擴展RBAC訪問控制模型在家庭開放平臺中的應用研究與實現(xiàn)
發(fā)布時間:2019-03-04 08:33
【摘要】:訪問控制理論一直是信息安全領(lǐng)域的研究重點。訪問控制能夠有效地保證資源被合法地訪問,防止非法使用。目前,網(wǎng)絡環(huán)境不斷發(fā)展,接入的對象更加多元化,特別是對于那些有WEB門戶的信息系統(tǒng),在權(quán)限管理上面臨的問題愈來愈多,合理有效的安全機制是解決這些問題的關(guān)鍵。基于角色的訪問控制技術(shù)一直是訪問控制領(lǐng)域研究的熱點,角色在用戶和權(quán)限之間起著橋梁的作用,用戶不再直接關(guān)聯(lián)操作權(quán)限。該技術(shù)具有靈活和高效的特點,適用于訪問控制要求較多的場景。本文首先探討RBAC96和ARBAC97模型的特點,然后在RBAC模型的基礎(chǔ)上,提出一個擴展模型——ODG-RBAC模型。主要工作是將權(quán)限細化,添加了對象、操作、域和分組等四個要素,域和分組是一組對象的集合。再者提出了域的可繼承性和一種表示域之間的層級關(guān)系的方法,深入地控制角色可管理的數(shù)據(jù)內(nèi)容和操作,提供了更細粒度化的權(quán)限功能。之后,將擴展后的ODG-RBAC模型作為解決家庭開放平臺系統(tǒng)中分權(quán)分域問題的理論基礎(chǔ),分析了家庭開放平臺系統(tǒng)分權(quán)分域管理所需的功能,然后針對業(yè)務需求提出了多樣化的角色和權(quán)限設(shè)計方案,解決了系統(tǒng)中訪問控制約束的問題,并實現(xiàn)復雜的職責分配。將權(quán)限管理系統(tǒng)分為域管理、分組管理、角色管理和用戶管理四個子模塊,采用Spring、Struts和Hibernate的集成框架實現(xiàn)了權(quán)限管理系統(tǒng)的可視化服務界面,方便用戶管理。與RBAC基本模型相比,當系統(tǒng)中每個域包含的終端個數(shù)越多,ODG-RBAC模型的改進效果越明顯;在系統(tǒng)中域的層次關(guān)系越復雜,即子域個數(shù)越多,繼承深度越大的情況下,擴展后的模型在查詢效率上的提高也越明顯。因此,實踐證明,在操作對象存在復雜的層次關(guān)系時,ODG-RBAC模型能有效地解決其技術(shù)問題,并達到較好的技術(shù)效果。
[Abstract]:Access control theory has always been the focus of research in the field of information security. Access control can effectively ensure that resources are legally accessed and prevent illegal use. At present, with the continuous development of network environment, the objects of access are more diversified, especially for those information systems with WEB portals, there are more and more problems in authority management. Reasonable and effective security mechanism is the key to solve these problems. Role-based access control technology has always been a hot topic in the field of access control. Role plays a bridge between users and permissions, and users are no longer directly associated with operational permissions. This technology has the characteristics of flexibility and efficiency, and it is suitable for the scenarios where access control is required. In this paper, we first discuss the characteristics of RBAC96 and ARBAC97 models, and then propose an extended model-ODG-RBAC model, based on the RBAC model. The main work is to refine the permissions, add objects, operations, domains and grouping, and the domain and grouping are a set of objects. Furthermore, the inheritance of the domain and a method of representing the hierarchical relationship between the domains are proposed, which can control the content and operation of the role-manageable data deeply, and provide the finer-grained permission function. Then, the extended ODG-RBAC model is used as the theoretical basis to solve the problem of decentralized domain in the open family platform system, and the functions required for decentralized sub-domain management of the open family platform system are analyzed. Then a diversified role and privilege design scheme is proposed to solve the problem of access control constraints in the system and the complex assignment of responsibilities is realized. The privilege management system is divided into four sub-modules: domain management, group management, role management and user management. The visual service interface of the privilege management system is realized by using the integrated framework of Spring,Struts and Hibernate, which is convenient for user management. Compared with the basic model of RBAC, when the number of terminals in each domain of the system is more and more, the improvement effect of the ODG-RBAC model is more obvious. The more complex the hierarchical relationship between domains is in the system, the more the number of subdomains and the greater the depth of inheritance, the more obvious the improvement of query efficiency of the extended model. Therefore, it is proved that the ODG-RBAC model can effectively solve the technical problems and achieve better technical results when there is a complex hierarchical relationship between the operating objects.
