作　　者： (谭韧）; (殷肖川）; (李晓辉）; (卞洋洋）;

机构地区： 空军工程大学信息与导航学院,西安710077

出　　处： 《计算机科学》 2017年第8期140-145,167,共7页

摘　　要： 针对基于角色的访问控制(RBAC)模型在业务处理流程中访问控制粒度过粗和无法动态调整授权等方面的问题,提出了一种面向业务的动态RBAC模型(BO-RBAC)。该模型参考基于任务的访问控制(TBAC)模型,引入了业务、业务步和授权步等概念,并形式化定义了模型的基本集合;同时将授权过程分为角色授权和授权步授权两部分,将业务执行视为随机过程,给出了基于马尔可夫链的动态授权方法;最后使用C++14对模型进行了实现。BO-RBAC模型结合了RBAC与TBAC的特点,具有访问控制粒度细、授权动态调整、满足安全规范等优点。 Aiming at the problems of rough-grained access control and unable to adjust authorization dynamically in business process of traditional role-based access control（RBAC）model,a business-oriented dynamic RBAC model（BORBAC）was proposed in this paper.Taking TBAC model as reference,business step and authorization step are introduced into this model and basic model set is defined formally.Meanwhile,the authorization process is divided into two parts,role authorization and step authorization,and the execution is regarded as random process which shows a Markov chain-based dynamic authorization method.Finally,the model is implemented with C＋＋14 programming language.BORBAC model combines the features of RBAC and TBAC,which introduces such advantages of fine-grained access control,dynamically-adjusting authorization and satisfy security specifications.

关 键 词： 动态授权 访问控制 马尔可夫状态机