信息网络安全 ›› 2017, Vol. 17 ›› Issue (5): 74-79.doi: 10.3969/j.issn.1671-1122.2017.05.012

• • 上一篇    下一篇

安全性优化的RBAC访问控制模型

顾春华, 高远, 田秀霞   

  1. 上海电力学院计算机科学与技术学院,上海200082
  • 收稿日期:2017-02-01 出版日期:2017-05-20 发布日期:2020-05-12
  • 作者简介:

    作者简介: 顾春华(1970—), 男, 江苏,教授,博士,主要研究方向为电力信息安全、软件工程;高远(1993—), 男, 河南, 硕士研究生, 主要研究方向为电力信息安全、软件工程; 田秀霞(1976—), 女, 河南,教授,博士, 主要研究方向为数据库安全、隐私保护。

  • 基金资助:
    国家自然科学基金[61532012];上海市科委地方能力建设项目 [15110500700]

Security Optimized RBAC Access Control Model

Chunhua GU, Yuan GAO, Xiuxia TIAN   

  1. Institute of Computer Science and Technology, Shanghai University of Electric Power, Shanghai 200082, China
  • Received:2017-02-01 Online:2017-05-20 Published:2020-05-12

摘要:

基于角色的访问控制(RBAC,Role-Based Access Control)凭借其授权的灵活性以及模型的可靠性被电力信息系统广泛采用。但随着智能采集设备的日渐普及,电力系统规模的不断扩大,再加上电力信息系统较于传统信息系统对资源安全性要求更高,传统RBAC模型应用在电力信息系统中的安全问题(如权限滥用等)日益暴露。针对传统RBAC模型的不足,文章提出一种安全性优化的RBAC模型,引入了监察组SG(Supervise Group)概念以及重要权限监察、层级代理机制,并设计了SG的生成算法和优化模型的流程、伪代码。经实例验证,优化的算法有效地对敏感权限进行了合理的监察,在满足电力信息系统功能的同时加强了系统的安全性。

关键词: 基于角色的访问控制(RBAC), 信息安全, 电力信息系统, 权限监察

Abstract:

Role-Based Access Control(RBAC) have been adopted bythe electric power information system rely on its reliable security and flexibility of authorization. But due to the popularization and expansion of Intelligent acquisition equipment and the electrical powersystem, combined with the stricter security requirement of electrical informationsystem, the security issues exposed when the traditional RBAC model be applied to the electric power information system. This paper put forward a kind of safety optimized RBAC model. In this model, we import the concept of SG(Supervise Group) and the machine-made of the supervision of sensitive permission to expand the traditional RBAC in safety field. In this paper,the generating algorithm of SG and the pseudo code, flow chart of the optimized model is also be given.An example is given to show that the proposed algorithm can effectively supervise the sensitive permission and enhance the security of the electric power information system while satis-fying the function of it.

Key words: role-based access control(RBAC), information security, electric power information system, permission supervise

中图分类号: