用例驱动的角色访问控制安全授权设计和研究.pdfVIP

th Proceedings of the 26 Chinese Control Conference July 26-31, 2007, Zhangjiajie, Hunan, China 用例驱动的角色访问控制安全授权设计与研究 林 鹃，任胜兵，蒋 平，Mahammed Jalloh 中南大学 信息科学与工程学院, 长沙 410083 E-mail: linjuan0125@ 摘 要：角色访问控制模型是目前主流的访问控制安全模型。传统的角色访问控制模型建模时存在与系统需求分析 脱节的问题，导致建立的安全模型不能满足用户的要求。文章利用用例模型的概念和角色访问控制模型的特征，提 出了一种用例驱动的方法用来定义系统模型中角色的权限。该方法通过扩展的用例以及形式化的顺序图，将用例模 型与角色访问控制模型相结合。 而且与传统的在系统开发后期建立安全模型相比，在系统开发早期依据用例模型得 到安全模型，能够及早的发现安全问题，预防安全体系的缺口。该方法完全符合最小权限原则。 关键词：角色访问控制模型，用例模型，顺序图，安全授权 Use Case-Driven Role Based Access Control Security Authorization Lin juan, Ren Shengbing, Jiang ping, Jalloh Mahammed Academy of Information Science and Engineering, Central South University, Changsha 410083, P.R.China E-mail: linjuan0125@ Abstract: Role Based Access Control is the most popular access control model recently. In tradition there exists a problem that the Role Based Access Control model is not accord well with the system demanding analyse. And it can not guarantee that the security model could meet the users’ demands. This paper introduces a method which describes the design and definition of the Role’s rights in system modeling based on Use-Case driven RBAC. It considers the concept of Use Case based on RBAC characteristics which combines the Use-Case model with RBAC model by extending the Use Case and formalizing the scenario map. Comparing with traditional systems that incorporate Use Case design model at the end of system design, this method is designed from the beginning of the security design process, so it could identify security problems earlier in the system design to preven