Research on the design and application of role-resource based access control model

LAI Tianping; WANG Yongchao; LUO Pan; GAO Zhitong

doi:10.11959/j.issn.1000-436x.2024234

您当前的位置：

首页 >

文章列表页 >

Research on the design and application of role-resource based access control model

Smart Campus | 更新时间：2024-12-31

- Research on the design and application of role-resource based access control model
- Journal on Communications Vol. 45, Issue Z2, Pages: 153-159(2024)
- 作者机构：
  
  北京大学计算中心，北京100871
- 作者简介：
- 基金信息：
- DOI：10.11959/j.issn.1000-436x.2024234
  CLC： TP315
- Received：21 October 2024，
  
  Published：30 November 2024
- 稿件说明：
移动端阅览
来天平,王永超,罗盘等.基于角色资源级别的权限控制模型的设计与应用研究[J].通信学报,2024,45(Z2):153-159.

LAI Tianping,WANG Yongchao,LUO Pan,et al.Research on the design and application of role-resource based access control model[J].Journal on Communications,2024,45(Z2):153-159.
来天平,王永超,罗盘等.基于角色资源级别的权限控制模型的设计与应用研究[J].通信学报,2024,45(Z2):153-159. DOI： 10.11959/j.issn.1000-436x.2024234.

LAI Tianping,WANG Yongchao,LUO Pan,et al.Research on the design and application of role-resource based access control model[J].Journal on Communications,2024,45(Z2):153-159. DOI： 10.11959/j.issn.1000-436x.2024234.

摘要

传统的基于角色的访问控制（RBAC）模型在权限管理中发挥着重要作用，但在Web应用中存在缺乏资源定义、权限爆炸和权限泄露等问题。为克服这些局限性并提高权限管理的精确性和灵活性，提出了一种基于角色资源级别的权限控制（R-RBAC）模型。该模型在RBAC基础上引入资源层次，将资源按级别划分，有效弥补了传统模型的不足。详细分析了传统RBAC模型在Web开发中的不足，讨论了R-RBAC模型的重要性，并阐述了新模型的设计。通过实际案例，展示了R-RBAC模型在权限管理方面的优势和应用前景。研究表明，R-RBAC模型不仅解决了角色定义爆炸的问题，实现了权限的动态配置和自动装配，还在权限审计和追踪方面表现出色，极大地方便了权限管理。深入探讨了基于角色资源级别的权限控制模型的设计和应用，展示了其在提高权限管理精确性和灵活性方面的重要意义。未来研究可以进一步优化R-RBAC模型，并探索其在其他领域中的应用。

Abstract

The traditional role-based access control (RBAC) model plays a crucial role in permission management but faces challenges in Web applications

such as lack of resource definition

permission explosion

and permission leakage. To overcome these limitations and enhance the precision and flexibility of permission management

a role-resource based access control (R-RBAC) model was proposed

which introduced resource hierarchy on top of RBAC

effectively addressing the shortcomings of the traditional model. A detailed analysis of the limitations of the traditional RBAC model in Web development was provided

the importance of the R-RBAC model was discussed

and the design of the new model was elaborated. Through practical case studies

the advantages and application prospects of the R-RBAC model in permission management were demonstrated. The research shows that the R-RBAC model not only resolves the issue of permission explosion by enabling dynamic configuration and automatic assembly of permissions but also excels in permission auditing and tracking

significantly facilitating permission management. This study delves into the design and practical application of the role-resource based access control model

highlighting its importance in improving the precision and flexibility of permission management. Future research can further optimize the R-RBAC model and explore its applications in other domains to achieve more efficient and secure permission management.

关键词

Keywords

references

SANDHU R S , COYNE E J , FEINSTEIN H L , et al . Role-based access control models [J ] . Computer , 1996 , 29 ( 2 ): 38 - 47 .

吴森焱 , 罗熹 , 王伟平 , 等 . 融合多种特征的恶意URL检测方法 [J ] . 软件学报 , 2021 , 32 ( 9 ): 2916 - 2934 .

WU S Y , LUO X , WANG W P , et al . Malicious URL detection based on multiple feature fusion [J ] . Journal of Software , 2021 , 32 ( 9 ): 2916 - 2934 .

蒋东兴 , 刘启新 , 郑叔亮 . 基于角色和活动的数字校园访问控制模型 [J ] . 大连海事大学学报 , 2010 , 36 ( 1 ): 132 - 134 .

JIANG D X , LIU Q X , ZHENG S L . Role and activity based digital campus access control model [J ] . Journal of Dalian Maritime University , 2010 , 36 ( 1 ): 132 - 134 .

COLE T B . Spring [J ] . The Journal of the American Medical Association , 2011 , 305 ( 11 ): 1066 .

罗作民 , 朱燕 , 张静颐 , 等 . 基于过滤器的垃圾Session数据清除器设计 [J ] . 计算机工程 , 2009 , 35 ( 24 ): 78 - 80 .

LUO Z M , ZHU Y , ZHANG J Y , et al . Design of rubbish session data eliminator based on filter [J ] . Computer Engineering , 2009 , 35 ( 24 ): 78 - 80 .

刘敖迪 , 杜学绘 , 王娜 , 等 . 基于访问控制日志的访问控制策略生成方法 [J ] . 电子与信息学报 , 2022 , 44 ( 1 ): 324 - 331 .

LIU A D , DU X H , WANG N , et al . Access control policy generation method based on access control logs [J ] . Journal of Electronics & Information Technology , 2022 , 44 ( 1 ): 324 - 331 .

Views

1171

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

Risk assessing and privacy-preserving scheme for privacy leakage in APP

Related Author

Xinyu WANG

Ben NIU

Fenghua LI

Kun HE

Related Institution

Institute of Information Engineering, Chinese Academy of Sciences

School of Cyber Security, University of Chinese Academy of Sciences

AI问答

⁰