摘要
访问控制是众多计算机安全解决方案中的一种。基于角色的访问控制是目前公认的解决大型企业的统一资源访问控制的有效方法。本文所论述的分层角色访问控制模型是在对基于角色的访问控制模型的研究基础上提出的一种改进的基于角色访问控制的模型,以解决其在实际应用中所遇到的问题。分层角色访问控制模型通过人员-人员范围,人员范围-角色,资源-资源范围,操作-角色的分层预处理转换为角色-操作,角色-(人员范围=资源范围)的两个二维矩阵的判决,最终通过增加分层预处理方法降低了在处理访问控制权限判决点时的复杂度。
The access control is one of the multitudinous computer security solutions. Now the Role-based access control model is acknowledged a effective access control model for big enterprise to solve unitized resources. The Role-Layering access control model is brought forward a improved access control model based on the Role-based access control model in this thesis to solve the problems produced by using the Rolebased access control model in practical applications. The essential of the Role-Layering access control model is that it first deals with user-operation-object to relate the users and objects. The users through user-area related with objects through object-area. It can attest by mathematics model that it solved the complicated that the Role-based access control model is a three-dimensional matrix about user-operationobject at access control adjudication. The Role-Layering access control model first deals with user to userarea and user-area to role and object to object-area and operation to role step by step. Then there are two two-dimensional matrixes that role-operation and role-user-area (at this time user-area is equal with objectarea) for adjudged at access control adjudication. At last it is reduced complication at access control adjudication by layered users and objects at first.
出处
《现代计算机》
2005年第12期17-19,共3页
Modern Computer
