| The access control technology is in the modern network information security one of most important security technologies, in order to adapt profession safe access control and so on electronic commerce, electronic government affairs, enterprise information demands, This article proposed in view of B/S access structure privilege management model-Privilege Management for B/S Access Control Framework (PM4BS Framework). This model unified the discretionary access control easy to be authorized and easy to manage the privilege aspect in the fast production privilege menu aspect and based on the role access control the merit. This model has following characteristic:1)Using DAC took the user visit privilege the foundation, and realizes DAC by the power energy chain way.2) In user privilege control, in order to speed up the visit speed, simultaneously reduces the power energy chain the length, has introduced the user group and the privilege"the territory", and realizes privilege territory inheriting.3)Has introduced"the negative privilege"to the discretionary access control mechanism in, and has given the privilege conflict solution mechanism.4) Proposed the limited privilege mechanism. In the user privilege control, inherits the way realization by the privilege territory which the limited privilege inherits; In based on the role authorization strategy in, limited privilege inheriting inherits the way realization by the role. Simultaneously has given the concrete method which the privilege territory and the role inherit.5) Has differentiated the control privilege and the visit privilege, the refinement access control granularity, has given the concrete privilege retrieval mechanism.6)In based on in role authorized strategy, in order to reduce authorized the order of complexity and the privilege redundancy, has given the role definition principle, for the role assignment privilege principle, for the user and for the user component supporting role color basic principle, proposed take the user group as the authorized center main body authorized pattern.7)Proposed in the privilege cancellation aspect low complex role non-connection deletion algorithm, in cancellation privilege time, is not the direct deletion role, but... |
PDF Full Text Request