In trusted domain, the large number of subjects, many types of objects, complex and volatile environment all challenge traditional access control. Traditional access control policy is not flexible enough and is difficult to achieve fine-grained permissions. To address the problems above, a dynamic and fine-grained access control method is proposed. The method is based on RBAC model but increases the constraint condition. During its implementation the PEP fine-grained component is increased at policy execution point PEP. The method reflects the dynamic and fine-grained properties of the access process, meets the dynamic and fine-grained access control requirement in trusted domain.%信任域下主客体数量庞大、种类丰富、环境复杂易变,对传统的访问控制提出了挑战.针对传统的访问控制策略不够灵活,无法实现细粒度权限的问题,提出了一种信任域内的动态细粒度访问控制方法.该方法基于RBAC模型增加了条件约束,实施时在策略执行点PEP增加了PEP细粒度组件,体现了访问过程中细粒性和动态性,满足了信任域内的动态细粒度访问控制要求.
展开▼
