基于角色的访问控制改进模型研究与应用
发布时间:2018-05-11 04:33
本文选题:基于角色的访问控制 + 信息安全 ; 参考:《西安科技大学》2014年硕士论文
【摘要】:访问控制模型是管理主体对客体访问限制的策略,通过访问控制模型保证只有被授权的用户才能访问相应的系统资源,提升系统数据安全性和完整性。本文主要研究了基于角色的访问控制模型,针对模型局限性提出改进模型,并对改进模型进行形式化描述和可满足性证明,最后通过煤质管理信息系统对模型进行验证。 本文在分析访问控制实现机制的基础上,对比了DAC、MAC和RBAC访问控制模型,着重分析了隐藏在RBAC模型中的局限性和缺乏形式化描述的问题,提出了基于角色的访问控制改进模型。从主体集、客体集和权限集三部分进行改进,建立新的访问控制模型,给出系统的权限控制和访问流程,结合系统开发经验列举开发过程中安全策略。 针对RBAC模型缺乏形式化描述和可满足性证明的问题,借助基本描述逻辑语言ALC对改进模型进行形式化描述,利用ALC语法和语义,建立描述逻辑知识库K,给出Tbox术语集、Abox断言集和模型的形式化描述概念表达式。最后采用Tableau算法对模型进行可满足性证明,验证了模型合理性。 最后,基于Java语言,在Eclipse开发环境上建立JSP+Struts2+Spring+iBatis架构的大型煤炭企业煤质管理信息系统。主要实现系统管理模块,验证模型的权限分配和访问控制过程,进而得出模型可行性和有效性。 研究成果应用于某大型煤炭集团的煤质管理信息系统中,结果表明:本文提出的基于角色的访问控制改进模型进行形式化描述之后,,概念消除歧义,便于理解和扩展,而且模型可满足系统需求。实际系统开发之后表明模型可以解决RBAC模型的局限性,简化权限配置过程,实现权限的细粒度访问控制,易于被当前主流框架实现,具有使用和推广价值。
[Abstract]:Access control model (ACM) is a policy to restrict the access of the subject to the object. The access control model ensures that only the authorized user can access the corresponding system resources and improves the security and integrity of the system data. In this paper, the role-based access control model is studied, and an improved model is proposed in view of the limitations of the model. The improved model is described formally and proved to be satisfiability. Finally, the model is verified by the coal quality management information system. Based on the analysis of the implementation mechanism of access control, this paper compares the MAC and RBAC access control models of DACU, analyzes the limitations hidden in the RBAC model and the lack of formal description, and proposes an improved role-based access control model. From the three parts of subject set, object set and permission set, a new access control model is established, and the privilege control and access flow of the system are given, and the security strategies in the development process are listed in combination with the system development experience. In view of the lack of formal description and satisfiability proof of RBAC model, the improved model is described formally by the basic description logic language (ALC), and the ALC syntax and semantics are used. The description logic knowledge base K is established and the formal description conceptual expressions of the Tbox term set Abox assertion set and model are given. Finally, the Tableau algorithm is used to prove the satisfiability of the model, which verifies the rationality of the model. Finally, based on Java language, the coal quality management information system of large coal enterprises based on JSP Struts2 Spring iBatis framework is established in Eclipse development environment. The system management module is implemented to verify the authority allocation and access control process of the model, and then the feasibility and effectiveness of the model are obtained. The research results are applied to the coal quality management information system of a large coal group. The results show that after the improved role-based access control model is formally described, the concept can be disambiguated and easily understood and extended. And the model can meet the system requirements. The actual system development shows that the model can solve the limitation of RBAC model, simplify the process of authorization configuration, and realize fine-grained access control of permissions. It is easy to be implemented by the current mainstream framework and has the value of using and popularizing.
【学位授予单位】:西安科技大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
【参考文献】
相关期刊论文 前1条
1 章文跃;;在J2EE持久层中用Spring+iBATIS实现Webwork开发[J];福建电脑;2009年05期
本文编号:1872443
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/1872443.html