Journal of Computer Applications ›› 2011, Vol. 31 ›› Issue (05): 1291-1294.DOI: 10.3724/SP.J.1087.2011.01291
• Information security • Previous Articles Next Articles
WANG Ting, CHEN Xing-yuan, REN Zhi-yu
Received:
Revised:
Online:
Published:
Contact:
王婷,陈性元,任志宇
通讯作者:
作者简介:
基金资助:
国家863计划项目(2006AA01Z457;2009AA01Z438)。
Abstract: Privilege deduction relation makes the authorization management easier, and at the same time it also causes the calculation of valid privileges more difficult. Therefore, it is important for authorization and access control to calculate deduction relations between privileges correctly and efficiently. Based on the resource hierarchy and operation hierarchy, the rule of privilege deduction was given in this paper. According to the fact that privilege query happens more frequently than privilege update, a new method of calculating deduction relations based on reachability matrix of privilege deduction was proposed. The experimental results show that the new method is more efficient than the way calculating deduction relations directly.
Key words: privilege deduction, authorization management, access control, reachability matrix
摘要: 权限之间的衍生关系简化了授权管理,同时也增加了权限判决的难度,准确、高效地计算权限衍生对授权和访问控制具有重要意义。在给出基于资源和操作层次的权限衍生规则基础上,针对授权管理中权限查询较频繁而权限更新较少的特点,设计了一种新的基于可达矩阵的权限衍生计算方法,并研究了权限衍生关系动态调整的算法步骤。仿真实验表明,当权限的数量较大时,该新方法比基于权限衍生规则的直接计算方法具有较高的计算效率。
关键词: 权限衍生, 授权管理, 访问控制, 可达矩阵
WANG Ting CHEN Xing-yuan REN Zhi-yu. Calculation approach of privilege deduction in authorization management[J]. Journal of Computer Applications, 2011, 31(05): 1291-1294.
王婷 陈性元 任志宇. 授权管理中的权限衍生计算方法[J]. 计算机应用, 2011, 31(05): 1291-1294.
0 / Recommend
Add to citation manager EndNote|Ris|BibTeX
URL: http://www.joca.cn/EN/10.3724/SP.J.1087.2011.01291
http://www.joca.cn/EN/Y2011/V31/I05/1291