基于角色的访问控制研究综述

陈阵; 蒋建民; 郭继文; 陈华林; 洪中

引用本文：

陈阵,蒋建民,郭继文,陈华林,洪中.基于角色的访问控制研究综述[J].信息安全学报,已采用 [点击复制]
Chen Zhen,Jiang Jian-Min,Guo Ji-Wen,Chen Hua-Lin,Hong Zhong.Survey on Role-Based Access Control[J].Journal of Cyber Security,Accept [点击复制]

本文已被：浏览 12次下载 0次
基于角色的访问控制研究综述
陈阵¹, 蒋建民¹, 郭继文¹, 陈华林¹, 洪中²
0 字体:加大+\|默认\|缩小-
(1.成都信息工程大学;2.福建师范大学)

摘要:

在大型网络系统中，权限管理的复杂性始终是最具挑战的问题之一。基于角色的访问控制(Role-based access control, RBAC)模型凭借其简易性、灵活性以及可管理性，已成为高级权限管理的核心技术，并被广泛应用于企业信息系统、云计算平台和物联网(IoT)等诸多领域。近年来，随着访问控制需求的不断增长，学术界与工业界围绕RBAC模型开展了大量研究，本文就此在系统梳理现有成果的基础上，围绕RBAC模型的研究现状及发展趋势展开了深入分析。本文首先从理论角度回顾了RBAC模型的基本结构与核心机制，详细梳理了其演化过程与主要特性，帮助读者清晰理解内在原理。在此基础上，着重探讨了RBAC模型涉及的安全策略以及相应的分析技术，并对其不同表达方法进行了系统分类，这些方法涵盖从半形式化到形式化的多种建模技术。接下来，本文重点分析了RBAC模型在复杂系统中的应用局限性，尤其是在动态权限管理、上下文感知、跨域合规及智能化演进等方面面临的诸多挑战。最后，本文结合人工智能及区块链等新兴技术的发展，对RBAC模型未来在智能化、自适应性及可解释性访问控制方向上的潜力进行了展望，为构建以RBAC模型为核心的安全、可信且高效的访问控制框架提供理论依据与技术指导。

关键词: RBAC 权限管理安全策略访问控制

DOI：

投稿时间：2025-04-24修订日期：2025-06-24

基金项目:科技部重点研发计划(No:2022YFB3305101)，国家自然科学基金(No:61772004)，成都信息工程大学人才科研基金(No:KYTZ202009)

Survey on Role-Based Access Control

Chen Zhen¹, Jiang Jian-Min¹, Guo Ji-Wen¹, Chen Hua-Lin¹, Hong Zhong²

(1.Chengdu University of Information Engineering;2.Fujian Normal University)

Abstract:

The complexity of privilege management is always one of the most challenging issues in large-scale network systems. Role-based access control (RBAC) model has become the core technology of advanced privilege management by virtue of its simplicity, flexibility, and manageability, and has been widely used in enterprise information systems, cloud computing platforms, and the Internet of Things (IoT), etc. In recent years, with the growing demand for access control, a lot of research has been carried out in academia and industry around the RBAC model. In recent years, with the growing demand for access control, academia and industry have carried out a large number of studies around the RBAC model. In this paper, based on the systematic combing of the existing results, we analyze the current status and development trend of the RBAC model in depth. In this paper, we firstly review the basic structure and core mechanism of RBAC model from the theoretical point of view, and we also analyze its evolution process and main features in detail, so as to help the readers understand its inner principle clearly. On this basis, the paper focuses on the security policies involved in the RBAC model and the corresponding analysis techniques, and systematically classifies the different expression methods, which cover a wide range of modeling techniques from semi-formal to formal. Next, this paper focuses on the limitations of the RBAC model in complex systems, especially the challenges it faces in dynamic privilege management, context-awareness, cross-domain compliance, and intelligent evolution. Finally, combining with the development of artificial intelligence and blockchain and other emerging technologies, this paper looks forward to the future potential of the RBAC model in the direction of intelligent, adaptive and interpretable access control, and provides theoretical basis and technical guidance for the construction of a secure, trustworthy and efficient access control framework centered on the RBAC model.

Key words: RBAC Privilege Management Security Policy Access Control