| 基于级别的信息管理系统授权模型 |
| |
| 引用本文: | 徐国定,罗雪平,郑奕莉.基于级别的信息管理系统授权模型[J].华东师范大学学报(自然科学版),2000(4):37-44. |
| |
| 作者姓名: | 徐国定 罗雪平 郑奕莉 |
| |
| 作者单位: | 华东师范大学计算机系,上海,200062 |
| |
| 摘 要: | 人们已经提出了一些授权模型,以保证计算机系统的信息安全。作者对授权模型提出如下一些推广。首先,该文的授权模型提出了一个不同的否定策略,称为基于级别的否定策略。该否定策略避免了原来一些授权模型或者否定权限始终超越肯定权限或者肯定权限又始终优于否定权限的不灵活性。作者对授权模型的第二个推广在于引入了连锁否定的命令,该命令将沿着收到否定权限用户已授与他人的相应肯定权限转授链,按基于级别的否定策略对转授链用户的相应肯定权限进行处理。作者在授权模型中还引入了执行动作Execute.执行动作的引入使得信息管理系统的管理员对本系统具有完整的控制权。
|
| 关 键 词: | 信息管理系统 信息安全 授权模型 否定策略 级别 否定权限 连锁否定 计算机系统 |
A Rank-based Model of Authorization for Information Systems |
| |
| XU Guo-ding,LUO Xue-ping,ZHENG Yi-li.A Rank-based Model of Authorization for Information Systems[J].Journal of East China Normal University(Natural Science),2000(4):37-44. |
| |
| Authors: | XU Guo-ding LUO Xue-ping ZHENG Yi-li |
| |
| Abstract: | Many authorization models have been proposed to ensure information security of computer systems. This paper proposes some extensions to the authorization models. First, a different negative strategy, called rank based negative strategy, has been incorporated in our authorization model. This strategy avoids inflexible drawbacks of the some well known models, in which either the negative authorization takes precedence over the positive authorization or the positive authorization is dominant. The second extension concerns the introduction of the cascading negative command, which processes, according to the rank based negative strategy, the corresponding positive authorizations along the chains of users who have already been granted with those corresponding positive authorizations. Our model also introduces the execution command Execute. The incorporation of this command will invest complete control of the information system with the system administrator. |
| |
| Keywords: | information management system information security authorization model negative strategy@ |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
