论文部分内容阅读
约束是访问控制中的重要因素,它通过限制客体的敏感组合集中于相似主体来达到防止商业欺骗或错误的目的。但是传统访问控制约束缺乏灵活性。为了提高约束的灵活性,首先分析访问控制中的主体与客体各自内部之间潜在的关系以及它们相互之间的关系,并提出相似主体组的概念,在此基础上提出修正的访问控制约束。其次进行主体访问客体的实验,结果表明提出的约束是可行和灵活的。修正的约束除了具有传统访问控制约束的功能外,还能有效防止相似主体共谋攻击系统。
Constraints are important factors in access control. They achieve the purpose of preventing commercial fraud or mistakes by restricting the sensitive combinations of objects to similar entities. However, traditional access control constraints lack flexibility. In order to improve the flexibility of constraint, we first analyze the potential relationship between the subject and object in the access control and the relationship between them, and then propose the concept of the similar subject group, and propose the modified access control constraints. Secondly, the experiment of the subject visiting object shows that the proposed constraint is feasible and flexible. In addition to the functions of the traditional access control constraints, the modified constraints can effectively prevent similar entities from conspiring to attack the system.