基于角色访问控制管理模型的安全性分析-软件学报.pdf

ISSN 1000-9825, CODEN RUXUEW E-mail: jos@ Journal of Software, Vol.17, No.8, August 2006, pp.1804− 1810 http://www.j DOI: 10. 1360/jos171804 Tel/Fax : +86-10 © 2006 by Journal of Software. All rights reserved. ∗ 基于角色访问控制管理模型的安全性分析 + 杨秋伟 , 洪 帆, 杨木祥, 朱 贤 (华中科技大学 计算机学院,湖北 武汉 430074) Security Analysis on Administrative Model of Role-Based Access Control + YANG Qiu-Wei , HONG Fan, YANG Mu-Xiang, ZHU Xian (College of Computer Science, Huazhong University of Science and Technology, Wuhan 430074, China) + Corresponding author: Phn: +86-27 Fax: +86-27 E-mail: yky_wenfeng@163.com, Yang QW, Hong F, Yang MX, Zhu X. Security analysis on administrative model of role-based access control. Journal of Software, 2006,17(8):1804−1810. /1000-9825/17/1804.htm Abstract: Systemic security strategy is described by security query in administrative model of role-based access control (RBAC). According to the definition of state-transition system, security analysis is defined and executed on Turing machine. Security query is classified by necessity and possibility. As a result, necessary security query and possible security query independent of status can be resolved in polynomial time, and the conditions under which possible security query is NP-complete problem are presented, but general possible security query is un-decidable. Key words: role-based access control; authorization management; Turing machine; NP-complete problem; un-decidable 摘 要: 在基于角色的访问控制管理模型中,采用安全查询来描述系统安全策略, 引入状态变换系统定义基于 角色的访问控制管理模型及其安全分析, 用图灵机理论和计算复杂性理论进行安全分析.将安全查询分类为必 然性安全查询和可能性安全查询,证明了必然性安全查询和与状态无关的可能性安全查询能在多项式时间内 被有效解决,给出了满足NP- 完全问题的可能性安全查询的条件, 而一般的可能性安全查询是不可判定的. 关