基於角色與屬性的存取控制系統之泛型化策略規範模式

Abstract

在本論文中，介紹了一個基於角色與屬性的存取控制之泛型化策略規範模式。這個規範模式中，在傳統角色模組裡加進了參數和次型別的多型性，並添加物件角色， 以及一個彈性的指定存取控制策略的主體和對象角色之間關聯機制。配合型別檢查的功能，這個規範可以容易的在撰寫策略時檢查錯誤。我們還定義了一個支持泛型 編程的宣告式語言。此規範允許我們使用有彈性、有效率、可驗證、可重複利用的方式來設計安全策略

This work introduces a generic paradigm for specifying attribute enriched RBAC security policies. Our paradigm has enriched the conventional role model with parameterized and subtype polymorphism and added object roles entity as well as flexible associations between subject and object roles as the mechanism to specify access control policies. With the support of type checking this paradigm can easily verify some errors while writing policy. We have also defined a declarative language with the support of generic programming. Paradigm allows designing security policies in a more flexible, efficient, verifiable, reusable way