不同安全级别下提高电子政务软件开发效率的研究
|
摘要
本文在对传统电子政务软件的开发效率进行详细分析和研究的基础上,提出了一种新的基于模型的权限控制方法。并研究了基于此种新方法如何对功能的内部控制点进行抽象与建模,如何建立对数据的访问控制规则,如何在软件中解释通用的功能控制模型与数据规则的问题。
该研究的目的在于:在不同安全级别下,提高电子政务软件的开发效率,增强软件的灵活性,降低软件的开发维护成本。从而提高政府部门的工作效率,节省经费开支。
论文首先对电子政务软件开发领域的国内外现状进行了简要介绍,指出了其中存在的问题,分析了对于该问题的国内外研究现状并进行了归纳总结,即目前的电子政务软件,在不同安全级别下,无法很好地满足用户的“时间和空间上的个性化”。用户对单一功能内子功能的安全控制要求,已经从整体单个功能控制,转移到了功能内的子功能的不同级别的控制;同时,由于电子政务软件的需求还在不断变化,软件在时间维度上无法满足用户的快速响应要求。使得效率、成本、不同安全级别控制等问题日益成为电子政务软件满足用户个性化需求的重要阻力。然后,从技术层面对上述问题进行了剖析,得出若干需要解决的关键性技术问题。为了解决这些关键技术问题,本文提出了一种新的基于模型的权限控制方法,在传统的功能模型的基础上,通过建立新的子功能模型,使控制颗粒度细化到功能内部,并可以根据用户的个性化需求灵活地进行改变。接下来,以VB6.0作为开发平台,以设计开发一套功能相同的工资管理软件作为比较基准,分别采用两种设计方法开发。对软件的功能和开发效率进行对比,从而对这种新的方法进行验证。通过验证得出结论:采用该方法的电子政务软件开发效率要高于采用传统方法的软件开发效率,在一定程度上解决了采用传统方法带来的低效率、高成本、灵活性差等问题,可以很好的满足用户在不同安全级别下的个性化需求。最后,对整个研究过程进行了总结,并对该课题的发展前景进行了展望。
通过对该课题进行研究,本文提出一种新的基于模型的权限控制方法,可以支持颗粒度更加细化的权限控制,提高电子政务软件的开发效率,增强软件的灵活性,降低软件的开发维护成本,很好的满足用户的个性化设计需求。通过进一步扩展,可以将该方法应用于实际的电子政务系统开发设计中,从而为广大用户与软件商带来巨大的经济效益,应用前景广阔。
In the base of the analysis and investigations of the exploiture efficiency of traditional E-Government affair softwares, this paper has put forward a new rights control method which based on models. It also deeply studied how to use this method to abstracting and modelling the internal control points of a function; how to erect the data accessing control rules; how to explain the general function control model and data accessing control rules in softwares.
The purpose of the researchment is: In different security levels, improve the exploiture efficiency of E-Government affair softwares; make the softwares more flexible; reduce the exploiture and maintenance cost of the softwares. In order to improve the work efficiency of the government and save cost.
First, the paper made an introduction of the current status of the E-Government affair softwares' exploiture and has pointed out its problems. The problem is, current E-Government affair softwares in different security levels, can't satisfy the user's "temporal and dimentional individuations". The user's requirement on security controls of subfunctions in a single function has beem moved from a whole function to the subfuntions in it; further more, as the requirement of E-Government affair softwares changes with time, it can't satisfy quick response requirement of the user. It makes the efficiency, the cost, the access control in different security levels become serious problems on the road of the development of the E-Government affair softwares. Then, the paper analysised the problem before, made some key technical questions. In order to solve the key technical questions, the author put forward a new rights control method based on classical models. It has added a new subfuntion model to the original function model which makes the control level to the internal of the function and the softwares more flexible in the basis of user's request. Next, in order to prove the new method, the author has designed a salary management software with VB6.0 using two methods, one is traditional, the other is model-based, and has compared their functions and exploiture efficiency. After the comparation, it has made a conclusion that the model-based method is more efficient than the traditional method. It can solve the problems like high cost, low efficiency, less flexible etc, and it also can satisfy the user's requests in different security levels. At last, the author reviewed the whole procession of the researchment, made a prospection to the researchment a few decades later.
