• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文期刊>Concurrency, practice and experience >Specifying and enforcing the principle of least privilege in role-based access control
【24h】

Specifying and enforcing the principle of least privilege in role-based access control

机译:在基于角色的访问控制中指定和执行最小特权原则

获取原文
获取原文并翻译 | 示例
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

The principle of least privilege in role-based access control is an important area of research. There are two crucial issues related to it: the specification and the enforcement. We believe that the existing least privilege specification schemes are not comprehensive enough and few of the enforcement methods are likely to scale well. In this paper, we formally define the basic principle of least privilege problem and present different variations, called the 5-approx principle of least privilege problem and the minimizing-approx principle of least privilege problem. Since there may be more than one result to enforce the same principle of least privilege, we introduce the notation about weights of permissions and roles to optimize the results. Then we prove that all least privilege problems are NP-complete. As an important contribution of the paper, we show that the principle of least privilege problem can be reduced to minimal cost set covering (MCSC) problem. We can borrow the existing solutions of MCSC to solve the principle of least privilege problems. Finally, different algorithms are designed to solve the proposed least privilege problems. Experiments on performance study prove the superiority of our algorithms.
机译:基于角色的访问控制中的最小特权原则是重要的研究领域。与之相关的两个关键问题是:规范和实施。我们认为,现有的最低特权规范方案不够全面,很少有实施方法可以很好地扩展。在本文中,我们正式定义了最小特权问题的基本原理,并给出了不同的变化形式,分别称为最小特权问题的5近似原理和最小特权问题的最小化近似原理。由于可能会有一个以上的结果来执行相同的最低特权原则,因此我们引入了有关权限和角色权重的符号,以优化结果。然后,我们证明所有最小特权问题都是NP完全的。作为本文的重要贡献,我们证明了最小特权问题的原理可以简化为最小成本集覆盖(MCSC)问题。我们可以借用MCSC的现有解决方案来解决最小特权问题的原理。最后,设计了不同的算法来解决所提出的最小特权问题。性能研究实验证明了我们算法的优越性。

著录项

  • 来源
    《Concurrency, practice and experience》 |2011年第12期|p.1313-1331|共19页
  • 作者

    Xiaopu Ma; Ruixuan Li; Zhengding Lu; Jianfeng Lu; Meng Dong;

  • 作者单位

    College of Computer Science and Technology, Huazhong University of Science and Technology,Wuhan 430074, Hubei, People's Republic of China,College of Computer and Information Technology, Nanyang Normal University,Nanyang 473061, Henan, People's Republic of China;

    College of Computer Science and Technology, Huazhong University of Science and Technology,Wuhan 430074, Hubei, People's Republic of China;

    College of Computer Science and Technology, Huazhong University of Science and Technology,Wuhan 430074, Hubei, People's Republic of China;

    College of Computer Science and Technology, Huazhong University of Science and Technology,Wuhan 430074, Hubei, People's Republic of China;

    College of Computer Science and Technology, Huazhong University of Science and Technology,Wuhan 430074, Hubei, People's Republic of China;

  • 收录信息
  • 原文格式 PDF
  • 正文语种 eng
  • 中图分类
  • 关键词

    role-based access control; principle of least privilege; weight; enforcement;

    机译:基于角色的访问控制;最小特权原则;重量;强制执行;

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号