中文摘要：

提出了RBMAC模型,将BLP、BIBA和RBAC融合.RBMAC模型以组织机构的层次化结构描述信息类别和用户角色,以文件处理过程的关键节点描述完整性级别,引入可信主体、任务、角色扮演者和角色聘请的概念,满足重要信息系统的访问控制需求.文中给出了RBMAC模型的形式化描述和安全性定理,提出了模型预定义、任务分配、角色聘请和安全级别匹配4个阶段的操作模式.模型以可信主体调整文件保密级别、完整性级别和信息类别,与重要信息系统的管理运行模式一致,经实际系统试验证明,具有较高的实用性.

英文摘要：

A new Role-based Mandatory Access Control（RBMAC） model which combine BLP,BIBA and RBAC models is proposed.The model describes hierarchical organization structure as information categories and user＇s roles,define most critical links of file treatment as integral classification and clearance.We also apply some concepts as trusted subject,task,invite role and actor in order to satisfy access control request from important information systems.The formal definition,theorem systems and operation rules of RBMAC model are illustrated in this paper.Trusted subject is responsible for change confidential classification and integral classification and categories in RBMAC model,whose methodology is same as actual works.The experiment shows that RBMAC model is flexible and efficient.