安全服务系统中访问控制机制的设计与实现

发布时间：2018-03-14 05:10

本文选题：RBAC　切入点：BLP　出处：《西安电子科技大学》2014年硕士论文　论文类型：学位论文

【摘要】：随着企业信息化的迅猛发展，越来越多的企业选择软件管理系统来支持企业中的各种活动，企业管理软件在企业管理中扮演越来越重要的角色。但是随着企业活动的多样化，单一的系统安全访问控制已经不能满足管理系统的安全需求。如何运用现有访问控制策略更安全的保证系统安全，成了亟待解决的问题。论文工作来源于实际项目。系统安全访问控制为上层应用提供安全、高效、透明的授权服务，保证系统中信息的安全。本文深入研究了基于角色的访问控制模型和基于密级的访问控制模型。针对系统中应用的需求，设计了一种RBAC与BLP相结合的访问控制模型。针对访问鉴权的效率问题，提出客户端提前下载策略库，在本地完成鉴权的方案，提高了鉴权的效率。针对策略的配置管理，本文设计了基于MVC模式的访问控制策略的配置与管理系统。系统中采用AJAX技术对配置页面进行局部刷新，，使得浏览器和服务器通信更加流畅。本文最后从功能和性能两方面对系统进行了相关测试，并对测试结果进行了相应分析。分析结果表明系统完成了信息安全组件对应用的各种需求，同时采用本地鉴权的方案在很大程度上提升了鉴权的效率。
[Abstract]:With the rapid development of enterprise information, more and more enterprises choose software management system to support all kinds of activities in enterprises. Enterprise management software plays a more and more important role in enterprise management. The single system security access control can not meet the security requirements of the management system. How to use the existing access control policy to ensure the security of the system has become an urgent problem to be solved. The system security access control provides secure, efficient and transparent authorization service for the upper application. In this paper, the role-based access control model and the access control model based on secret level are deeply studied. An access control model combining RBAC and BLP is designed. Aiming at the efficiency of access authentication, the scheme of client downloading policy library in advance is put forward, which improves the efficiency of authentication, and aims at the configuration management of policy. In this paper, a configuration and management system of access control policy based on MVC mode is designed, in which the configuration page is partially refreshed by AJAX technology, which makes the communication between browser and server more smooth. Finally, the system is tested from function and performance, and the test results are analyzed accordingly. The results show that the system has fulfilled all kinds of application requirements of information security components. At the same time, the scheme of local authentication improves the efficiency of authentication to a great extent.
【学位授予单位】：西安电子科技大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】