为了解决多级环境中敏感资源的安全性问题,提出了多级环境下基于角色和本体的访问控制方法.通过使用本体等语义技术,构造了一个结合基于角色的访问控制和Bell-LaPadula (BLP)模型的访问控制模型.根据角色的继承关系推导用户及资源之间安全级别的高低关系,在为角色指派权限时按照BLP模型进行授权的限制.实验表明,该方法在保证多级安全特性的前提下实现了用户权限的自动分配,消除了角色权限继承带来的安全隐患,为多级环境下的访问控制提供了一种新的思路.%To address the problem of protecting key resources in multi-level environment,a role and ontology based access control method is proposed.A model which combines the Role Based Access Control (RBAC) model and the Bell-LaPadula (BLP) model is constructed by exploiting semantic technology.Based on the role hierarchy,relationship between users and resources can be inferred.When a privilege is granted to some role,security properties of the BLP model should be met.The method is proved to be effective to automatically assign privilege to different roles and guarantee multi-level security at the same time,security risks caused by privilege inheritance is diminished.The study offered a new method to solve access control problems in multilevel environment.
展开▼