Through the researchment, the paper has put forward a new rights control method which based on models. It can support rights control in lower levels, improve the exploiture efficiency of the E-Government affair softwares, make the softwares more flexible, reduce the cost of the softwares, and satify the user's requests better. More developed, the method can be used in designing the E-Government affair softwares, make more profit to the users and the software corporations. It can be used widely.
该研究的目的在于:在不同安全级别下,提高电子政务软件的开发效率,增强软件的灵活性,降低软件的开发维护成本。从而提高政府部门的工作效率,节省经费开支。
论文首先对电子政务软件开发领域的国内外现状进行了简要介绍,指出了其中存在的问题,分析了对于该问题的国内外研究现状并进行了归纳总结,即目前的电子政务软件,在不同安全级别下,无法很好地满足用户的“时间和空间上的个性化”。用户对单一功能内子功能的安全控制要求,已经从整体单个功能控制,转移到了功能内的子功能的不同级别的控制;同时,由于电子政务软件的需求还在不断变化,软件在时间维度上无法满足用户的快速响应要求。使得效率、成本、不同安全级别控制等问题日益成为电子政务软件满足用户个性化需求的重要阻力。然后,从技术层面对上述问题进行了剖析,得出若干需要解决的关键性技术问题。为了解决这些关键技术问题,本文提出了一种新的基于模型的权限控制方法,在传统的功能模型的基础上,通过建立新的子功能模型,使控制颗粒度细化到功能内部,并可以根据用户的个性化需求灵活地进行改变。接下来,以VB6.0作为开发平台,以设计开发一套功能相同的工资管理软件作为比较基准,分别采用两种设计方法开发。对软件的功能和开发效率进行对比,从而对这种新的方法进行验证。通过验证得出结论:采用该方法的电子政务软件开发效率要高于采用传统方法的软件开发效率,在一定程度上解决了采用传统方法带来的低效率、高成本、灵活性差等问题,可以很好的满足用户在不同安全级别下的个性化需求。最后,对整个研究过程进行了总结,并对该课题的发展前景进行了展望。
通过对该课题进行研究,本文提出一种新的基于模型的权限控制方法,可以支持颗粒度更加细化的权限控制,提高电子政务软件的开发效率,增强软件的灵活性,降低软件的开发维护成本,很好的满足用户的个性化设计需求。通过进一步扩展,可以将该方法应用于实际的电子政务系统开发设计中,从而为广大用户与软件商带来巨大的经济效益,应用前景广阔。
In the base of the analysis and investigations of the exploiture efficiency of traditional E-Government affair softwares, this paper has put forward a new rights control method which based on models. It also deeply studied how to use this method to abstracting and modelling the internal control points of a function; how to erect the data accessing control rules; how to explain the general function control model and data accessing control rules in softwares.
The purpose of the researchment is: In different security levels, improve the exploiture efficiency of E-Government affair softwares; make the softwares more flexible; reduce the exploiture and maintenance cost of the softwares. In order to improve the work efficiency of the government and save cost.
First, the paper made an introduction of the current status of the E-Government affair softwares' exploiture and has pointed out its problems. The problem is, current E-Government affair softwares in different security levels, can't satisfy the user's "temporal and dimentional individuations". The user's requirement on security controls of subfunctions in a single function has beem moved from a whole function to the subfuntions in it; further more, as the requirement of E-Government affair softwares changes with time, it can't satisfy quick response requirement of the user. It makes the efficiency, the cost, the access control in different security levels become serious problems on the road of the development of the E-Government affair softwares. Then, the paper analysised the problem before, made some key technical questions. In order to solve the key technical questions, the author put forward a new rights control method based on classical models. It has added a new subfuntion model to the original function model which makes the control level to the internal of the function and the softwares more flexible in the basis of user's request. Next, in order to prove the new method, the author has designed a salary management software with VB6.0 using two methods, one is traditional, the other is model-based, and has compared their functions and exploiture efficiency. After the comparation, it has made a conclusion that the model-based method is more efficient than the traditional method. It can solve the problems like high cost, low efficiency, less flexible etc, and it also can satisfy the user's requests in different security levels. At last, the author reviewed the whole procession of the researchment, made a prospection to the researchment a few decades later.
