自主访问控制

传统的访问控制技术，如自主访问控制，基于角色的访问控制等都是在单一安全域内基于系统已知的用户访问系统，无法适用于多域环境。

The traditional access control technologies , such as DAC , RBAC , are all within a single secure domain and it cannot suitable for multi-domain environment .

对基于访问控制表的自主访问控制机制的设计和实现进行了研究。

Design and implementation of DAC mechanism based on ACL is researched .

第一级是传统的自主访问控制（DiscretionaryAccessControl，DAC）。

The first level is the traditional Discretionary Access Control ( DAC ) .

带时间特性的自主访问控制政策及其在Linux上的设计与实现

Design and implementation of discretionary access control policy with time character on Linux

Linux内核只提供了经典的UNIX自主访问控制。

Linux kernel only provides classical Unix discretionary access control .

自主访问控制机制（discretionaryaccesscontrol）是安全操作系统必不可少的、应用最广泛的安全机制之一。

Discretionary Access Control ( DAC ) is one of necessary and most common secure mechanisms in the secure operating system .

细粒度的自主访问控制是操作系统安全增强方法中经常采用的技术，访问控制列表（ACL）是其中最主要且流行的技术。

ACL is main and popular technique of it .

它比强制访问控制（MAC）和自主访问控制（DAC）更适用于非军事的数据处理。

It is appropriate for industry and civilian government than Mandatory Access Control and Discretionary Access Control .

但在安全性方面，Linux内核只提供了经典的UNIX自主访问控制，以及部分支持POSIX。

Because Linux system only provides classical discretionary access control ( DAC ) of Unix and partially supports capabilities security mechanism of POSIX .

本论文主要在文件访问控制和特权管理这两方面对Linux的安全性进行增强，即实现了细粒度的自主访问控制、强制访问控制、以及最小特权管理。

This paper enhances the Linux operating system security mainly by finest granularity Discretionary Access Control ( DAC ), Mandatory access control ( MAC ) and Least Privilege Management .

常见的访问控制方式有：自主访问控制（DAC）和强制访问控制（MAC）以及基于角色的访问控制（RBAC）。

Access control models include : conventional discretionary access control ( DAC ), mandatory access control ( MAC ) and role-based access control ( RBAC ) .

传统的自主访问控制（DAC）和强制访问控制（MAC）由于使用的局限性，已经不能满足现代应用系统对安全性的要求。

Traditional discretionary access control ( DAC ) and mandatory access control ( MAC ) due to the use of limitations , they can no longer meet modern requirements for safety .

基于访问控制表（ACL）的细粒度自主访问控制机制可以实现针对单个用户或用户组的访问授权，但是在实际使用中可能造成不适当授权或权限撤销不及时的缺陷。

Fine-granularity discretionary access control based on Access Control List ( ACL ) may grant authority to one user or group , but it may grant unapt authority or remove authority not timely .

基于角色的访问控制（RBAC）具有角色层次、最小特权和权限分离等重要特性，与自主访问控制（DAC）和强制访问控制（MAC）相比，更加适合多域环境下的访问控制应用。

Compared with Discretionary Access Control ( DAC ) and Mandatory Access Control ( MAC ), Role-based access control ( RBAC ) with Role Hierarchy , Least Privilege , Separation of Duty and other important characteristics , is more suitable for access control applications in multi-domain environment .

安全操作系统自主访问控制机制的研究与实现

Research and Implementation of Discretionary Access Control Mechanism in Secure Operating System

相比自主访问控制，强制访问控制提供了更高的安全性。

Mandatory access control can provide better security than discretionary access control .

标识与鉴别保证只有合法的用户才能访问系统资源；自主访问控制允许用户对于属于自己的客体可以按照自己的意愿，允许或禁止其他用户访问；

Identity Authentication ensures that only the legal user can access system resource ;

设计了自主访问控制整体框架和安全检查策略。

Fourth , design the whole Access Check strategy and the DAC frame .

一种增强自主访问控制安全性的方案

A Safety Strengthening Scheme for Discretionary Access Control System

面向用户角色的细粒度自主访问控制机制

Fine-granularity discretionary access control based on user 's role

高安全级别可信数据库系统的自主访问控制机制设计中若干问题及其解决方法

The Design and Realization Methods of the High Level Trusted DBMS 's DAC Machanism

在系统中实施上述自主访问控制机制，实现了用户权限控制。

The DAC above is implemented in MDF , which realizes user privilege control .

基于周期时间限制的自主访问控制委托模型

A Delegation Model for Periodicity Constraints-Based DAC

分析比较了自主访问控制、强制访问控制和基于角色访问控制三种不同的访问控制策略的优缺点；

Compare the advantages and disadvantages of 3 different access control strategy : DAC , MAC and RBAC .

传统的访问控制技术分为自主访问控制技术、强制访问技术和基于角色的访问控制技术。

Traditional access control technology is divided into discretionary access control , mandatory access control and role-based access control .

在通用数据库的某些特殊应用场合，仅仅使用自主访问控制或强制访问控制都不能完全满足特殊应用的需求，如何在通常的访问控制模型下解决此类问题一直是一个待深入研究的领域。

In some peculiar application occasions of database , neither DAC nor MAC could meet the requirement of special applications .

在信息系统安全机制中，访问控制是一项重要的机制，有着许多重要的应用。本文系统介绍了三种访问控制策略：强制访问控制、自主访问控制和基于角色的访问控制。

This thesis introduces three kinds of access control strategies : mandatory access control , discretionary access control and role-Based access control .

将系统时间看成一个基本的安全要素，提出了带时间特性的自主访问控制政策DAC-T，并将之形式化。

Regarding the system time as a basic security element , DAC_T ( Discretionary Access Control Policy with Time Character ) was proposed and formalized .

介绍了自主访问控制、强制访问控制和基于角色的访问控制三种主流的访问控制策略，并进行了对比分析。

This paper presents three mainstream access control strategies : discretionary access control , mandatory access control and role-based access control , and compares with each other .

从保密性和完整性的角度分析了用户普遍使用的、建立在自主访问控制机制上的、应用在高安全等级操作系统上运行所面临的安全问题，提出了一种面向应用类的安全策略。

This article analyzes the security problem of discretional access control operating system application running on mandatory access control operating system and puts forward a kind of security policy oriented application .