一种新的基于角色访问控制的角色层次化关系模型.pdfVIP

A New Role Hierarchy Model for Role Based Access Control LU Yi hong, SONG Han tao, GONG Yuan ming ( Depar tment of Computer Science and Eng ineering, Beijing Institute of T echnolog y, Beijing 100081, China) Abstract: A new role hierarchy model for RBAC ( role based access control) is presented and its featur es are illus tr ated through examples. Some new concepts such as priv ate permission, public permission and special permission ar e introduced, based on t he RRA97 model. Some new role role inheriting fo rms such as normal inheritance, pr i vate inheritance, public inher itance and special w ithout inheritance ar e defined. Based on the ideas mentioned, the new role hierarchy model is formulated. It is easier and more comprehensible to describe role r ole relationships through the new model than through the tradit ional ones. The new model is closer to the real wo rld and its mech anism is more powerful. Particularly it is more suitable w hen used in large scale role hier ar chies. Key words: RBAC; access control; role; inherit; role hier ar chy CLC number: TP 311 Document code: A Article ID: 1004 0579( 2002) 04 0409 05 Received 2002 01 15 Sponsored by the Special Fund on Capital Information Development of Beijing Bureau of T echnology Supervision ( 1999) Biographies LU Yi hong( 1962- ) , doctoral student; SONG Han tao( 1940- ) , professor, doctoral adviser. In recent years, more and more papers about RBAC ( role based access control) have emerged. The most representat ive study is the RBAC96 model[ 1] by Ravi Sandhu of George Mason U niversity in U . S. A. T he concepts and methods about RBAC have been ap plied in some database systems and operat ing sys tems. Reflect ing the up to date results of research about RBAC are relevant conferences, and the ACM workshop on role based access control, w hich are held annually. Researchers generally believe that the RBAC w ill come to be a succedaneum of tradit ional DAC ( discretional access control) and MAC ( manda to