【學位授予單位】:北京郵電大學
【學位級別】:碩士
【學位授予年份】:2016
【分類號】:TP309
本文編號:2434110
[Abstract]:Access control theory has always been the focus of research in the field of information security. Access control can effectively ensure that resources are legally accessed and prevent illegal use. At present, with the continuous development of network environment, the objects of access are more diversified, especially for those information systems with WEB portals, there are more and more problems in authority management. Reasonable and effective security mechanism is the key to solve these problems. Role-based access control technology has always been a hot topic in the field of access control. Role plays a bridge between users and permissions, and users are no longer directly associated with operational permissions. This technology has the characteristics of flexibility and efficiency, and it is suitable for the scenarios where access control is required. In this paper, we first discuss the characteristics of RBAC96 and ARBAC97 models, and then propose an extended model-ODG-RBAC model, based on the RBAC model. The main work is to refine the permissions, add objects, operations, domains and grouping, and the domain and grouping are a set of objects. Furthermore, the inheritance of the domain and a method of representing the hierarchical relationship between the domains are proposed, which can control the content and operation of the role-manageable data deeply, and provide the finer-grained permission function. Then, the extended ODG-RBAC model is used as the theoretical basis to solve the problem of decentralized domain in the open family platform system, and the functions required for decentralized sub-domain management of the open family platform system are analyzed. Then a diversified role and privilege design scheme is proposed to solve the problem of access control constraints in the system and the complex assignment of responsibilities is realized. The privilege management system is divided into four sub-modules: domain management, group management, role management and user management. The visual service interface of the privilege management system is realized by using the integrated framework of Spring,Struts and Hibernate, which is convenient for user management. Compared with the basic model of RBAC, when the number of terminals in each domain of the system is more and more, the improvement effect of the ODG-RBAC model is more obvious. The more complex the hierarchical relationship between domains is in the system, the more the number of subdomains and the greater the depth of inheritance, the more obvious the improvement of query efficiency of the extended model. Therefore, it is proved that the ODG-RBAC model can effectively solve the technical problems and achieve better technical results when there is a complex hierarchical relationship between the operating objects.
【學位授予單位】:北京郵電大學
【學位級別】:碩士
【學位授予年份】:2016
【分類號】:TP309
【參考文獻】
相關(guān)期刊論文 前2條
1 馬麗;馬世龍;眭躍飛;伊勝偉;;一種RBAC的描述邏輯表示方法[J];計算機科學;2010年03期
2 龐春江;龐會靜;;RBAC模型的改進及其在電力ERP權(quán)限管理中的應用[J];電力系統(tǒng)自動化;2008年13期
相關(guān)博士學位論文 前3條
1 李赤松;訪問控制中授權(quán)一致性問題的研究[D];華中科技大學;2012年
2 陳溪源;基于角色的訪問控制在分布式環(huán)境下應用的關(guān)鍵問題研究[D];浙江大學;2010年
3 吳嫻;基于策略域的分布式訪問控制模型[D];蘇州大學;2009年
相關(guān)碩士學位論文 前8條
1 朱鈞;基于角色的jsp通用權(quán)限系統(tǒng)設(shè)計與實現(xiàn)[D];山東大學;2014年
2 陳凱;基于屬性擴展的ABAC協(xié)同設(shè)計訪問控制研究[D];太原科技大學;2014年
3 陳泉冰;基于角色—任務訪問控制模型在稿件遠程處理系統(tǒng)中的應用研究[D];暨南大學;2010年
4 戴花;基于角色的訪問控制(RBAC)在校園網(wǎng)中的應用研究[D];中南大學;2008年
5 王亮亮;RBAC技術(shù)在管理系統(tǒng)中的研究與應用[D];武漢理工大學;2008年
6 夏啟壽;RBAC在考試系統(tǒng)中的應用研究[D];西北大學;2007年
7 尹泉;基于擴展RBAC模型訪問控制理論在工商電子政務系統(tǒng)中的研究與實現(xiàn)[D];北京郵電大學;2007年
8 邢永明;一種改進的RBAC權(quán)限系統(tǒng)的研究與實現(xiàn)[D];哈爾濱理工大學;2007年
,本文編號:2434110
本文鏈接:http://sikaile.net/kejilunwen/ruanjiangongchenglunwen/2434110.html
最近更新
教材專著
