基于组织的四层访问控制模型跨域访问过程中虚拟岗位构建方法

doi:10.11772/j.issn.1001-9081.2014.08.2345

计算机应用 ›› 2014, Vol. 34 ›› Issue (8): 2345-2349.DOI: 10.11772/j.issn.1001-9081.2014.08.2345

基于组织的四层访问控制模型跨域访问过程中虚拟岗位构建方法

彭友¹,宋艳¹,鞠航¹,王延章²

1. 哈尔滨工程大学经济管理学院，哈尔滨150001
2. 大连理工大学管理与经济学部，辽宁大连 116024

收稿日期:2014-02-19 修回日期:2014-03-25 发布日期:2014-08-10 出版日期:2014-08-01
通讯作者: 彭友
作者简介:彭友（1981-），男，黑龙江哈尔滨人，博士，主要研究方向：电子政务、复杂信息系统整合、信息安全；宋艳（1974-），女，黑龙江哈尔滨人，教授，博士生导师，主要研究方向：应急管理、复杂信息系统；鞠航（1981-），女，黑龙江哈尔滨人，副教授，主要研究方向：应急管理、项目管理；王延章（1952-），男，辽宁大连人，教授，博士生导师，博士，主要研究方向：复杂信息系统整合、决策支持、电子政务。
基金资助:
国家自然科学基金资助重点项目;中国博士后面上资助项目

Construction method of virtual position in process of cross-domain access control based on organization based 4 levels access control model

PENG You¹,SONG Yan¹,JU Hang¹,WANG Yanzhang²

1. School of Economics and Management, Harbin Engineering University, Harbin Heilongjiang 150001, China;
2. Faculty of Management and Economics, Dalian University of Technology, Dalian Liaoning 116024, China

Received:2014-02-19 Revised:2014-03-25 Online:2014-08-10 Published:2014-08-01
Contact: PENG You

摘要/Abstract

摘要：

对于基于组织的四层访问控制(OB4LAC)模型在跨域访问控制过程中如何依据外域用户的申请权限集构建本域内虚拟岗位的问题，提出基于如下三阶段的处理流程，包括申请权限集与角色集的匹配搜索阶段、角色集职责分离(SoD)约束和激活约束判断阶段以及虚拟岗位的生成和撤销阶段。针对申请权限集与角色集的匹配搜索阶段，分别给出了面向完全匹配、可用性优先匹配和最小特权优先匹配的搜索算法；针对角色集SoD约束和激活约束判断阶段，则通过定义SoD约束矩阵(SODM)、非连通继承关系矩阵(AIM)和基数约束矩阵(CCM)以及对应的约束判断流程予以解决；针对虚拟岗位的生成和撤销阶段，给出了完成这一过程所需的管理函数。通过上述具体处理流程和实现算法，很好地解决了OB4LAC模型跨域访问过程中虚拟岗位的构建问题。

Abstract:

For the problems of Organization Based 4 Levels Access Control (OB4LAC) model on how to build the virtual positions based on the requested permission sets from users in other domain, this paper proposed a detailed process based on the following three stages, which are the searching stage of the role sets based on the required permission, the determining stage of Separation of Duty (SoD) and activating constraints, the creation and revoke stage of virtual position. Aiming to the searching stage of the role sets based on the required permission, the authors gave three searching algorithms that match three different cases respectively, which are complete matching, available matching and least privilege matching; for the determining stage of SoD and activating constraints, the authors defines three kinds of matrixes which are Separate of Duty Matrix (SODM), Cardinality Constraint Matrix (CCM) and Anti-connection Inherit Matrix (AIM), then based on those matrixes and corresponding process to solve these problems of constraints; aiming to the creation and revoke stage of virtual position, this paper gave the management functions required for completing the process. Through these specific processes and realization algorithms, the authors resolved the problems of building the virtual positions in multi-domain environment for OB4LAC model.

中图分类号:

彭友宋艳鞠航王延章. 基于组织的四层访问控制模型跨域访问过程中虚拟岗位构建方法[J]. 计算机应用, 2014, 34(8): 2345-2349.

PENG You SONG Yan JU Hang WANG Yanzhang. Construction method of virtual position in process of cross-domain access control based on organization based 4 levels access control model[J]. Journal of Computer Applications, 2014, 34(8): 2345-2349.

