关键词: 安全信息系统 访问控制 功能角色 数据角色

Abstract:

In the application of secure information systems, the traditional role-based access control model can not filter business data for users,which easily  results in secret data leakage. To resolve this problem, we present a two dimensional role-based access control model. There are two types of roles defi ned in this model,i- e. functional role and data role. Functional roles are used to describe operation permission on business data,on the other hand,dat a roles are used to select and filter the business data that users can operate. So, we can assign different data roles to users from different departmen ts, so as to ensure users can only operate the data from their own departments. Applications indicate that, the proposed two dimensional role based access control model possesses both ＂minimal permission＂ and ＂least data＂ characteristics, and it can be used as the access control model for secure infformation systems.

Key words: secure information system, access control, functional role, data role