SHI G, et al. Research status and development trends of access control model ［J］. Acta Electronica Sinica, 2012, 40(4): 805-813.(李凤华,苏釯,史国振,等.访问控制模型研究进展及发展趋势［J］.电子学报,2012,40(4):805-813.)
［12］RUSSELLO G, DULAY N. xDUCON: coordinating usage control policies in distributed domains ［C］// Proceedings of the Third International Conference on Network and System Security. Washington, DC: IEEE Computer Society, 2009: 246-253.
［13］ZHANG G, GONG W, TIAN J. The research of cross-domain usage control model in Web services ［C］// Proceedings of the Second International Conference on e-Business and Information System Security. Piscataway: IEEE Press, 2010: 1-5.
［14］DAI X, CHEN X, WANG Y, et al. An improved state transition-based security policy conflict detection algorithm ［C］// Proceedings of the 2010 International Conference on Computational and Information Sciences. Chengdu: [s.n.], 2010: 609-612.
［15］WANG X, FU H, ZHANG L. Research progress on attribute-based access control ［J］. Acta Electronica Sinica, 2010, 38(7): 1660-1667.(王小明,付红,张立臣.基于属性的访问控制研究进展［J］.电子学报,2010,38(7):1660-1667.)

[1]	祁祥洲邢红杰. 基于中心核对齐的多核单类支持向量机[J]. 计算机应用, 0, (): 0-0.
[2]	陈浩杰，范江亭，刘勇. 分布式强化学习解决动态旅行商问题[J]. 计算机应用, 0, (): 0-0.
[3]	郭一阳于炯杜旭升杨少智曹铭. 基于自编码器与集成学习的离群点检测算法[J]. 计算机应用, 0, (): 0-0.
[4]	王周恺, 张炯, 马维纲, 王怀军. 面向高速列车监测数据的并行解压缩算法[J]. 计算机应用, 2021, 41(9): 2586-2593.
[5]	李卓, 宋子晖, 沈鑫, 陈昕. 边缘计算支持下的移动群智感知本地差分隐私保护机制[J]. 计算机应用, 2021, 41(9): 2678-2686.
[6]	赵津宋文爱邰隽杨吉江王青李晓丹雷毅邱悦. 儿童阻塞性睡眠呼吸暂停计算机人脸辅助诊断综述[J]. 计算机应用, 0, (): 0-0.
[7]	张妮韩萌王乐李小娟程浩东. 基于正负效用划分的高效用模式挖掘方法综述[J]. 计算机应用, 0, (): 0-0.
[8]	武鹏, 吴尽昭. 基于线性误差断言的推理方法[J]. 计算机应用, 2021, 41(8): 2199-2204.
[9]	孙蕊, 韩萌, 张春砚, 申明尧, 杜诗语. 含负项top-k高效用项集挖掘算法[J]. 计算机应用, 2021, 41(8): 2386-2395.
[10]	王梓森, 梁英, 刘政君, 谢小杰, 张伟, 史红周. 科研项目同行评议专家学术专长匹配方法[J]. 计算机应用, 2021, 41(8): 2418-2426.
[11]	赵全, 汤小春, 朱紫钰, 毛安琪, 李战怀. 大规模短时间任务的低延迟集群调度框架[J]. 计算机应用, 2021, 41(8): 2396-2405.
[12]	康军, 黄山, 段宗涛, 李宜修. 时空轨迹序列模式挖掘方法综述[J]. 计算机应用, 2021, 41(8): 2379-2385.
[13]	陈静, 毛莺池, 陈豪, 王龙宝, 王子成. 基于改进单点多盒检测器的大坝缺陷目标检测方法[J]. 计算机应用, 2021, 41(8): 2366-2372.
[14]	马华, 陈跃鹏, 唐文胜, 娄小平, 黄卓轩. 面向工作者能力评估的众包任务分配方法的研究进展综述[J]. 计算机应用, 2021, 41(8): 2232-2241.
[15]	李莉吴怡杨祉坤陈云鹏. 基于分区型区块链医疗电子病历共享方案[J]. , 0, (): 0-0.

基于组织的四层访问控制模型跨域访问过程中虚拟岗位构建方法

Construction method of virtual position in process of cross-domain access control based on organization based 4 levels access control model

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics