扩展RBAC访问控制模型在家庭开放平台中的应用研究与实现
发布时间:2019-03-04 08:33
【摘要】:访问控制理论一直是信息安全领域的研究重点。访问控制能够有效地保证资源被合法地访问,防止非法使用。目前,网络环境不断发展,接入的对象更加多元化,特别是对于那些有WEB门户的信息系统,在权限管理上面临的问题愈来愈多,合理有效的安全机制是解决这些问题的关键。基于角色的访问控制技术一直是访问控制领域研究的热点,角色在用户和权限之间起着桥梁的作用,用户不再直接关联操作权限。该技术具有灵活和高效的特点,适用于访问控制要求较多的场景。本文首先探讨RBAC96和ARBAC97模型的特点,然后在RBAC模型的基础上,提出一个扩展模型——ODG-RBAC模型。主要工作是将权限细化,添加了对象、操作、域和分组等四个要素,域和分组是一组对象的集合。再者提出了域的可继承性和一种表示域之间的层级关系的方法,深入地控制角色可管理的数据内容和操作,提供了更细粒度化的权限功能。之后,将扩展后的ODG-RBAC模型作为解决家庭开放平台系统中分权分域问题的理论基础,分析了家庭开放平台系统分权分域管理所需的功能,然后针对业务需求提出了多样化的角色和权限设计方案,解决了系统中访问控制约束的问题,并实现复杂的职责分配。将权限管理系统分为域管理、分组管理、角色管理和用户管理四个子模块,采用Spring、Struts和Hibernate的集成框架实现了权限管理系统的可视化服务界面,方便用户管理。与RBAC基本模型相比,当系统中每个域包含的终端个数越多,ODG-RBAC模型的改进效果越明显;在系统中域的层次关系越复杂,即子域个数越多,继承深度越大的情况下,扩展后的模型在查询效率上的提高也越明显。因此,实践证明,在操作对象存在复杂的层次关系时,ODG-RBAC模型能有效地解决其技术问题,并达到较好的技术效果。
[Abstract]:Access control theory has always been the focus of research in the field of information security. Access control can effectively ensure that resources are legally accessed and prevent illegal use. At present, with the continuous development of network environment, the objects of access are more diversified, especially for those information systems with WEB portals, there are more and more problems in authority management. Reasonable and effective security mechanism is the key to solve these problems. Role-based access control technology has always been a hot topic in the field of access control. Role plays a bridge between users and permissions, and users are no longer directly associated with operational permissions. This technology has the characteristics of flexibility and efficiency, and it is suitable for the scenarios where access control is required. In this paper, we first discuss the characteristics of RBAC96 and ARBAC97 models, and then propose an extended model-ODG-RBAC model, based on the RBAC model. The main work is to refine the permissions, add objects, operations, domains and grouping, and the domain and grouping are a set of objects. Furthermore, the inheritance of the domain and a method of representing the hierarchical relationship between the domains are proposed, which can control the content and operation of the role-manageable data deeply, and provide the finer-grained permission function. Then, the extended ODG-RBAC model is used as the theoretical basis to solve the problem of decentralized domain in the open family platform system, and the functions required for decentralized sub-domain management of the open family platform system are analyzed. Then a diversified role and privilege design scheme is proposed to solve the problem of access control constraints in the system and the complex assignment of responsibilities is realized. The privilege management system is divided into four sub-modules: domain management, group management, role management and user management. The visual service interface of the privilege management system is realized by using the integrated framework of Spring,Struts and Hibernate, which is convenient for user management. Compared with the basic model of RBAC, when the number of terminals in each domain of the system is more and more, the improvement effect of the ODG-RBAC model is more obvious. The more complex the hierarchical relationship between domains is in the system, the more the number of subdomains and the greater the depth of inheritance, the more obvious the improvement of query efficiency of the extended model. Therefore, it is proved that the ODG-RBAC model can effectively solve the technical problems and achieve better technical results when there is a complex hierarchical relationship between the operating objects.
