發(fā)布時(shí)間：2018-03-18 05:19

  本文選題：協(xié)同設(shè)計(jì)環(huán)境　切入點(diǎn)：訪問控制　出處：《西北工業(yè)大學(xué)》2015年博士論文　論文類型：學(xué)位論文

【摘要】：計(jì)算機(jī)支持的機(jī)械產(chǎn)品協(xié)同設(shè)計(jì)環(huán)境已經(jīng)成為企業(yè)提高產(chǎn)品開發(fā)效率的重要手段。協(xié)同設(shè)計(jì)環(huán)境以數(shù)據(jù)共享為基礎(chǔ),大量工作人員在共享環(huán)境中交互協(xié)商、分工合作、共同完成任務(wù),但是協(xié)作人員的交互方式會(huì)引發(fā)數(shù)據(jù)的安全問題。產(chǎn)品數(shù)據(jù)是企業(yè)的重要財(cái)富,必須保證數(shù)據(jù)的安全性,才能使協(xié)同設(shè)計(jì)環(huán)境得到實(shí)際應(yīng)用和推廣。訪問控制是網(wǎng)絡(luò)信息安全的核心環(huán)節(jié),它防止非授權(quán)的信息泄露。不同行業(yè)的信息系統(tǒng)對(duì)訪問控制有不同的需求,針對(duì)不同的需求研究訪問控制模型以及實(shí)施方法是訪問控制領(lǐng)域的發(fā)展趨勢(shì)。機(jī)械產(chǎn)品協(xié)同設(shè)計(jì)環(huán)境具有群體性、分布性、交互性和協(xié)同性的特點(diǎn),其訪問控制有不同的需求。因此,開展機(jī)械產(chǎn)品協(xié)同設(shè)計(jì)環(huán)境的訪問控制技術(shù)研究具有重要的理論意義和工程應(yīng)用價(jià)值。論文主要研究工作和創(chuàng)新點(diǎn)如下:(1)基于屬性和角色的訪問控制模型。利用基于角色訪問控制標(biāo)準(zhǔn)模型的抽象性和通用性,融入基于屬性訪問控制的思想,建立了基于屬性和角色的訪問控制模型(A-RBAC),以支持機(jī)械產(chǎn)品協(xié)同開發(fā)環(huán)境中的動(dòng)態(tài)訪問控制策略。給出了訪問控制環(huán)境中“訪控屬性”的定義,提出了訪控屬性應(yīng)具有的四個(gè)性質(zhì):非空性;唯一性;完備性;分離性。證明了屬性在滿足完備性和分離性時(shí),以實(shí)體屬性為基本元素所表達(dá)的權(quán)限符合完全仲裁原則。(2)基于屬性和任務(wù)的工作流訪問控制模型。將屬性概念貫穿到任務(wù)權(quán)限的定義、配置和使用的整個(gè)過程中,為權(quán)限控制提供更加豐富的約束,以滿足產(chǎn)品研發(fā)工作流中權(quán)限配置與使用的要求。提出了基于屬性和任務(wù)的訪問控制模型(A-TBAC),模型中將代表用戶工作的進(jìn)程作為執(zhí)行訪問的直接主體,引入了包含任務(wù)和任務(wù)狀態(tài)信息的“任務(wù)步”概念,使進(jìn)程和權(quán)限相關(guān)的任務(wù)步的匹配關(guān)系成為權(quán)限使用的先決條件,把權(quán)限的使用限制在與任務(wù)相關(guān)的工作中。在模型的實(shí)施機(jī)制中引入了“義務(wù)”概念,以支持動(dòng)態(tài)的權(quán)限管理策略。(3)訪問控制系統(tǒng)中的權(quán)限委托機(jī)制。從權(quán)限委托的可控性出發(fā)建立權(quán)限委托的實(shí)施機(jī)制,把權(quán)限委托的過程分為:委托聲明;委托接受;委托撤銷。引入“控制權(quán)限”的概念,限制權(quán)限委托的授予方式,定義了“強(qiáng)關(guān)系”和“委托消耗”概念,避免了權(quán)限委托的擴(kuò)散。在委托聲明步驟中,把權(quán)限委托的約束分為“全局約束”和“局部約束”,兼顧權(quán)限委托的可控性與靈活性。在委托接受步驟中,考慮了受托人的意愿。在委托撤銷步驟中,總結(jié)了各種撤銷委托的條件。(4)訪問控制系統(tǒng)的統(tǒng)一實(shí)施框架。把訪問控制的主、客體劃分為不同的層次,總結(jié)了訪問控制中的基本元素以及元素之間的關(guān)系,討論了在訪問控制系統(tǒng)中建立屬性取值之間偏序關(guān)系的必要性。建立了一種能夠表達(dá)多種訪問控制策略的描述方法,提出了一種較為通用的訪問控制實(shí)施框架(ACEF),闡述了經(jīng)典訪問控制模型和本文建立的訪問控制模型在該框架下的表達(dá)方式。實(shí)現(xiàn)了訪問控制實(shí)施框架的模塊化設(shè)計(jì),使訪問控制與業(yè)務(wù)系統(tǒng)實(shí)現(xiàn)解耦。為了驗(yàn)證上述提出的模型、機(jī)制和實(shí)施框架的有效性,以“協(xié)同設(shè)計(jì)仿真集成平臺(tái)”的訪問控制系統(tǒng)為對(duì)象,對(duì)平臺(tái)訪問控制系統(tǒng)的關(guān)鍵技術(shù)、用戶界面、安全架構(gòu)和系統(tǒng)集成等進(jìn)行了設(shè)計(jì)和實(shí)施。最后,對(duì)本文的研究工作進(jìn)行總結(jié),指出機(jī)械產(chǎn)品協(xié)同開發(fā)環(huán)境訪問控制未來的研究方向。
[Abstract]:Mechanical products, computer supported collaborative design environment has become an important means for enterprises to improve the efficiency of product development. A collaborative design environment based on data sharing, a large number of staff mutual negotiation, in a shared environment division, to complete the task, but the interaction cooperation staff will lead to the problem of data security is an important wealth of the enterprise product data. The need to ensure the security of the data, in order to make collaborative design environment and promote the practical application. The access control is a key link of network information security, which prevents unauthorized disclosure of information. Information systems of different industries have different requirements for access control, according to the research needs of different access control models and implementation method is developed the trend of the access control domain. Mechanical product collaborative design environment with the group, the distribution characteristics of interaction and collaboration, The access control has different needs. Therefore, it has important theoretical significance and engineering application value to carry out research on the control technology of mechanical product collaborative design environment access. The main research work and innovations are as follows: (1) attribute and role based access control model. Using the role-based access control model