In order to satisfy flexibility and dynamic of access control policy, an access control model based on attribute and role CACBAR) which is suitable for Web resources is proposed. The elements, relationship and rules of ACBAR are formally defined. An instance is discussed based on the model, giving the related access control policy. The security performance, and application complexity of the model is analyzed. Analysis implies that the model can satisfy least privilege, separation of duty principles, and reduce the complexity of role management to RBAC. The ACBAR can well satisfy the demand of dynamic, flexible access control for Web resources.%针对Web资源访问控制对访问控制策略灵活性、动态性以及权限管理便捷性的需求,提出一种基于属性和角色的访问控制模型ACBAR,对模型中的元素、关系及规则进行了形式化定义.给出了ACBAR模型的应用实例及相关访问控制策略,并对模型的安全性和应用复杂度进行了分析.ACBAR模型在遵循最小特权和职责分离等安全原则的基础上,相对于RBAC模型有效降低了角色管理的复杂度,支持灵活、动态的Web资源访问控制策略.
展开▼