【学位授予单位】:北京邮电大学
【学位级别】:硕士
【学位授予年份】:2016
【分类号】:TP309
本文编号:2434110
[Abstract]:Access control theory has always been the focus of research in the field of information security. Access control can effectively ensure that resources are legally accessed and prevent illegal use. At present, with the continuous development of network environment, the objects of access are more diversified, especially for those information systems with WEB portals, there are more and more problems in authority management. Reasonable and effective security mechanism is the key to solve these problems. Role-based access control technology has always been a hot topic in the field of access control. Role plays a bridge between users and permissions, and users are no longer directly associated with operational permissions. This technology has the characteristics of flexibility and efficiency, and it is suitable for the scenarios where access control is required. In this paper, we first discuss the characteristics of RBAC96 and ARBAC97 models, and then propose an extended model-ODG-RBAC model, based on the RBAC model. The main work is to refine the permissions, add objects, operations, domains and grouping, and the domain and grouping are a set of objects. Furthermore, the inheritance of the domain and a method of representing the hierarchical relationship between the domains are proposed, which can control the content and operation of the role-manageable data deeply, and provide the finer-grained permission function. Then, the extended ODG-RBAC model is used as the theoretical basis to solve the problem of decentralized domain in the open family platform system, and the functions required for decentralized sub-domain management of the open family platform system are analyzed. Then a diversified role and privilege design scheme is proposed to solve the problem of access control constraints in the system and the complex assignment of responsibilities is realized. The privilege management system is divided into four sub-modules: domain management, group management, role management and user management. The visual service interface of the privilege management system is realized by using the integrated framework of Spring,Struts and Hibernate, which is convenient for user management. Compared with the basic model of RBAC, when the number of terminals in each domain of the system is more and more, the improvement effect of the ODG-RBAC model is more obvious. The more complex the hierarchical relationship between domains is in the system, the more the number of subdomains and the greater the depth of inheritance, the more obvious the improvement of query efficiency of the extended model. Therefore, it is proved that the ODG-RBAC model can effectively solve the technical problems and achieve better technical results when there is a complex hierarchical relationship between the operating objects.
【学位授予单位】:北京邮电大学
【学位级别】:硕士
【学位授予年份】:2016
【分类号】:TP309
【参考文献】
相关期刊论文 前2条
1 马丽;马世龙;眭跃飞;伊胜伟;;一种RBAC的描述逻辑表示方法[J];计算机科学;2010年03期
2 庞春江;庞会静;;RBAC模型的改进及其在电力ERP权限管理中的应用[J];电力系统自动化;2008年13期
相关博士学位论文 前3条
1 李赤松;访问控制中授权一致性问题的研究[D];华中科技大学;2012年
2 陈溪源;基于角色的访问控制在分布式环境下应用的关键问题研究[D];浙江大学;2010年
3 吴娴;基于策略域的分布式访问控制模型[D];苏州大学;2009年
相关硕士学位论文 前8条
1 朱钧;基于角色的jsp通用权限系统设计与实现[D];山东大学;2014年
2 陈凯;基于属性扩展的ABAC协同设计访问控制研究[D];太原科技大学;2014年
3 陈泉冰;基于角色—任务访问控制模型在稿件远程处理系统中的应用研究[D];暨南大学;2010年
4 戴花;基于角色的访问控制(RBAC)在校园网中的应用研究[D];中南大学;2008年
5 王亮亮;RBAC技术在管理系统中的研究与应用[D];武汉理工大学;2008年
6 夏启寿;RBAC在考试系统中的应用研究[D];西北大学;2007年
7 尹泉;基于扩展RBAC模型访问控制理论在工商电子政务系统中的研究与实现[D];北京邮电大学;2007年
8 邢永明;一种改进的RBAC权限系统的研究与实现[D];哈尔滨理工大学;2007年
,本文编号:2434110
本文链接:https://www.wllwen.com/kejilunwen/ruanjiangongchenglunwen/2434110.html
