Delegation is an important secure policy that RBAC should support. Most existing RBAC delegation models cannot effectively support fine delegation granularity and controllable propagation of permissions. To address that issue, this paper presents a function-based controllable delegation model ( FBCDM) with its formal definition and expression. The model provides flexible delegation granularity and also supports time constrains, mandatory constraints and fine-grained discretionary constraints, which ensure the constringency of delegation ability in multi-step delegations and controllability of delegation. In addition, the logged delegation process enhances the security of delegation.%委托是RBAC模型需要支持的重要安全策略.针对现有RBAC委托模型在支持细粒庹和权限传播可控性上存在的不足,提出一个基于功能的可控委托模型FBCDM,给出了模型的形式化定义和表示.该模型提供灵活的委托粒度、支持时间约束、强制委托约束和细粒度的自主委托约束,保证了多步委托过程中的收敛性和可控性.委托过程的日志记录增强了委托安全性.
展开▼