of the abstract and general standard based on the integration of access control based on the idea of an attribute and role based access control model (A-RBAC), to dynamically access support mechanical product collaborative development environment in the control strategy is given. The access control environment "visit control attribute" definition, proposed four attributes should have properties of access controls non empty; uniqueness; completeness; separation. It is proved that satisfy the completeness and separability in attribute, entity attribute as the basic elements to express permission in accordance with complete arbitration principle (2). A workflow access control model based on attribute and task. The attribute concept definition to the task permission, configuration and use of the whole process, provide more constraints for access control, authorization configuration and use to meet product development workflow requirements. The attribute and task based access control model (A-TBAC). The model, on behalf of the user in the process of implementation as the main access directly, introduced contains task and task status information "task step" concept, make the task step process and the relevant authority for permission to use the matching relationship between the prerequisites, the authority to limit the use in task related work in the model. The implementation mechanism is introduced in the "obligation" concept, to support dynamic authorization strategies. (3) access control system of delegation mechanism. From the delegation can control a Development implementation mechanism of delegation, the delegation process is divided into: delegate declaration; accept commission; revocation. Introducing the concept of "control rights", commissioned by the restricted permission granted, the definition of "strong relationship" and "principal consumption" concept, to avoid the diffusion limit. In the right principal delegate declaration step, the delegation constraint is divided into "global constraints" and "local constraints", both controllability and flexibility. The delegation entrusted by step, consider the trustee's wishes. In the revocation process, summarizes the Commission revoked the conditions. (4) the unified access control system the implementation of the framework. The access control of the main object, divided into different levels, summarizes the relationship between the basic elements of access control and the elements, discusses the establishment of partial relation between attribute values in the access control system will To. To establish a new expression of a variety of access control policy description method, puts forward a general access control framework (ACEF), describes the expression of the classic access control model and access control model based on the framework. The access control implementation of modular design framework so, access control and service system is decoupled. In order to verify the effectiveness of the proposed model, mechanism and implementation framework, a collaborative design and simulation integrated platform access control system, key technology, the platform access control system user interface, security architecture and system integration of design and implementation at last, this paper summarizes the research work, points out the future direction of the Research on the access control of mechanical product collaborative development environment.

【學(xué)位授予單位】：西北工業(yè)大學(xué)
【學(xué)位級(jí)別】：博士
【學(xué)位授予年份】：2015
【分類號(hào)】：TH122;TP309

【參考文獻(xiàn)】

相關(guān)期刊論文 前2條

1 李曉峰;馮登國(guó);陳朝武;房子河;;基于屬性的訪問控制模型[J];通信學(xué)報(bào);2008年04期

2 鄧集波,洪帆;基于任務(wù)的訪問控制模型[J];軟件學(xué)報(bào);2003年01期

相關(guān)博士學(xué)位論文 前2條

1 鄒靈浩;基于工作流的某型號(hào)產(chǎn)品協(xié)同設(shè)計(jì)方法研究[D];大連理工大學(xué);2010年

2 於光燦;協(xié)作環(huán)境中訪問控制模型研究[D];華中科技大學(xué);2008年

，

本文編號(hào)：1628176