计算机与现代化

• 信息安全 • 上一篇    下一篇

一种基于多维信任度的动态RBAC模型

  

  1. (南京航空航天大学计算机科学与技术学院,江苏南京210016)
  • 收稿日期:2015-01-15 出版日期:2015-06-16 发布日期:2015-06-18
  • 作者简介:叶重阳(1989-),男,重庆人,南京航空航天大学计算机科学与技术学院硕士研究生,研究方向:信息安全; 庄毅(1956-),女,江苏南京人,教授,博士生导师,研究方向:计算机网络,并行与分布计算,信息安全。
  • 基金资助:
    国家自然科学基金青年科学基金资助项目(61202351); 江苏省普通高校研究生科研创新计划项目(CXZZ13_0171)

 A Dynamic RBAC Model Based on Multidimensional Trust

  1.  (College of Computer Science and Technology, Nanjing University of Aeronautics and
    Astronautics, Nanjing 210016, China)
  • Received:2015-01-15 Online:2015-06-16 Published:2015-06-18

摘要:

基于角色的访问控制技术是一种广泛使用的授权方式,传统或改进的RBAC模型在加入信任机制的授权方面没有考虑信任度的时间特性问题,并且只将信任指标简单加权得出全局信任,这种算法考虑问题单一,不能很好地反映权限动态授予的灵活度。针对此问题,本文提出一种基于多维信任度的动态RBAC模型(MDTRBAC),该模型在角色管理模型ARBAC97的基础上进行扩展,引入时间特性因素,改进现有的信任度计算方式,综合计算用户的多种信任特征,实现灵活、动态的授权机制。仿真实验结果表明,MDTRBAC在遏制恶意节点攻击的有效性较已有的信任模型有很大的提高。

关键词: 授权方式, 访问控制, 多维信任度, 时间特性

Abstract: Rolebased access control technology has been a widely used authorization method since it was proposed. At the aspect of authorization with trust mechanism, the time characteristic problem is not considered in traditional or improved RBAC model. And the global trust is obtained by simply weighting the trust indicator. This kind of algorithm thinks about problem too simply and can’t well reflect the flexibility of dynamic permission. Aiming at this problem, a dynamic RBAC model based on multidimensional trust is proposed, which is an extension of role management model ARBAC97. The model introduces time characteristic factors to improve the existing calculation method of trust. Besides, it synthetically computes a variety of trust characteristics of users, so as to fulfil flexible and dynamic authorization mechanism. The simulation experiments show that for MDTRBAC the effectiveness of preventing malicious nodes from attacking is superior to the existing models.

中图分类号: