access controlsubjectobject
AEFADF
coarse grainedmedium grainedfine grained
2070
123412JohnOwnRWOwnRWInquiryCreditAliceROwnRWWRInquiryDebitInquiryCredit
BobR
WROwnRWInquiryDebit
capability listprofiles listpassword
JohnAliceBob
1OwnRW
3OwnRW
1OwnRW
3OwnRW
1OwnRW
3OwnRW
1OwnRW
3OwnRW
1OwnRW
access control listACL
2314
AliceOwnRW
BobR
JohnOwnRW
AliceOwnRW
AliceR
BobOwnRW
JohnOwnRW
AliceR
BobRW
HRUTAMATAM
BLPBiba
so(s)(o)*-so(s)(o)*-*-
TSSCUTSR/WWWWSRR/WWWCRRR/WWURRWR/W
BibaBLPBibaso(s) (o)*-so(s)(o)
TSSCUTSR/WRRRSWR/WRRCWWR/WRUWWWR/W
RBAC202090NISTRBACDACMAC RBAC
RBAC
NISTRBACRBACRBAC4RBACRBAC 5usersrolesOBSOPSPRMSRBACsession
UsersrolesOPSOBSUAusersrolesAssigned_users:(r:roles)2usersrAssigned_users(r)={u users|(u,r) UA}.PRMS=2(OPS OBS)PAPRMSrolesSessionsUser_sessionsuSession_rolessAvail_session_permss
RBACRBACRBAC2001(static separation of duty relations , SSD)/RBAC2001UAUASSD1
dynamic separation of duty relations , DSDDSD
rbac*RBACRBAC*RBACRBAC*ABA*SSDrole_set,nn*SSDDSD.DSDrole_set,nn*
Top Related