计算机应用 ›› 2014, Vol. 34 ›› Issue (2): 428-432.

• 计算机安全 • 上一篇    下一篇

基于属性的用户-角色委派模型可达性分析

任志宇1,2,3,陈性元1,3   

  1. 1. 河南省信息安全重点实验室,郑州 450004;
    2. 数学工程与先进计算国家重点实验室,郑州 450001
    3. 信息工程大学,郑州 450001;
  • 收稿日期:2013-08-20 修回日期:2013-10-24 出版日期:2014-02-01 发布日期:2014-03-01
  • 通讯作者: 任志宇
  • 作者简介:任志宇(1974-),女,河南汤阴人,博士研究生,主要研究方向:信息安全、访问控制、授权管理;陈性元(1964-),男,安徽无为人,教授,博士生导师,博士,主要研究方向:信息安全。
  • 基金资助:
    国家973重点基础研究发展计划;河南省科技创新人才计划项目

Reachability analysis for attribute based user-role assignment model

REN Zhiyu1,2,3,CHEN Xingyuan1,2   

  1. 1. Henan Province Key Laboratory of Information Security,Zhengzhou Henan 450004,China;
    2. Information Engineering University,Zhengzhou Henan 450001,China;
    3. State Key Laboratory of Mathematical Engineering and Advanced Computing,Zhengzhou Henan 450001,China
  • Received:2013-08-20 Revised:2013-10-24 Online:2014-02-01 Published:2014-03-01
  • Contact: REN Zhiyu

摘要: 针对传统基于角色的访问控制(RBAC)管理模型难以表达多样化策略的问题,提出了基于属性的用户-角色委派(ABURA)模型,采用属性作为用户-角色委派的先决条件,丰富了RBAC管理策略的语义。用户-角色可达性分析是验证分布式系统中授权管理策略正确性的重要机制,定义了ABURA模型的用户-角色可达性分析问题,通过分析ABURA模型状态转换特点给出策略约减定理,设计了可达性分析算法,并通过实例对算法进行了验证。

关键词: 授权管理模型, 可达性分析, 属性, 角色, 用户-角色委派

Abstract: It is difficult to express diversity policy by traditional RBAC (Role-based Access Control) management model. In order to solve the problem, an Attribute based User-Role assignment (ABURA) model was proposed. Attributes were adopted as prerequisite conditions to provide richer semantics for RBAC management policy. In distributed systems, user-role reachability analysis is an important mechanism to verify the correctness of authorization management policy. The definition of user-role reachability analysis problem for ABURA model was given. According to the characteristics of state transition in ABURA model, some reduction theorems for policy were given. Based on these theorems, user-role reachability analysis algorithm was proposed, and the algorithm got verified through examples.

Key words: authorization management model, reachability analysis, attribute, role, user-role assignment

中图分类号: