• 中国计算机学会会刊
  • 中国科技核心期刊
  • 中文核心期刊

J4 ›› 2008, Vol. 30 ›› Issue (9): 1-3.

• 论文 •    下一篇

面向安全信息系统的二维角色访问控制模型

熊志辉 张茂军 王炜 王德鑫 陈旺   

  1. 410073 湖南省长沙市国防科技大学信息系统与管理学院工程系;
  • 出版日期:2008-09-01 发布日期:2010-05-18

XIONG Zhi-hui,ZHANG Mao-jun, WANG Wei, WANG De-xin,CHEN Wang   

  1. (School of Infornmtion Systems and Management,National University of Defense Technology,Changsha 410073,China)
  • Online:2008-09-01 Published:2010-05-18

摘要:

在安全信息系统应用中,传统的基于角色的访问控制模型不能为用户过滤业务数据,容易导致数据失密。为解决此问题,本文提出基于二维角色的访问控制模型。该模型为用户定义功能角色和数据角色。功能角色用来规定用户对某类业务数据的操作权限,而数据角色则用来为用户选择和过滤能够操作的业务数据。这样,通过为不同部门的用户赋予不同的数据角色,可以确保该用户只能操作本部门的数据。应用表明,所提出的基于二维角色的访问控制模型既具有“最小权限”特性,又具有“最少数据”特性,适用于安全性要求高的信息系统访问控制。

关键词: 安全信息系统 访问控制 功能角色 数据角色

Abstract:

In the application of secure information systems, the traditional role-based access control model can not filter business data for users,which easily  results in secret data leakage. To resolve this problem, we present a two dimensional role-based access control model. There are two types of roles defi ned in this model,i- e. functional role and data role. Functional roles are used to describe operation permission on business data,on the other hand,dat a roles are used to select and filter the business data that users can operate. So, we can assign different data roles to users from different departmen ts, so as to ensure users can only operate the data from their own departments. Applications indicate that, the proposed two dimensional role based access control model possesses both "minimal permission" and "least data" characteristics, and it can be used as the access control model for secure infformation systems.

Key words: secure information system, access control, functional role, data role