中文摘要：

RBAC模型通过角色的概念实现了用户和权限的分离，然而在角色继承和权限分配时可能会引发策略冲突．策略冲突可能会导致资源的非授权访问，进而影响系统的安全性．为了检测RBAC模型中的策略冲突，本文首先对策略冲突进行了分类，提出了基于着色Petri网的RBAC策略冲突检测方法，将RBAC模型转化为着色Petri网模型，利用冲突陷阱进行检测．进而设计实现了RBAC策略冲突检测原型系统CPNPCDS，说明了模型的可终结性，并在检测策略冲突的种类与运行效率上与其它经典方法做了对比．实验结果表明本方法可以有效地检测出授权冲突、职责分离冲突、用户基数冲突等三种策略冲突，并能取得较高的运行效率．

英文摘要：

The RBAC model separates user with permission by introducing the role concept, however, the policy conflicts could occur in the process of role inheritance and permission authorization. Policy conflicts could lead to unauthorized access to resources which impacts the system security. In order to detect policy conflicts in the RBAC model, we classified the policy conflicts and proposed a conflict detection method for RBAC policies based on colored petri net which first converts RBAC model to the colored petri net mod-el then check it with the conflict traps. We implemented a prototype system named CPNPCDS, explained the model can end up in limited time and compared it with another method in conflict categories and time efficiency. The result of experiment indicated that this method could detect three kinds of policy conflicts effectively and provide a reasonable time efficiency.