北京交通大学学报2011,Vol.35Issue(5):21-25,5.
基于风险分析的应用系统访问控制模型
Research on risk analysis-based access control model of application system
摘要
Abstract
Facing to the complex application systems, an access control model based on the risk analysis is proposed. The directed connection between the business objectives and the access control strategies is established in the model according to the concept of risk, with business process operational performance indicators as a basis on the risk measurement and the risk calculation as the constraint equation of the access control authorization decision. At the same time, besides the principle of least privilege and the principle of responsibility of separation, the principle of "business-security" equilibrium is also given,and the appropriate authorization decision rules are also established. The research results in the article aid to establish a flexible decision-making method to adapt the development of the business flexibility and interoperability, as well as get rid of the "safe or unsafe" dual authorization decision rule.关键词
风险分析/访问控制/基于角色的访问控制/基于任务的访问控制Key words
risk analysis/ access control/ role-based access control/ task-based access control分类
信息技术与安全科学引用本文复制引用
高志民,王声远..基于风险分析的应用系统访问控制模型[J].北京交通大学学报,2011,35(5):21-25,5.基金项目
长江学者和创新团队发展计划项目资助(IRT0707):北京市教育委员会学科建设与研究生教育建设项目资助 (IRT0707)