参考文献

［1］PENG Y. Research of the organization-based access control method and model for e-government ［D］. Dalian: Dalian University of Technology, 2012.(彭友.电子政务中基于组织的访问控制方法及模型研究［D］.大连:大连理工大学,2012.)
［2］LI H. Research of organization based access control model for electronic government system ［D］. Dalian: Dalian University of Technology, 2009.(李怀明.电子政务系统中基于组织的访问控制模型研究［D］.大连:大连理工大学,2009.)
［3］DING F. Research on model of government organization authoriza-tion system based on OB4LAC ［D］. Dalian: Dalian University of Technology, 2009.(丁锋.基于OB4LAC的政府组织授权系统模型研究［D］.大连:大连理工大学,2009.)
［4］SHAFIQ B, JOSHI J B D, BERTINO E, et al. Secure interoperation in a multi-domain environment employing RBAC policies ［J］. IEEE Transactions on Knowledge and Data Engineering, 2005, 17(11):1557-1577.
［5］ZHONG L. Research on role-based inter-domain access control model ［D］. Hangzhou: Zhejiang Normal University, 2011.(钟丽丽.基于角色的跨域访问控制模型研究［D］.杭州：浙江师范大学,2011.)
［6］LIU M, WANG X, HUANG H, et al. A detection model based on Petri nets of SMER constrains violation in dynamic role translation ［J］. Journal of Computer Research and Development, 2012, 49(9):1991-1998.(刘猛,王轩,黄荷娇,等.基于Petri网的IRBAC 2000域间动态转换SMER约束违反检测［J］.计算机研究与发展,2012,49(9):1991-1998.)
［7］LIAO J, HONG F, ZHU X, et al. Separation of duty in dynamic role translations between administrative domains ［J］. Journal ofComputer Research and Development, 2006, 43(6):1065-1070.(廖俊国,洪帆,朱贤,等.多域间动态角色转换的职责分离［J］.计算机研究与发展,2006,43(6):1065-1070.)
［8］LIU S, HUANG H. Role-based access control for distributed cooperation environment ［C］// Proceedings of 2009 International Conference on Computational Intelligence and Security. Washington, DC: IEEE Computer Society, 2009: 455-459.
［9］MA M, WOODHEAD S. Constraint enabled distributed RBAC for subscription-based remote network services ［C］// Proceedings of the Sixth IEEE International Conference on Computer and Information Technology. Washington, DC: IEEE Computer Society, 2006: 1-6.
［10］PENG Y, JU H, SONG Y, et al. OB4LAC: an organization-based access control model for e-government system ［J］. Applied Mathematics and Information Science, 2014, 8(3): 1467-1474.
［11］LI F, SU M, SHI G, et al. Research status and development trends of access control model ［J］. Acta Electronica Sinica, 2012, 40(4): 805-813.(李凤华,苏釯,史国振,等.访问控制模型研究进展及发展趋势［J］.电子学报,2012,40(4):805-813.)
［12］RUSSELLO G, DULAY N. xDUCON: coordinating usage control policies in distributed domains ［C］// Proceedings of the Third International Conference on Network and System Security. Washington, DC: IEEE Computer Society, 2009: 246-253.
［13］ZHANG G, GONG W, TIAN J. The research of cross-domain usage control model in Web services ［C］// Proceedings of the Second International Conference on e-Business and Information System Security. Piscataway: IEEE Press, 2010: 1-5.
［14］DAI X, CHEN X, WANG Y, et al. An improved state transition-based security policy conflict detection algorithm ［C］// Proceedings of the 2010 International Conference on Computational and Information Sciences. Chengdu: [s.n.], 2010: 609-612.
［15］WANG X, FU H, ZHANG L. Research progress on attribute-based access control ［J］. Acta Electronica Sinica, 2010, 38(7): 1660-1667.(王小明,付红,张立臣.基于属性的访问控制研究进展［J］.电子学报,2010,38(7):1660-1667.)

[1]	高威刘丽华和斌涛邓方安. 区块链共识机制与改进算法研究进展[J]. 《计算机应用》唯一官方网站, 0, (): 0-0.
[2]	翟社平朱鹏举杨锐刘佳一腾. 基于区块链的物联网身份管理系统[J]. 《计算机应用》唯一官方网站, 0, (): 0-0.
[3]	李博, 黄建强, 黄东强, 王晓英. 基于异构平台的稀疏矩阵向量乘自适应计算优化[J]. 《计算机应用》唯一官方网站, 2024, 44(12): 3867-3875.
[4]	陈姿芊, 牛科迪, 姚中原, 斯雪明. 适用于物联网的区块链轻量化技术综述[J]. 《计算机应用》唯一官方网站, 2024, 44(12): 3688-3698.
[5]	高婷婷, 姚中原, 贾淼, 斯雪明. 链上链下一致性保护技术综述[J]. 《计算机应用》唯一官方网站, 2024, 44(12): 3658-3668.
[6]	贾淼, 姚中原, 祝卫华, 高婷婷, 斯雪明, 邓翔. 零知识证明赋能区块链的进展与展望[J]. 《计算机应用》唯一官方网站, 2024, 44(12): 3669-3677.
[7]	牛科迪, 李敏, 姚中原, 斯雪明. 面向物联网的区块链共识算法综述[J]. 《计算机应用》唯一官方网站, 2024, 44(12): 3678-3687.
[8]	蔡锦辉, 尹中旭, 宗国笑, 李俊儒. 面向嵌套分支突破的推断与污点分析融合的方法[J]. 《计算机应用》唯一官方网站, 2024, 44(12): 3823-3830.
[9]	杨巍白璐宁俊义董建军单春海信俊昌. 异构环境感知的幂律图流划分方法[J]. 《计算机应用》唯一官方网站, 0, (): 0-0.
[10]	梁辰王奕森魏强杜江. 基于Transformer-GCN的源代码漏洞检测方法[J]. 《计算机应用》唯一官方网站, 0, (): 0-0.
[11]	吴海峰陶丽青程玉胜. 集成特征注意力和残差连接的偏标签回归算法[J]. 《计算机应用》唯一官方网站, 0, (): 0-0.
[12]	秦学程刘春颜李宝赵蕴龙. 面向工业场景的云边协同数据存储与检索架构[J]. 《计算机应用》唯一官方网站, 0, (): 0-0.
[13]	涂进兴, 李志雄, 黄建强. 基于GPU对角稀疏矩阵向量乘法的动态划分算法[J]. 《计算机应用》唯一官方网站, 2024, 44(11): 3521-3529.
[14]	曾蠡, 杨婧如, 黄罡, 景翔, 罗超然. 超图应用方法综述：问题、进展与挑战[J]. 《计算机应用》唯一官方网站, 2024, 44(11): 3315-3326.
[15]	崔双双王宏志朱加昊吴昊. 面向低能耗高性能的分类器两阶段数据选择方法[J]. 《计算机应用》唯一官方网站, 0, (): 0-0.

基于组织的四层访问控制模型跨域访问过程中虚拟岗位构建方法

Construction method of virtual position in process of cross-domain access control based on organization based 4 levels access control model

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics