Cross-domain authorization management model based on two-tier role mapping

doi:10.11772/j.issn.1001-9081.2013.09.2511

Journal of Computer Applications ›› 2013, Vol. 33 ›› Issue (09): 2511-2515.DOI: 10.11772/j.issn.1001-9081.2013.09.2511

• Information security • Previous Articles Next Articles

Cross-domain authorization management model based on two-tier role mapping

REN Zhiyu¹,²,³,CHEN Xingyuan¹,³,SHAN Dibin¹,²,³

1. Henan Province Key Laboratory of Information Security, Zhengzhou Henan 450004,China;
2. State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou Henan 450001,China
3. The Fourth College, Information Engineering University, Zhengzhou Henan 450001,China;

Received:2013-03-19 Revised:2013-04-25 Online:2013-10-18 Published:2013-09-01
Contact: REN Zhiyu

基于双层角色映射的跨域授权管理模型

任志宇¹,²,³,陈性元¹,³,单棣斌¹,²,³

1. 河南省信息安全重点实验室,郑州 450004;
2. 数学工程与先进计算国家重点实验室,郑州 450001
3. 信息工程大学四院,郑州 450001;

通讯作者: 任志宇
作者简介:任志宇(1974-),女,河南汤阴人,博士研究生,主要研究方向:信息安全、访问控制、授权管理;
陈性元(1964-),男,安徽无为人,教授,博士生导师,博士,主要研究方向:信息安全、信任体系;
单棣斌(1982-),男,河北邯郸人,讲师,硕士,主要研究方向:身份认证。
基金资助:
国家973计划项目;河南省科技创新人才计划项目

Abstract

Abstract: With regard to the singleness of the role establishment method in the traditional cross-domain authorization management models, and the problems such as implicit promotion of privilege and the separation of duties conflict, a new cross-domain authorization management model based on two-tier role mapping was proposed. The two-tier role architecture met the practical needs of role establishment and management. On this basis, unidirectional role mapping can avoid the role mapping rings. By introducing attribute and condition, dynamic adjustment of permissions was realized. The model was formalized by dynamic description logic, including concepts, relations and management actions. In the end, the security of the model was analyzed.

Key words: information security, multi-domain secure interoperation, cross-domain role mapping, authorization management model, dynamic description logic

摘要： 针对传统跨域授权管理模型角色设置方法单一,以及有可能出现隐蔽提升、职责分离冲突等问题,提出一种基于双层角色结构的跨域授权管理模型。通过在管理域内设置双层角色,使得角色的设置与管理更加符合现实需求;采用单向角色映射的方式杜绝映射环路;引入属性、条件等动态因素,实现了权限的动态调整。采用动态描述逻辑刻画了模型中的概念、关系及管理动作。对模型的安全性分析表明,该模型满足自治性和安全性原则。

关键词: 信息安全, 多域安全互操作, 跨域角色映射, 授权管理模型, 动态描述逻辑

CLC Number:

TP393.08

REN Zhiyu CHEN Xingyuan SHAN Dibin. Cross-domain authorization management model based on two-tier role mapping[J]. Journal of Computer Applications, 2013, 33(09): 2511-2515.

任志宇陈性元单棣斌. 基于双层角色映射的跨域授权管理模型[J]. 计算机应用, 2013, 33(09): 2511-2515.

[1]	Shaochen HAO, Zizuan WEI, Yao MA, Dan YU, Yongle CHEN. Network intrusion detection model based on efficient federated learning algorithm [J]. Journal of Computer Applications, 2023, 43(4): 1169-1175.
[2]	Hongliang TIAN, Ping GE, Mingjie XIAN. Distribution network operation exception management mechanism based on blockchain [J]. Journal of Computer Applications, 2023, 43(11): 3504-3509.
[3]	Zexi WANG, Minqing ZHANG, Yan KE, Yongjun KONG. Reversible data hiding algorithm in encrypted domain based on secret image sharing [J]. Journal of Computer Applications, 2022, 42(5): 1480-1489.
[4]	MA Hua, CHEN Yuepeng, TANG Wensheng, LOU Xiaoping, HUANG Zhuoxuan. Survey of research progress on crowdsourcing task assignment for evaluation of workers’ ability [J]. Journal of Computer Applications, 2021, 41(8): 2232-2241.
[5]	XIAO Kai, WANG Meng, TANG Xinyu, JIANG Tonghai. Public welfare time bank system based on blockchain technology [J]. Journal of Computer Applications, 2019, 39(7): 2156-2161.
[6]	LUO Xiaofeng, YANG Xingchun, HU Yong. Improved decision diagram for attribute-based access control policy evaluation and management [J]. Journal of Computer Applications, 2019, 39(12): 3569-3574.
[7]	CAO Zhenhuan, CAI Xiaohai, GU Menghe, GU Xiaozhuo, LI Xiaowei. Android permission management and control scheme based on access control list mechanism [J]. Journal of Computer Applications, 2019, 39(11): 3316-3322.
[8]	LI Zhaobin, LI Weilong, WEI Zhanzhen, LIU Mengtian. Research and implementation of key module of data security processing mechanism in software defined network [J]. Journal of Computer Applications, 2018, 38(7): 1929-1935.
[9]	KE Yan, ZHANG Minqing, LIU Jia, YANG Xiaoyuan. Overview on reversible data hiding in encrypted domain [J]. Journal of Computer Applications, 2016, 36(11): 3067-3076.
[10]	KE Yan, ZHANG Minqing, LIU Jia. Separable reversible Hexadecimal data hiding in encrypted domain [J]. Journal of Computer Applications, 2016, 36(11): 3082-3087.
[11]	YUAN Qizhao, CAI Hongliang, ZHANG Jingzhong, XIA Hangyu. Secret sharing scheme only needing XOR operations [J]. Journal of Computer Applications, 2015, 35(7): 1877-1881.
[12]	PAN Lei, LI Tingyuan. Dynamic information security evaluation model in mobile Ad Hoc network [J]. Journal of Computer Applications, 2015, 35(12): 3419-3423.
[13]	PENG You SONG Yan JU Hang WANG Yanzhang. Construction method of virtual position in process of cross-domain access control based on organization based 4 levels access control model [J]. Journal of Computer Applications, 2014, 34(8): 2345-2349.
[14]	REN Zhiyu CHEN Xingyuan. Reachability analysis for attribute based user-role assignment model [J]. Journal of Computer Applications, 2014, 34(2): 428-432.
[15]	REN Guofeng JI Jiang TIAN Zhumei. The Shifted Bit Inverse Sequential Acquisition Algorithm [J]. Journal of Computer Applications, 2013, 33(08): 2136-2139.

Cross-domain authorization management model based on two-tier role mapping

基于双层角色映射的跨域授权管理模型

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics