| 树形层次化组织机构中的分级访问控制模型 |
| |
| 引用本文: | 於光灿,李瑞轩,卢正鼎,宋伟,苏永红.树形层次化组织机构中的分级访问控制模型[J].东南大学学报,2008,24(3):393-396. |
| |
| 作者姓名: | 於光灿 李瑞轩 卢正鼎 宋伟 苏永红 |
| |
| 作者单位: | 华中科技大学计算机科学与技术学院,武汉430074 |
| |
| 基金项目: | 国家自然科学基金,国家高技术研究发展计划(863计划) |
| |
| 摘 要: | 在BLP模型基础上提出一个新的分级访问控制模型,模型中建立部门之间的层次关系,提出岗位这一新的概念,简化了安全标记指派这一烦琐工作.通过为岗位指派多个安全标记,实现上下级及平级部门之间的互相沟通,在树形层次中靠得越近的部门,其职员之间可交流的客体密级越高.定义3个层次的访问矩阵,实现多种粒度的灵活的自主访问控制.模型在增加灵活性和实用性的同时保证信息的流动始终处于系统的控制之下,继承了BLP模型最突出的优点,并通过形式化证明的方式对模型进行了验证.
|
| 关 键 词: | 分级访问控制 层次化组织机构 多安全标签 |
Multi-level access control model for tree-like hierarchical organizations |
| |
| Mudar Sarem,Yu Guangcan,Li Ruixuan,Lu Zhengding,Mudar Sarem,Song Wei,Su Yonghong.Multi-level access control model for tree-like hierarchical organizations[J].Journal of Southeast University(English Edition),2008,24(3):393-396. |
| |
| Authors: | Mudar Sarem Yu Guangcan Li Ruixuan Lu Zhengding Mudar Sarem Song Wei Su Yonghong |
| |
| Institution: | Yu Guangcan Li Ruixuan Lu Zhengding Mudar Sarem Song Wei Su Yonghong ( College of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan 430074, China) |
| |
| Abstract: | An access control model is proposed based on the famous Bell-LaPadula (BLP) model.In the proposed model,hierarchical relationships among departments are built,a new concept named post is proposed,and assigning security tags to subjects and objects is greatly simplified.The interoperation among different departments is implemented through assigning multiple security tags to one post, and the more departments are closed on the organization tree,the more secret objects can be exchanged by the staff of the departments.The access control matrices of the department,post and staff are defined.By using the three access control matrices,a multi granularity and flexible discretionary access control policy is implemented.The outstanding merit of the BLP model is inherited,and the new model can guarantee that all the information flow is under control.Finally,our study shows that compared to the BLP model,the proposed model is more flexible. |
| |
| Keywords: | multi-level access control hierarchical organization multiple security tags |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
