摘要
1 引言访问授权是信息系统安全最重要的措施之一。支持访问授权职责分离原则是评价访问授权模型的重要技术指标。但是,现有的访问授权模型仅支持用户级授权职责分离,即不允许同一用户同时拥有某些访问权限(权限静态互斥),或者不允许同一用户在一次用户访问会话(进程)中激活其所拥有的某些访问权限(权限动态互斥),而对访问授权任务本身存在的互斥关系在目前的相关文献中讨论很少。然而。
Supporting the separation of duties is one of the security strategies that must be achieved in any one of access control methods. However,the facts that the same user is not allowed to hold some permissions at a certain time (static permission exclusion)and that the same user is not allowed to activate some permissions at a certain time (dynamic permission exclusion)are only realized in existing authorization models,that is,these models only support a user-level separation of duties. But under the environment of network and distribution,there exists separation of duties in authorization tasks themselves. That is,whether some authorization tasks have been or should be carried out is the prerequisite that other some authorization tasks are carried out,whereas this very important problem is not discussed in existing authorization models such that it is very difficult to model access authorization task execution in network and distribution environments. Thus the novel notions of authorization task dependencies and the new concepts of separation of duties and cooperation of duties are present in this paper,and their formal descriptions also are given. With the mutual exclusion and cooperation relationships of authorization tasks,a system-level authorization separation of duties may be achieved.Finally,a timed color Petri net model used to analyse the dependent relationship consistency among authorization tasks is discussed.
出处
《计算机科学》
CSCD
北大核心
2002年第10期88-91,共4页
Computer Science
基金
国防预研基金(C~3I)
