本文選題：Web安全　切入點(diǎn)：訪問控制　出處：《南昌大學(xué)》2014年碩士論文

【摘要】：本文設(shè)計(jì)了一種基于SAML體系的Web系統(tǒng)單點(diǎn)登錄模型，給出了基于Push和Pull兩種模式的單點(diǎn)登錄機(jī)制的實(shí)現(xiàn)方法，然后對這兩種模式進(jìn)行了對比，并實(shí)現(xiàn)了基于Push模式的組合業(yè)務(wù)單點(diǎn)登錄機(jī)制。在安全控制的應(yīng)用中以一個(gè)診斷決策支持系統(tǒng)來說明單點(diǎn)登錄的實(shí)現(xiàn)過程。通過分析，得出該模型具有較好的安全性，可以適用于跨域的Web應(yīng)用單點(diǎn)登錄情況。 本文提出了一種基于屬性的擴(kuò)展RBAC模型(EARBAC)，給出了擴(kuò)展模型的規(guī)則定義、策略制定以及建模，并分析了EARBAC模型相對于RBAC模型的改進(jìn)特點(diǎn)。改進(jìn)模型能夠滿足基于角色的訪問控制中，大量用戶數(shù)目的安全方面的需求，，提供了資源信息細(xì)粒度化的安全策略。本文基于這一策略，通過規(guī)則定義闡明了用戶屬性與資源屬性的相互聯(lián)系，提出了單一屬性表達(dá)式，復(fù)合屬性表達(dá)式，復(fù)合權(quán)限等概念。在權(quán)限管理的應(yīng)用中以Web影院網(wǎng)站應(yīng)用為例來說明EARBAC的實(shí)現(xiàn)過程。通過應(yīng)用分析，說明了權(quán)限與角色的數(shù)量，隨著用戶數(shù)量的增多，呈現(xiàn)線性增長的趨勢。與此同時(shí)，根據(jù)不同的用戶屬性定義了多個(gè)組別的用戶角色，使用戶角色的分配更加靈活，減輕了Web系統(tǒng)權(quán)限管理和角色管理的工作量，所以說EARBAC模型可以適用于普遍廣泛的Web應(yīng)用環(huán)境。
[Abstract]:In this paper, a single sign-on model of Web system based on SAML architecture is designed, and the implementation method of single sign-on mechanism based on Push and Pull is given, and then the comparison between the two modes is given.The single sign-on mechanism based on Push mode is implemented.In the application of security control, a diagnostic decision support system is used to illustrate the implementation process of single sign-on.Through analysis, it is concluded that the model has good security and can be applied to single sign-on in cross-domain Web applications.In this paper, an extended RBAC model based on attributes is proposed. The rules definition, policy formulation and modeling of the extended RBAC model are given, and the improved characteristics of the EARBAC model compared with the RBAC model are analyzed.The improved model can meet the security requirements of a large number of users in role-based access control and provides a fine-grained security policy for resource information.Based on this strategy, this paper clarifies the relationship between user attributes and resource attributes through the definition of rules, and puts forward the concepts of single attribute expression, compound attribute expression, compound permission and so on.In the application of privilege management, the application of Web cinema website is taken as an example to illustrate the implementation process of EARBAC.Through application analysis, the number of permissions and roles is explained. With the increase of the number of users, there is a trend of linear growth.At the same time, several user roles are defined according to different user attributes, which makes the assignment of user roles more flexible, and reduces the workload of Web system privilege management and role management.Therefore, the EARBAC model can be applied to a wide range of Web applications.
【學(xué)位授予單位】：南昌大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2014
【分類號】：TP393.08

【引證文獻(xiàn)】

相關(guān)碩士學(xué)位論文 前2條

1 鐘元權(quán);文達(dá)學(xué)院教學(xué)設(shè)備報(bào)修系統(tǒng)的設(shè)計(jì)與實(shí)現(xiàn)[D];大連理工大學(xué);2016年

2 叢晨;基于Web GIS的公共自行車實(shí)時(shí)統(tǒng)計(jì)監(jiān)控系統(tǒng)研發(fā)[D];中國地質(zhì)大學(xué)(北京);2016年

本文編號：1718425