在使用控制(UCON)模型的基础上纳入角色管理和任务管理的思想,进行约束扩展,构建了一个基于角色和任务的数据库使用控制授权模型RTB-UCON,允许在数据库资源使用前、使用中、使用后对授权规则、义务、条件和约束等限制进行判断,并根据主体活动更新主体和/或客体属性,实现决策的连续性和属性的可变性.同时,角色实现了用户管理的灵活性,任务实现了权限分配的动态性,约束有效避免角色和任务等冲突的产生.最后,通过应用实例分析,说明了模型的可行性.%On the basis of usage control (UCON) model, the idea of the role and task management is adopted. A database usage control model named RTB-UCON with constraint extended, is constructed based on role and task. According to the judgment of authorization rule, obligation, condition and constraint, before usage, during usage or after usage, the usage decision can be made or updated, and attributes of subjects and/or objects are allowed to vary, which settle the problems of continuity of decisions and mutability of attributes. Role is employed to realize the flexibility of user management and the task is used to manage the permissions dynamically. Moreover, the role conflict and task conflict are avoided by constraint. At last, analysis of an application is provided to proof the feasibility of RTB-UCON.
展开▼
