基于SaaS的科研项目管理系统的访问控制研究与应用

发布时间：2018-04-27 00:29

本文选题：访问控制 + 科研项目管理　；参考：《广东工业大学》2015年硕士论文

【摘要】：当前云计算不断兴起,其中SaaS模式的提出和应用解决了传统科研项目管理系统中“一对一”的服务模式。但是如何在保证灵活性、安全性的前提下,实现SaaS供应商和租户之间以及系统内部的访问控制也就成了新的问题。本文提出了将科研项目管理系统与SaaS服务模式结合,建立了基于任务和角色的访问控制模型,以提升系统管控的灵活性。本文首先对SaaS模式下的科研项目管理系统进行了详细的访问控制特性分析,阐述了其系统具有大业务量,且需要自行灵活配置的特点,导致权限分配控制过度复杂化,很容易引起权限管理的不一致,产生冲突。然后针对SaaS模式下科研项目管理系统的访问控制提出一种改进的基于任务与角色的访问控制模型,并命名为SRP-TRBAC。此模型保留了TRBAC模型动态授权的优点,并且解决了与SaaS之间的跨越判断问题,也在一定程度上解决了系统访问控制过程的安全性问题。本文着重针对SaaS模式下的科研项目管理系统的访问控制提出的SRP-TRBAC模型进行研究。该模型在传统的基于任务与角色的访问控制的基础上进行改进,首先通过SaaS约束来判断并约束用户的最初权限,使得SaaS软件供应商能够动态控制租户租赁服务所对应的权限。然后将模型中的任务设定时间约束和优先级的属性,时间约束规则使权限随着任务的激活或撤销而产生或失效,解决了用户拥有权限时间过长而可能实施非法操作以此影响系统安全性的问题。任务优先级则是在某用户同时接受到不同任务时根据任务优先级别来决定处理顺序,解决了突发性的任务调度问题。另外为防止SaaS供应商的超级管理员与科研项目管理系统的超级管理员权限过大而造成的潜在安全问题,模型中将角色进一步扩展,除了超级管理员之外,增加审计员和安全员,形成三权分立,实现相互制约。此模型的访问控制规则链由最小权限规则、特权分离规则、时间约束规则、职责分离约束规则组成,限定了权限的使用范围,也保证了系统的安全性,还灵活的实现了系统的动态授权。该模型将“角色”以及“任务”同时放到访问控制模型中心,采用了静态职责分离与动态职责分离相结合的方式对指派过程进行分析与检测,并且消除冲突的实体。在保证灵活性的同时,准确的实现权限分配。应用结果表明,系统具有良好的流程配置过程和访问控制方式。该改进模型整体提高了科研项目管理系统的效率、灵活性以及安全性,能够较好的实现按需服务。
[Abstract]:At present, cloud computing is on the rise, in which SaaS mode is proposed and applied to solve the "one-to-one" service mode in traditional scientific research project management system. However, how to achieve access control between SaaS providers and tenants and within the system becomes a new problem under the premise of ensuring flexibility and security. In this paper, an access control model based on task and role is established by combining the scientific research project management system with the SaaS service model to enhance the flexibility of system control. In this paper, the characteristics of access control of scientific research project management system in SaaS mode are analyzed in detail, and the characteristics that the system has a large volume of business and needs to be configured flexibly, which leads to the excessive complexity of the control of authority allocation. It is easy to cause inconsistency in privilege management and conflict. Then an improved task and role-based access control model is proposed for the access control of scientific research project management system in SaaS mode, and it is named SRP-TRBAC. This model preserves the advantages of dynamic authorization of TRBAC model, solves the problem of leapfrogging judgment with SaaS, and to some extent solves the security problem of system access control process. This paper focuses on the SRP-TRBAC model of access control of scientific research project management system based on SaaS mode. The model is improved on the basis of traditional task- and role-based access control. Firstly, SaaS constraints are used to judge and restrict the initial permissions of users, which enables SaaS software providers to dynamically control the privileges corresponding to tenant rental services. Then, the tasks in the model are set the attributes of time constraint and priority, and the time constraint rule causes permissions to be generated or invalidated with the activation or revocation of the task. It solves the problem that the user has long permission and may carry out illegal operation to affect the security of the system. Task priority is to decide the processing order according to the task priority level when a user receives different tasks at the same time, which solves the sudden task scheduling problem. In addition, in order to prevent the potential security problems caused by the super administrator of the SaaS supplier and the super administrator of the research project management system, the role in the model is further expanded, in addition to the super administrator, the auditor and the warden are added. The formation of the separation of powers, the realization of mutual constraints. The access control rule chain of this model consists of minimum privilege rule, privilege separation rule, time constraint rule and duty separation constraint rule, which limits the scope of use of authority and ensures the security of the system. It also flexibly realizes the dynamic authorization of the system. The model puts "role" and "task" in the center of access control model at the same time, analyzes and detects the assignment process by combining static separation of duties with dynamic separation of duties, and eliminates conflicting entities. At the same time to ensure flexibility, the accurate implementation of authority allocation. The application results show that the system has a good process of process configuration and access control. The improved model can improve the efficiency, flexibility and security of the scientific research project management system.
【学位授予单位】：广东工业大学
【学位级别】：硕士
【学位授予年份】：2015
【分类号】：TP311.52

【相似文献】