计算机应用 ›› 2011, Vol. 31 ›› Issue (05): 1291-1294.DOI: 10.3724/SP.J.1087.2011.01291

• 信息安全 • 上一篇    下一篇

授权管理中的权限衍生计算方法

王婷,陈性元,任志宇   

  1. 信息工程大学 电子技术学院, 郑州450004
  • 收稿日期:2010-11-01 修回日期:2010-12-18 发布日期:2011-05-01 出版日期:2011-05-01
  • 通讯作者: 王婷
  • 作者简介:王婷(1982-),女,河南洛阳人,博士研究生,主要研究方向:资源管理、访问控制;陈性元(1963-),男,安徽无为人,教授,博士生导师,主要研究方向:网络安全;任志宇(1974-),女,河南汤阴人,讲师,主要研究方向:网络安全。
  • 基金资助:

    国家863计划项目(2006AA01Z457;2009AA01Z438)。

Calculation approach of privilege deduction in authorization management

WANG Ting, CHEN Xing-yuan, REN Zhi-yu   

  1. Institute of Electronic Technology, Information Engineering University, Zhengzhou Henan 450004, China
  • Received:2010-11-01 Revised:2010-12-18 Online:2011-05-01 Published:2011-05-01
  • Contact: Wang Ting

摘要: 权限之间的衍生关系简化了授权管理,同时也增加了权限判决的难度,准确、高效地计算权限衍生对授权和访问控制具有重要意义。在给出基于资源和操作层次的权限衍生规则基础上,针对授权管理中权限查询较频繁而权限更新较少的特点,设计了一种新的基于可达矩阵的权限衍生计算方法,并研究了权限衍生关系动态调整的算法步骤。仿真实验表明,当权限的数量较大时,该新方法比基于权限衍生规则的直接计算方法具有较高的计算效率。

关键词: 权限衍生, 授权管理, 访问控制, 可达矩阵

Abstract: Privilege deduction relation makes the authorization management easier, and at the same time it also causes the calculation of valid privileges more difficult. Therefore, it is important for authorization and access control to calculate deduction relations between privileges correctly and efficiently. Based on the resource hierarchy and operation hierarchy, the rule of privilege deduction was given in this paper. According to the fact that privilege query happens more frequently than privilege update, a new method of calculating deduction relations based on reachability matrix of privilege deduction was proposed. The experimental results show that the new method is more efficient than the way calculating deduction relations directly.

Key words: privilege deduction, authorization management, access control, reachability matrix