發(fā)布時(shí)間：2018-04-27 00:29

  本文選題：訪問控制 + 科研項(xiàng)目管理�。� 參考：《廣東工業(yè)大學(xué)》2015年碩士論文

【摘要】：當(dāng)前云計(jì)算不斷興起,其中SaaS模式的提出和應(yīng)用解決了傳統(tǒng)科研項(xiàng)目管理系統(tǒng)中“一對(duì)一”的服務(wù)模式。但是如何在保證靈活性、安全性的前提下,實(shí)現(xiàn)SaaS供應(yīng)商和租戶之間以及系統(tǒng)內(nèi)部的訪問控制也就成了新的問題。本文提出了將科研項(xiàng)目管理系統(tǒng)與SaaS服務(wù)模式結(jié)合,建立了基于任務(wù)和角色的訪問控制模型,以提升系統(tǒng)管控的靈活性。本文首先對(duì)SaaS模式下的科研項(xiàng)目管理系統(tǒng)進(jìn)行了詳細(xì)的訪問控制特性分析,闡述了其系統(tǒng)具有大業(yè)務(wù)量,且需要自行靈活配置的特點(diǎn),導(dǎo)致權(quán)限分配控制過度復(fù)雜化,很容易引起權(quán)限管理的不一致,產(chǎn)生沖突。然后針對(duì)SaaS模式下科研項(xiàng)目管理系統(tǒng)的訪問控制提出一種改進(jìn)的基于任務(wù)與角色的訪問控制模型,并命名為SRP-TRBAC。此模型保留了TRBAC模型動(dòng)態(tài)授權(quán)的優(yōu)點(diǎn),并且解決了與SaaS之間的跨越判斷問題,也在一定程度上解決了系統(tǒng)訪問控制過程的安全性問題。本文著重針對(duì)SaaS模式下的科研項(xiàng)目管理系統(tǒng)的訪問控制提出的SRP-TRBAC模型進(jìn)行研究。該模型在傳統(tǒng)的基于任務(wù)與角色的訪問控制的基礎(chǔ)上進(jìn)行改進(jìn),首先通過SaaS約束來判斷并約束用戶的最初權(quán)限,使得SaaS軟件供應(yīng)商能夠動(dòng)態(tài)控制租戶租賃服務(wù)所對(duì)應(yīng)的權(quán)限。然后將模型中的任務(wù)設(shè)定時(shí)間約束和優(yōu)先級(jí)的屬性,時(shí)間約束規(guī)則使權(quán)限隨著任務(wù)的激活或撤銷而產(chǎn)生或失效,解決了用戶擁有權(quán)限時(shí)間過長而可能實(shí)施非法操作以此影響系統(tǒng)安全性的問題。任務(wù)優(yōu)先級(jí)則是在某用戶同時(shí)接受到不同任務(wù)時(shí)根據(jù)任務(wù)優(yōu)先級(jí)別來決定處理順序,解決了突發(fā)性的任務(wù)調(diào)度問題。另外為防止SaaS供應(yīng)商的超級(jí)管理員與科研項(xiàng)目管理系統(tǒng)的超級(jí)管理員權(quán)限過大而造成的潛在安全問題,模型中將角色進(jìn)一步擴(kuò)展,除了超級(jí)管理員之外,增加審計(jì)員和安全員,形成三權(quán)分立,實(shí)現(xiàn)相互制約。此模型的訪問控制規(guī)則鏈由最小權(quán)限規(guī)則、特權(quán)分離規(guī)則、時(shí)間約束規(guī)則、職責(zé)分離約束規(guī)則組成,限定了權(quán)限的使用范圍,也保證了系統(tǒng)的安全性,還靈活的實(shí)現(xiàn)了系統(tǒng)的動(dòng)態(tài)授權(quán)。該模型將“角色”以及“任務(wù)”同時(shí)放到訪問控制模型中心,采用了靜態(tài)職責(zé)分離與動(dòng)態(tài)職責(zé)分離相結(jié)合的方式對(duì)指派過程進(jìn)行分析與檢測,并且消除沖突的實(shí)體。在保證靈活性的同時(shí),準(zhǔn)確的實(shí)現(xiàn)權(quán)限分配。應(yīng)用結(jié)果表明,系統(tǒng)具有良好的流程配置過程和訪問控制方式。該改進(jìn)模型整體提高了科研項(xiàng)目管理系統(tǒng)的效率、靈活性以及安全性,能夠較好的實(shí)現(xiàn)按需服務(wù)。
[Abstract]:At present, cloud computing is on the rise, in which SaaS mode is proposed and applied to solve the "one-to-one" service mode in traditional scientific research project management system. However, how to achieve access control between SaaS providers and tenants and within the system becomes a new problem under the premise of ensuring flexibility and security. In this paper, an access control model based on task and role is established by combining the scientific research project management system with the SaaS service model to enhance the flexibility of system control. In this paper, the characteristics of access control of scientific research project management system in SaaS mode are analyzed in detail, and the characteristics that the system has a large volume of business and needs to be configured flexibly, which leads to the excessive complexity of the control of authority allocation. It is easy to cause inconsistency in privilege management and conflict. Then an improved task and role-based access control model is proposed for the access control of scientific research project management system in SaaS mode, and it is named