基于受控实体的访问控制技术

在简要分析传统的基于角色的访问控制模型、基于任务的访问控制模型和一些基于它们的扩展模型的基础上,针对这些模型在实际应用中的问题,提出了基于受控实体的访问控制模型(称为EBAC).EBAC模型以受控实体为访问客体,并以其为中心实现安全控制机制.一方面,用户通过对受控实体的管理能力间接获取访问权限;另一方面,受控实体动态地对用户对其实例集和属性集的访问进行自主控制.该模型强化从企业/组织的资源管理视角实施访问控制策略,能够有效加强企业信息系统中访问控制的灵活性和安全性.

Controlled entity-based access control technique

Three access control models were reviews,including the traditional role-based access control model(RBAC),task-based access control model(TBAC),and extended model based on RBAC or/and TBAC and their practical applications were analyzed.An entity-based access control(EBAC) model is proposed,in which the concept of controlled entity is introduced,that is the controlled entity seems as a medi-object linked subject and object and users can indirectly gain access right through entity management.The entity is available to be autonomic controlled through access to instance set and property set.EBAC enhances the access control decision from the view of enterprise/organization resource management definitely,and strengthen the flexibility and security of access control model in enterprises information system effectively.