基于角色访问控制的约束模型研究Survey on Module of Constraint in Role-based Access Control
白少云,白尚旺,张少波
摘要(Abstract):
基于角色的访问控制(Role-Based Access Control,RBAC)是根据用户角色确定访问权限,防止未经授权的用户访问信息资源。目前。尽管有许多不同类型的扩展RBAC,但是,没有一个通用的模型来定义不同类型的约束。本文基于统一建模语言(Unified Modeling Language,UML)和对象约束语言(Object Constraint Language,OCL),采用模型驱动的工程方法,构建了一个通用的满足不同约束访问控制的RBAC模型,简称Uni-RBAC.该模型通过在不同实体上定义OCL约束,来满足多种类型的授权要求,为系统在设计态和运行态的访问控制要求提供了良好的模型支撑。
关键词(KeyWords): 访问控制;RBAC;统一建模语言;约束;对象约束语言;Uni-RBAC
基金项目(Foundation): 太原科技大学校研究生创新基金(20145023)
作者(Author): 白少云,白尚旺,张少波
参考文献(References):
- [1]SANDH R,SAMARATI P.Authentication,Access Control,and Audit[J].ACM Computing Surveys,1996,28(1):241-243.
- [2]FUCHS L,PERNUL G,SANDHU R.Roles in information security:a survey and classification of the research area[J].Comput.Securi,2011,30(8):748-769.
- [3]SANDHU RAVI S,COYNE EDWARD J,FEINSTEIN HAL L,et al.Role-based Access Control Models[J].IEEE Computer,1996,29(2):38-47.
- [4]陈军冰,王志坚,艾萍,等.关于RBAC模型中约束的研究综述[J].计算机工程,2006,32(9):1-3.
- [5]ZHANG L H,AHN G J,CHU B T.A rule-based framework for role-based delegation and revocation[J].ACM Transactions on Information and System Security,2003,6(3):404-441.
- [6]ZHANG Z K,XIAO J G,LI H Y,et al.An extended permissionbased delegation authorization model[C]∥International Conference on Computer Science and Software Engineering.Wuhan,China:IEEE Computer Socity,2008.
- [7]CRAMPTON J,KHAMBHAMMETTU H.Delegation in role-based access control[J].International Journal of Information Security,2008,7(2):123-136.
- [8]SOHR K,KUHLMANN M,GOGOLLA M,et al.Comprehensive two-level analysis of role-based delegation and revocation policies with UML and OCL[J].Information and Software Technology,2012,54(12):1396-1417.
- [9]ELISA BERTINO,PIERO A BONATTI,ELENA FERRAN,et al.TRBAC:a temporal rolebased access control model[J].ACM Transactions on Information and System Security,2001,4(3):191-233.
- [10]JAMES B D JOSHI,ELISA BERTINO,USMAN LATIF,et al.A generalized temporal role-based access control model[J].Knowledge and data engineering,2005,17(1):4-23.
- [11]邵奇峰,韩玉明,郑秋生,等.一种混合授权的RBAC模型及其UML建模[J].武汉大学学报:理学版,2014,60(5):419-423.
- [12]丁胜,陈建勋.基于RBAC模型的安全访问机制建模研究[J].计算机应用与软件,2005,22(11):115-117.
- [13]张宏丽,乔钢柱,曾建潮.煤矿安全事故数据库系统设计与开发[J].太原科技大学学报,2015,36(4):288-293.