摘要
针对信息战下数据库安全代理对访问控制的特殊需求,提出了数据库安全代理(DSP)扩展的基于角色访问控制模型(DSP RBAC).该模型形式化地定义了权限的各个方面,包括操作、属性、动作、客体以及它们之间的关系.通过引入客体包含关系(OIR)和操作级联关系(COR),研究了DSP对关系数据库管理系统的认知问题.在分析操作级联关系的级联需求和继承激活基础上,阐述了对会话需求权限和会话激活权限的影响,并给出在新模型下进行访问控制决策的原则.实验结果表明,该模型解决了在数据库安全代理中应用访问控制策略的操作、客体相关性问题,能够显著提高关键应用的安全性.
To meet the special requirements of access control policies for database security proxy (DSP) in information warfare, an extended role based access control (DSP-RBAC) model was proposed. The model formalized various aspects of permissions including operations, properties, actions, objects and relationships among them. By introducing the object inclusion relationship (OIR) and the cascaded operation relationship (COR), the cognition issues of DSP on relational database management system were studied. Based on analysis of the cascaded requirement property and the inherited activation property of COR, the impacts on required permissions and activated permissions were discussed, and the principles to make access control decision were presented by concerning OIR and COR. Experimental results show that the DSP-RBAC model solves the operation-object relativity issues and remarkably improves the security when the access control policies are deployed in database security proxy for critical applications.
出处
《浙江大学学报(工学版)》
EI
CAS
CSCD
北大核心
2005年第3期342-347,共6页
Journal of Zhejiang University:Engineering Science
基金
防预研资金资助项目(45.6.1 017).
关键词
信息战
数据库安全代理
基于角色的访问控制
Electronic warfare
Formal languages
Information management
Security of data