Through the researchment, the paper has put forward a new rights control method which based on models. It can support rights control in lower levels, improve the exploiture efficiency of the E-Government affair softwares, make the softwares more flexible, reduce the cost of the softwares, and satify the user's requests better. More developed, the method can be used in designing the E-Government affair softwares, make more profit to the users and the software corporations. It can be used widely.
引文
[1]王长胜;《中国电子政务发展报告No.1(电子政务蓝皮书)》;社会科学文献出版社;2003
[2]侯卫真;《电子政务的建设与发展》;中国人民大学出版社;2006
[3]顾平安;《国外电子政务现状与发展趋势》;国家行政学院电子政务研究中心;2004
[4]吴敬琏,鲁志强,李广乾;《我国电子政务的现状与问题》;“新经济导刊”;2001,第12期
[5]佚名;《OA的技术发展过程和趋势》;www.newlab.com.cn;2007
[6]D.Ferraiolo and R.Kuhn,"Role-Based Access Control",Proc.15th NIST-NCSCNat'I Computer Security Conf,Nat'l Inst.Standards and Technology,Gaithersburg,Md.,1992,pp.554-563
[7]D.E Ferraiolo,J.Cugini,and D.R.Kuhn,"Role Based Access Control:Features and Motivations",Computer Security Applications Conference,1995
[8]Ravi S.Sandhu,Edward J.Coyne,and Charles E.Youman,"Role-Based Access Control Models",IEEE Computer,February 1996,pp.38-47
[9]马建平,余祥宣;《一种面向对象系统安全模型》;“华中理工大学学报”,1996,第12期,99-102页
[10]马建平,余祥宣;《多级安全关系数据库系统的分析和设计》;“计算机工程与科学”,1997,第3期,40页
[11]SevenWolfy,"Oracle Multi Org",www.oracle.com,2007
[12]钟军;《Visual Basic高级实例导航》;科学出版社;2004
[13]翁念龙,石晓成,皮六一;《多维建模数据管理方法及实现步骤》;“中国金融电脑”;2005,第10期
[14]Zeal burg;《关于权限设计的探讨》;http://expert.csdn.net,2005
[15]孙大大;《基于RBAC的分布式服务两级访问控制》;“计算机工程与应用”,2006,第26期,123-125页.
[16]夏榆滨;《基于RBAC的统一权限管理系统研究》;“微计算机信息”;2006,第22期,114-146页
[17]D.F.Ferraiolo,D.R.Kuhn,and R.Chandramouli,《Role Based Access Control》(book),Artech House,2003
[18]R.Chandramouli,"Specification and Validation of Enterprise Access Control Data for Conformance to Model and Policy Constraints",7th World Multi-conference on Systemics,Cybernetics and Informatics,SCI,2003
[19]汪厚祥,李卉;《基于角色的访问控制研究》;“计算机应用研究”;2005;第4期;125-127页
[20]CCID;《网络安全软件在电子政务中的应用前景分析》;“软件世界”;2003;第1期
[21]周珂伟;《VisualBasic6.0数据库开发学习教程》;北京大学出版社;2000
[22]李春葆,张植民;《Visual Basic数据库系统设计与开发》;清华大学出版社;2003
[23]王志梅,张焰林;《Visual Basic数据库应用》;科学出版社;2003
[24]Jung D,and Boutquin P,"The Waite Group's.Visual Basic 6 Super Bible",SAMS,1999
[25]D.Ferraiolo,R.Sandhu,S.Gavrila,D.R.Kuhn,and R.Chandramouli,"A Proposed Standard for Role Based Access Control," ACM Transactions on Information and System Security,vol.4,no.3,August,2001
[26]The Economic Impact of Role Based Access Control.Research Triangle Institute.NIST Planning Report 02-01.2002
[27]D.Ferraiolo and J.F.Barkley,"Comparing Administrative Cost for Hierarchical and Non-hierarchical Role Representations," Second ACM Workshop on Role-Based Access Control,Nov 6-7,1997.
