本文選題：基于角色的訪問控制 + 信息安全��； 參考：《西安科技大學(xué)》2014年碩士論文

【摘要】：訪問控制模型是管理主體對客體訪問限制的策略，通過訪問控制模型保證只有被授權(quán)的用戶才能訪問相應(yīng)的系統(tǒng)資源，提升系統(tǒng)數(shù)據(jù)安全性和完整性。本文主要研究了基于角色的訪問控制模型，針對模型局限性提出改進模型，并對改進模型進行形式化描述和可滿足性證明，最后通過煤質(zhì)管理信息系統(tǒng)對模型進行驗證。 本文在分析訪問控制實現(xiàn)機制的基礎(chǔ)上，對比了DAC、MAC和RBAC訪問控制模型，著重分析了隱藏在RBAC模型中的局限性和缺乏形式化描述的問題，提出了基于角色的訪問控制改進模型。從主體集、客體集和權(quán)限集三部分進行改進，建立新的訪問控制模型，給出系統(tǒng)的權(quán)限控制和訪問流程，結(jié)合系統(tǒng)開發(fā)經(jīng)驗列舉開發(fā)過程中安全策略。 針對RBAC模型缺乏形式化描述和可滿足性證明的問題，借助基本描述邏輯語言ALC對改進模型進行形式化描述，利用ALC語法和語義，建立描述邏輯知識庫K，給出Tbox術(shù)語集、Abox斷言集和模型的形式化描述概念表達式。最后采用Tableau算法對模型進行可滿足性證明，驗證了模型合理性。 最后，基于Java語言，在Eclipse開發(fā)環(huán)境上建立JSP+Struts2+Spring+iBatis架構(gòu)的大型煤炭企業(yè)煤質(zhì)管理信息系統(tǒng)。主要實現(xiàn)系統(tǒng)管理模塊，驗證模型的權(quán)限分配和訪問控制過程，進而得出模型可行性和有效性。 研究成果應(yīng)用于某大型煤炭集團的煤質(zhì)管理信息系統(tǒng)中，結(jié)果表明：本文提出的基于角色的訪問控制改進模型進行形式化描述之后，，概念消除歧義，便于理解和擴展，而且模型可滿足系統(tǒng)需求。實際系統(tǒng)開發(fā)之后表明模型可以解決RBAC模型的局限性，簡化權(quán)限配置過程，實現(xiàn)權(quán)限的細粒度訪問控制，易于被當(dāng)前主流框架實現(xiàn)，具有使用和推廣價值。
[Abstract]:Access control model (ACM) is a policy to restrict the access of the subject to the object. The access control model ensures that only the authorized user can access the corresponding system resources and improves the security and integrity of the system data. In this paper, the role-based access control model is studied, and an improved model is proposed in view of the limitations of the model. The improved model is described formally and proved to be satisfiability. Finally, the model is verified by the coal quality management information system. Based on the analysis of the implementation mechanism of access control, this paper compares the MAC and RBAC access control models of DACU, analyzes the limitations hidden in the RBAC model and the lack of formal description, and proposes an improved role-based access control model. From the three parts of subject set, object set and permission set, a new access control model is established, and the privilege control and access flow of the system are given, and the security strategies in the development process are listed in combination with the system development experience. In view of the lack of formal description and satisfiability proof of RBAC model, the improved model is described formally by the basic description logic language (ALC), and the ALC syntax and semantics are used. The description logic knowledge base K is established and the formal description conceptual expressions of the Tbox term set Abox assertion set and model are given. Finally, the Tableau algorithm is used to prove the satisfiability of the model, which verifies the rationality of the model. Finally, based on Java language, the coal quality management information system of large coal enterprises based on JSP Struts2 Spring iBatis framework is established in Eclipse development environment. The system management module is implemented to verify the authority allocation and access control process of the model, and then the feasibility and effectiveness of the model are obtained. The research results are applied to the coal quality management information system of a large coal group. The results show that after the improved role-based access control model is formally described, the concept can be disambiguated and easily understood and extended. And the model can meet the system requirements. The actual system development shows that the model can solve the limitation of RBAC model, simplify the process of authorization configuration, and realize fine-grained access control of permissions. It is easy to be implemented by the current mainstream framework and has the value of using and popularizing.
【學(xué)位授予單位】：西安科技大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2014
【分類號】：TP393.08

【參考文獻】

相關(guān)期刊論文 前1條

1 章文躍;;在J2EE持久層中用Spring+iBATIS實現(xiàn)Webwork開發(fā)[J];福建電腦;2009年05期

本文編號：1872443