In distributed systems, the user's identity is uncertain, the access platform is complex, and the network environment is changeable. The traditional simplex access control model such as role-based or identity-based access control model can not well meet the requirements. It combines the advantage of Role-based Access Control(RBAC) and Trust Management?, extends the traditional RBAC model with the notion of trust and context, performs a multidimensional measurement on user's identity, access platform and user's behavior, considering the security of user's platform and the dynamic uncertainty of the network environment, promotes a new access control model called MCBAC. It is according to user's identity information and trust degree assign roles. It realizes dynamic role authorization control. It has good security and flexibility.%在分布式系统中,用户身份难以确定、接入平台复杂,且网络环境动态多变,传统的基于角色或身份的访问控制模型已无法满足用户需求.为此,结合基于角色访问控制(RBAC)和信任管理(TM)的特点,在RBAC的基础上,引入信任与上下文的概念,对用户身份、接入平台及用户行为进行多维度量,根据网络环境和用户状态的动态多变性,提出一种基于多维度量和上下文的访问控制模型(MCBAC),该模型主要依据用户的身份信息和可信度分配角色,通过上下文约束,实现动态角色授权控制,具有较高的安全性及较好的灵活性.
展开▼