A History-Based Constraint for Separation-of-Duty Policy in Role Based Access Control Model

机译：基于角色的访问控制模型中基于历史的职责分离策略约束

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

Separation-of-duty (SoD) is widely considered to be a fundamental principle in computer security. Role-based access control (RBAC) is today's dominant access control model, and supporting SoD policy is widely regarded as one of RBAC's main strengths. In this paper, we show that checking whether a RBAC state satisfies a given static SoD (SSoD) policy is a coNP-complete problem, and using statically mutually exclusive roles (SMER) to enforce SSoD is usually computationally expensive, while enforcing SSoD policies by a history-based constraint is practicable. Our approach is focused on high-level SSoD policy, and the key idea is to record each permission access request, this history is maintained and processed by two different mechanisms based on two cases, one case is n=2 or m=n, the other case is 2

机译：职责分离（SoD）被广泛认为是计算机安全性的基本原理。基于角色的访问控制（RBAC）是当今主要的访问控制模型，支持SoD策略被广泛认为是RBAC的主要优势之一。在本文中，我们表明，检查RBAC状态是否满足给定的静态SoD（SSoD）策略是一个coNP完全问题，并且使用静态互斥角色（SMER）来强制执行SSoD通常在计算上很昂贵，而通过以下方式强制执行SSoD策略：基于历史的约束是可行的。我们的方法侧重于高级SSoD策略，关键思想是记录每个权限访问请求，该历史记录是由两种不同的机制基于两种情况进行维护和处理的，一种情况是n = 2或m = n，其他情况是2

著录项

来源
《E-Business and Information System Security, 2009. EBISS '09》|2009年|1-5|共5页
会议地点 Wuhan(CN);Wuhan(CN)
作者
Duoqiang Wang; Wengfang Liu; Jianfeng Lu; Xiaopu Ma;
展开▼
作者单位

Coll. of Comput. Sci. Technol., Huazhong Univ. of Sci. Technol., Wuhan;

展开▼
会议组织
原文格式 PDF
正文语种
中图分类
关键词
authorisation; computational complexity; coNP-complete problem; computer security; history based constraint; role based access control model; separation-of-duty policy; statically mutually exclusive role;

机译：授权;计算复杂度; coNP完全问题;计算机安全性;基于历史的约束;基于角色的访问控制模型;职责分离策略;静态互斥角色;

相似文献

外文文献
中文文献
专利

1. Policy-Engineering Optimization with Visual Representation and Separation-of-Duty Constraints in Attribute-Based Access Control [J] . Wei Sun, Hui Su, Huacheng Xie Future Internet . 2020,第10期

机译：基于属性的访问控制中的视觉表示和占空比约束的策略 - 工程优化
2. Static Enforcement of Static Separation-of-Duty Policies in Usage Control Authorization Models [J] . Jianfeng LU, Ruixuan LI, Jinwei HU, IEICE Transactions on Communications . 2012,第5期

机译：在使用控制授权模型中静态执行静态职责分离策略
3. A comprehensive modeling framework for role-based access control policies [J] . Ameni Ben Fadhel, Domenico Bianculli, Lionel Briand The Journal of Systems and Software . 2015,第sepa期

机译：基于角色的访问控制策略的综合建模框架
4. A History-based Constraint for Separation-of-Duty Policy in Role Based Access Control Model [C] . Duoqiang Wang, Jianfeng Lu, Wengfang Liu, International Conference on E-Business and Information System Security . 2009

机译：基于角色访问控制模型中的职责策略的基于历史限制
5. A specification for an extensible access control Web service featuring access control lists and role-based access control models. [D] . Garcia, Andres. 2004

机译：具有访问控制列表和基于角色的访问控制模型的可扩展访问控制Web服务的规范。
6. A Role-Based Access Control Model in Modbus SCADA Systems. A Centralized Model Approach [O] . Santiago Figueroa-Lorenzo, Javier Añorga, Saioa Arrizabalaga 2019

机译：Modbus SCADA系统中的基于角色的访问控制模型。集中模型方法
7. Efficient IRM Enforcement of History-Based Access Control Policies [O] . C Fei Yan, Philip W. L. Fong 2008

机译：有效的IRm执行基于历史的访问控制策略

A History-Based Constraint for Separation-of-Duty Policy in Role Based Access Control Model

摘要

著录项

相似文献

相关主题

期刊订阅