SRP-TRBAC. This model preserves the advantages of dynamic authorization of TRBAC model, solves the problem of leapfrogging judgment with SaaS, and to some extent solves the security problem of system access control process. This paper focuses on the SRP-TRBAC model of access control of scientific research project management system based on SaaS mode. The model is improved on the basis of traditional task- and role-based access control. Firstly, SaaS constraints are used to judge and restrict the initial permissions of users, which enables SaaS software providers to dynamically control the privileges corresponding to tenant rental services. Then, the tasks in the model are set the attributes of time constraint and priority, and the time constraint rule causes permissions to be generated or invalidated with the activation or revocation of the task. It solves the problem that the user has long permission and may carry out illegal operation to affect the security of the system. Task priority is to decide the processing order according to the task priority level when a user receives different tasks at the same time, which solves the sudden task scheduling problem. In addition, in order to prevent the potential security problems caused by the super administrator of the SaaS supplier and the super administrator of the research project management system, the role in the model is further expanded, in addition to the super administrator, the auditor and the warden are added. The formation of the separation of powers, the realization of mutual constraints. The access control rule chain of this model consists of minimum privilege rule, privilege separation rule, time constraint rule and duty separation constraint rule, which limits the scope of use of authority and ensures the security of the system. It also flexibly realizes the dynamic authorization of the system. The model puts "role" and "task" in the center of access control model at the same time, analyzes and detects the assignment process by combining static separation of duties with dynamic separation of duties, and eliminates conflicting entities. At the same time to ensure flexibility, the accurate implementation of authority allocation. The application results show that the system has a good process of process configuration and access control. The improved model can improve the efficiency, flexibility and security of the scientific research project management system.
【學(xué)位授予單位】：廣東工業(yè)大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2015
【分類號(hào)】：TP311.52

【相似文獻(xiàn)】

相關(guān)期刊論文 前10條

1 彭燕;王永生;;中小企業(yè)會(huì)計(jì)信息化建設(shè)的現(xiàn)實(shí)選擇——SaaS在線會(huì)計(jì)[J];財(cái)會(huì)月刊;2008年26期

2 張妙;;西平財(cái)富村鎮(zhèn)銀行探路SaaS服務(wù)——訪西平財(cái)富村鎮(zhèn)銀行行長陳輝[J];金融科技時(shí)代;2011年02期

3 楊建新;;SAAS現(xiàn)狀分析與前景展望[J];軟件導(dǎo)刊;2012年01期

4 張人杰;廖汗成;康海波;;軟件企業(yè)SaaS商業(yè)模式的研究[J];湖南科技學(xué)院學(xué)報(bào);2012年08期

5 李璐;;SaaS全球發(fā)展加速跑 安全隱憂苗頭出現(xiàn)[J];通信世界;2013年26期

6 歐陽t，

本文編號(hào)：1808388