基于属性规则的PRBAC参数模型研究与实现-《郑州大学学报(工学版)》

文章信息/Info

Author(s):: Ouyang Rongbin; Liu Yunfeng; Long Xinzheng; Peking University Computing Center, Beijing, 100871

Keywords:: access control; data permissions; PRBAC; attribute rules; parameter model

摘要:: PRBAC模型可以实现细粒度的数据访问控制.论文分析了以往有关RBAC数据权限的研究,总结了具体的实践探索经验,提出一种基于属性规则的PRBAC参数模型,以实现通用的数据权限管理.笔者阐述了模型的设计思路,包括数据权限规则的形式组成、具体含义,还阐述了模型的实现方案,包括规则的实现形式、PRBAC参数应用时机、规则校验的主要实现算法,以及相关的技术要点.论文还结合该模型在北京大学IAAA系统的应用实践阐述了模型的优势,即数据权限规则设置具有较强的通用性,灵活而便捷,最后指出模型实现方案可以在规则冲突检验方面进一步完善.

Abstract:: PRBAC was always implemented to achieve fine-grained access control.This paper analyzed recent research on data permissions,summarized related experiences,and presented a parameter model of PRBAC based on attribute rules.It presented the model’ s design,including the rule’ s formal form and its components.It also described a general implementation scheme,including the rules’ specification,rule’ s application time choice,algorithm of the rule’ s validation,and some key techniques of the implementation.With the practice on IAAA at PKU,it showed that the model was flexible and the rules’ setting was convenient.This paper also pointed out that rules’ conflict checking should be implemented in future.