Abstract:

Based on the analysis concerning the drawbacks of applying RBAC, the concepts of context and rule were introduced, and the permissions were divided into enabled ones, active ones and limited ones, then a new access control model, the role and rule-based access control(RRBAC) model, was proposed. Through defining the security policy in design and capturing the corresponding contextual information in running, this model can provide finer access control, and reduce the workload of PA in the model of RBAC significantly.

Key words: access control, role, context, rule, policy

摘要：

分析了传统RBAC模型在应用中存在的不足,引入了上下文和规则的概念,并将权限分 为使能型、激活型和限制型,提出了基于角色和规则的访问控制模型。通过在设计时定义安全策略, 并在运行时捕获上下文信息来应用安全策略,从而能够为系统提供更细粒度的访问控制,同时也可以 降低传统RBAC模型中角色权限分配的工作量。

关键词: 访问控制, 角色, 上下文, 规则, 策略