Web系统中安全控制及权限管理研究

发布时间：2018-04-06 06:35

本文选题：Web安全　切入点：访问控制　出处：《南昌大学》2014年硕士论文

【摘要】：本文设计了一种基于SAML体系的Web系统单点登录模型，给出了基于Push和Pull两种模式的单点登录机制的实现方法，然后对这两种模式进行了对比，并实现了基于Push模式的组合业务单点登录机制。在安全控制的应用中以一个诊断决策支持系统来说明单点登录的实现过程。通过分析，得出该模型具有较好的安全性，可以适用于跨域的Web应用单点登录情况。本文提出了一种基于属性的扩展RBAC模型(EARBAC)，给出了扩展模型的规则定义、策略制定以及建模，并分析了EARBAC模型相对于RBAC模型的改进特点。改进模型能够满足基于角色的访问控制中，大量用户数目的安全方面的需求，，提供了资源信息细粒度化的安全策略。本文基于这一策略，通过规则定义阐明了用户属性与资源属性的相互联系，提出了单一属性表达式，复合属性表达式，复合权限等概念。在权限管理的应用中以Web影院网站应用为例来说明EARBAC的实现过程。通过应用分析，说明了权限与角色的数量，随着用户数量的增多，呈现线性增长的趋势。与此同时，根据不同的用户属性定义了多个组别的用户角色，使用户角色的分配更加灵活，减轻了Web系统权限管理和角色管理的工作量，所以说EARBAC模型可以适用于普遍广泛的Web应用环境。
[Abstract]:In this paper, a single sign-on model of Web system based on SAML architecture is designed, and the implementation method of single sign-on mechanism based on Push and Pull is given, and then the comparison between the two modes is given.The single sign-on mechanism based on Push mode is implemented.In the application of security control, a diagnostic decision support system is used to illustrate the implementation process of single sign-on.Through analysis, it is concluded that the model has good security and can be applied to single sign-on in cross-domain Web applications.In this paper, an extended RBAC model based on attributes is proposed. The rules definition, policy formulation and modeling of the extended RBAC model are given, and the improved characteristics of the EARBAC model compared with the RBAC model are analyzed.The improved model can meet the security requirements of a large number of users in role-based access control and provides a fine-grained security policy for resource information.Based on this strategy, this paper clarifies the relationship between user attributes and resource attributes through the definition of rules, and puts forward the concepts of single attribute expression, compound attribute expression, compound permission and so on.In the application of privilege management, the application of Web cinema website is taken as an example to illustrate the implementation process of EARBAC.Through application analysis, the number of permissions and roles is explained. With the increase of the number of users, there is a trend of linear growth.At the same time, several user roles are defined according to different user attributes, which makes the assignment of user roles more flexible, and reduces the workload of Web system privilege management and role management.Therefore, the EARBAC model can be applied to a wide range of Web applications.
【学位授予单位】：南昌大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【引证文献】