基于推理的上下文感知RBAC模型设计和实现

doi:10.3785/j.issn.1008973X.2009.

2009, Vol. 43

Issue (09): 1609-1614 DOI: 10.3785/j.issn.1008973X.2009.

自动化技术、计算机技术

基于推理的上下文感知RBAC模型设计和实现

江颉^1,2,张杰²,陈德人¹

（1.浙江大学计算机科学与技术学院,浙江杭州 310027； 2.浙江工业大学软件学院,浙江杭州 310014）

Design and implementation of context-aware RBAC model based on reasoning

JIANG Jie^{1, 2}, ZHANG Jie², CHEN De-ren¹

(1.College of Computer Science and Technology, Zhejiang University, Hangzhou 310027, China;
2. College of Software, Zhejiang University of Technology, Hangzhou 310014, China)

全文: PDF(711 KB) HTML

摘要：

为了解决现有基于角色的访问控制（RBAC）模型缺乏对上下文约束条件的动态调整和生成,无法根据调整后的感知条件对用户权限实时进行调节的问题,在融合上下文感知RBAC模型和基于推理的RBAC模型基础上,提出了基于推理的上下文感知RBAC扩展模型.该扩展模型采用逻辑推理方法实现了上下文约束条件的动态调整,启用相应的公共感知器和自定义感知器感知约束条件的属性值；利用感知获得的动态上下文值进行角色和权限规则的推理,实现了访问主体对客体控制权限的实时更新.应用实例表明,该模型能提高分布式环境中用户动态访问控制的灵活性,并降低实时访问控制管理的复杂度．

Abstract:

An extended context-aware role based access control (RBAC) based on reasoning (RC-RBAC) model was proposed by integrating the single contextaware RBAC and reasoning-based RBAC in order to solve the problems of the absence of the adjustment and generation of the context-aware condition dynamically and the incapacity of updating the user authorization according to the adjusted constrain conditions in the existing RBAC. The extended model used the rule reasoning to adjust and generate the context constrains dynamically and start the common sensors and the self-defined sensors to collect the attribute values of the conditions. The access permission to the sensitive data was updated in real time based on the context-aware logic reasoning using the user rules and permission rules. The application results show that the extended RC-RBAC model can be employed in the distributed environment to satisfy the need of the dynamic authorization and reduce the realtime access control management complexity．

TP 309.2

基金资助:

国家“十一五”科技支撑计划资助项目(2006BAH02A03，2008BAH24B03)；国家自然科学基金资助项目（60773115）.

通讯作者: 陈德人，男，教授，博导. E-mail: drchen@zju.edu.cn

作者简介: 江颉（1972-），女，浙江平湖人，副教授，从事信息安全、电子商务的研究.

	服务
	把本文推荐给朋友
	加入引用管理器
	E-mail Alert
	RSS
	作者相关文章

引用本文:

江颉, 张杰, 陈德人. 基于推理的上下文感知RBAC模型设计和实现[J]. J4, 2009, 43(09): 1609-1614.

JIANG Jia, ZHANG Jie, CHEN De-Ren. Design and implementation of context-aware RBAC model based on reasoning. J4, 2009, 43(09): 1609-1614.

链接本文:

http://www.zjujournals.com/eng/CN/10.3785/j.issn.1008973X.2009. 或 http://www.zjujournals.com/eng/CN/Y2009/V43/I09/1609

［1］SANDHU R S,COYNE E J,FEINSTEIN H L, et al. Rolebased access control models［J］.IEEE Computer,1996,29(2):3847．
［2］ FERRAIOLO D, SANDHU R, GAVRILA S, et al. Proposed NIST standard for rolebased access control ［J］.ACM Transactions on Information and System Security,2001, 4(3):224274．
［3］ WAINER J, KUMAR A, BARTHELMESS P. DWRBAC: a formal security model of delegation and revocation in workflow systems［J］. Information Systems, 2007,32(3):365384．
［4］ BACON J, YAO W, MOODY K. A model of oasis rolebased access control and its support for active security ［J］.ACM Transactions on Information and System Security, 2002, 5(4):492540．
［5］ SANDHU R S, PARK J S, AHN G J. Rolebased access control on the Web ［J］. ACM Transactions on Information and Systems Security, 2001, 4(1):3771．
［6］NEUMANN G, STREMBECK M A. Scenariodriven role engineering process for functional RBAC roles［C］∥Proceedings of 7th ACM Symposium on Access Control Models and Technologies. Monterey: ACM, 2002:3342．
［7］STREMBECK M, NEUMANN G. An integrated approach to engineer and enforce context constraints in RBAC environments ［J］.ACM Transactions on Information and System Security, 2004, 7(3):392427．
［8］ZHANG G, PARASHAR M. Dynamic contextaware access control for grid applications［C］∥ Proceedings of 4th International Workshop on Grid Computing. Phoenix:IEEE,2003:101108．
［9］ZHANG L H, AHN G J, CHU B T. A rulebased framework for rolebased delegation and revocation ［J］.ACM Transactions on Information and System Security, 2003, 6(3):404441.
［10］ALKAHTANI M A, SANDHU R. Rulebased RBAC with negative authorization［C］ ∥20th Annual Computer Security Applications Conference. Tucson, Arizona: IEEE, 2004:405415．
［11］BERTINO E, CATANIA B, FERRARI E, et al. A logical framework for reasoning about access control models ［J］. ACM Transactions on Information and System Security, 2003, 6(1):71127．
［12］CRAMPTON J. Constraints: specifying and enforcing constraints in rolebased access control［C］∥Proceedings of the 8th ACM Symposium on Access Control Models and Technologies. Como: ACM, 2003:4350．
［13］CALVANESE D, GIACOMO G D, LENZERINI M. Representing and reasoning on XML documents: a description logic approach ［J］.Journal of Logic and Computation, 1999, 9(3):295318．
［14］COLMERAUER A. An introduction to Prolog III ［J］. Communications of the ACM, 1990, 33(7): 6990．
［15］ HEILILI N, CHEN Y, ZHAO C, et al. An OWLbased approach for RBAC with negative authorization ［C］∥ Knowledge Science, Engineering and Management. Guilin, China: Springer, 2006:164175．

[1]	陈珂，胡天磊，陈刚. 基于角色的信任证覆盖网络中高效信任链搜索[J]. J4, 2010, 44(12): 2241-2250.
[2]	马晨华, 王进, 裘炅, 陆国栋. 基于情景约束的工作流柔性访问控制模型[J]. J4, 2010, 44(12): 2297-2308.
[3]	余利华, 陈刚, 王伟, 陈柯, 董金祥. 一种基于容器的自组织存储模型[J]. J4, 2010, 44(5): 915-922.
[4]	陈珂, 邵峰, 陈刚, 等. XML结构化匹配中的位图过滤加速法[J]. J4, 2009, 43(09): 1549-1556.

Viewed

Full text

Abstract

Cited

Shared

Discussed