[28]J.BarNey,"Comparing Simple Role Based Access Control Models and Access Control Lists",Second ACM Workshop on Role-Based Access Control,1997
[29]亚历山大;《粒度细到控件的权限管理系统的设计》;“博客园”;2007
[30]张志勇;《RBAC研究展望》;“中国教育和科研计算机网”;2007
[31]解圣庆,刘永华;《管理信息系统》;清华大学出版社;2007
[32]徐士良;《计算机软件技术基础》;清华大学出版社;2001
[2]侯卫真;《电子政务的建设与发展》;中国人民大学出版社;2006
[3]顾平安;《国外电子政务现状与发展趋势》;国家行政学院电子政务研究中心;2004
[4]吴敬琏,鲁志强,李广乾;《我国电子政务的现状与问题》;“新经济导刊”;2001,第12期
[5]佚名;《OA的技术发展过程和趋势》;www.newlab.com.cn;2007
[6]D.Ferraiolo and R.Kuhn,"Role-Based Access Control",Proc.15th NIST-NCSCNat'I Computer Security Conf,Nat'l Inst.Standards and Technology,Gaithersburg,Md.,1992,pp.554-563
[7]D.E Ferraiolo,J.Cugini,and D.R.Kuhn,"Role Based Access Control:Features and Motivations",Computer Security Applications Conference,1995
[8]Ravi S.Sandhu,Edward J.Coyne,and Charles E.Youman,"Role-Based Access Control Models",IEEE Computer,February 1996,pp.38-47
[9]马建平,余祥宣;《一种面向对象系统安全模型》;“华中理工大学学报”,1996,第12期,99-102页
[10]马建平,余祥宣;《多级安全关系数据库系统的分析和设计》;“计算机工程与科学”,1997,第3期,40页
[11]SevenWolfy,"Oracle Multi Org",www.oracle.com,2007
[12]钟军;《Visual Basic高级实例导航》;科学出版社;2004
[13]翁念龙,石晓成,皮六一;《多维建模数据管理方法及实现步骤》;“中国金融电脑”;2005,第10期
[14]Zeal burg;《关于权限设计的探讨》;http://expert.csdn.net,2005
[15]孙大大;《基于RBAC的分布式服务两级访问控制》;“计算机工程与应用”,2006,第26期,123-125页.
[16]夏榆滨;《基于RBAC的统一权限管理系统研究》;“微计算机信息”;2006,第22期,114-146页
[17]D.F.Ferraiolo,D.R.Kuhn,and R.Chandramouli,《Role Based Access Control》(book),Artech House,2003
[18]R.Chandramouli,"Specification and Validation of Enterprise Access Control Data for Conformance to Model and Policy Constraints",7th World Multi-conference on Systemics,Cybernetics and Informatics,SCI,2003
[19]汪厚祥,李卉;《基于角色的访问控制研究》;“计算机应用研究”;2005;第4期;125-127页
[20]CCID;《网络安全软件在电子政务中的应用前景分析》;“软件世界”;2003;第1期
[21]周珂伟;《VisualBasic6.0数据库开发学习教程》;北京大学出版社;2000
[22]李春葆,张植民;《Visual Basic数据库系统设计与开发》;清华大学出版社;2003
[23]王志梅,张焰林;《Visual Basic数据库应用》;科学出版社;2003
[24]Jung D,and Boutquin P,"The Waite Group's.Visual Basic 6 Super Bible",SAMS,1999
[25]D.Ferraiolo,R.Sandhu,S.Gavrila,D.R.Kuhn,and R.Chandramouli,"A Proposed Standard for Role Based Access Control," ACM Transactions on Information and System Security,vol.4,no.3,August,2001
[26]The Economic Impact of Role Based Access Control.Research Triangle Institute.NIST Planning Report 02-01.2002
[27]D.Ferraiolo and J.F.Barkley,"Comparing Administrative Cost for Hierarchical and Non-hierarchical Role Representations," Second ACM Workshop on Role-Based Access Control,Nov 6-7,1997.
[28]J.BarNey,"Comparing Simple Role Based Access Control Models and Access Control Lists",Second ACM Workshop on Role-Based Access Control,1997
[29]亚历山大;《粒度细到控件的权限管理系统的设计》;“博客园”;2007
[30]张志勇;《RBAC研究展望》;“中国教育和科研计算机网”;2007
[31]解圣庆,刘永华;《管理信息系统》;清华大学出版社;2007
[32]徐士良;《计算机软件技术基础》;清华大学出版社;2001