基于角色的安全访问控制的研究和应用
摘要
企业信息化越来越多地采用了ERP等先进的管理信息系统,但随着企业信息建设的网络化,网络的安全隐患问题给企业管理软件带来了巨大的挑战。结合PKI/CA安全认证技术和LDAP目录服务,在ERP系统中实现基于角色的访问控制方法(RBAC),是企业管理软件网络化实施和加强安全管理的有效办法。
本文共分五章:第一章对企业信息化及其应用现状、安全隐患做了分析,同时介绍了企业信息化建设中重要的ERP系统;第二章介绍了一个具体的SD-ERP原型系统,提供了进行二次开发的环境,提出了其中存在的安全控制隐患问题;第三章概述不同的访问控制策略,重点分析和比较了基于角色的安全访问控制(RBAC)的方法;第四章讨论了RBAC的具体实现方式,提出了在SD-ERP中进行安全访问控制的模型结构;第五章详细描述了在SD-ERP中具体实现RBAC的系统模型和相关数据库表。
Enterprise Resource Planning (ERP) has been widely used in the information management of enterprises. The enterprise informationization also has been extended the network environment at the present day. It is a great challenge that enterprise management software deals with the security problems on the network. Combined with Public Key Infrastructure (PKI) and Light Directory Access Protocol (LDAP), Role Based Access Control (RBAC) provides a good solution to secure the ERP system.
This thesis is organized as follows. Chapter 1 introduces the enterprise informationization and its implementation system; furthermore, analyses the related security problems. Chapter 2 presents SD-ERP system, which provides the environment for system rebuilding. The security control problems in SD-ERP system are also discussed. Chapter 3 reviews three access control methods, mainly discusses the theory and method of RBAC. Chapter 4 describes the different methods of the RBAC realization and presents the
model of security access control in SD-ERP system. Chapter 5 details the implementation of RBAC in SD-ERP system.
本文共分五章:第一章对企业信息化及其应用现状、安全隐患做了分析,同时介绍了企业信息化建设中重要的ERP系统;第二章介绍了一个具体的SD-ERP原型系统,提供了进行二次开发的环境,提出了其中存在的安全控制隐患问题;第三章概述不同的访问控制策略,重点分析和比较了基于角色的安全访问控制(RBAC)的方法;第四章讨论了RBAC的具体实现方式,提出了在SD-ERP中进行安全访问控制的模型结构;第五章详细描述了在SD-ERP中具体实现RBAC的系统模型和相关数据库表。
Enterprise Resource Planning (ERP) has been widely used in the information management of enterprises. The enterprise informationization also has been extended the network environment at the present day. It is a great challenge that enterprise management software deals with the security problems on the network. Combined with Public Key Infrastructure (PKI) and Light Directory Access Protocol (LDAP), Role Based Access Control (RBAC) provides a good solution to secure the ERP system.
This thesis is organized as follows. Chapter 1 introduces the enterprise informationization and its implementation system; furthermore, analyses the related security problems. Chapter 2 presents SD-ERP system, which provides the environment for system rebuilding. The security control problems in SD-ERP system are also discussed. Chapter 3 reviews three access control methods, mainly discusses the theory and method of RBAC. Chapter 4 describes the different methods of the RBAC realization and presents the
model of security access control in SD-ERP system. Chapter 5 details the implementation of RBAC in SD-ERP system.
引文
[1] Joon S. Park and Ravi Sandhu, "Role-based Access Control on the Web "ACM Transactions on Information and System Security, Vol. 4, No. 1, February 2001
[2] Gail-Joon Ahn, Ravi Sandhu, Myong Kang and Joon S. Park, "Injecting RBAC to Secure a Web-Based Workflow System"
[3] Joon S. Park, Gail-Joon Ahn, Ravi Sandhu, Joon S. Park, "Role-based Access Control on the Web Using LDAP"
[4] Joon S. Park, "Smart Certificates: Extending X.509 for Secure Attribute Services on the Web"
[5] John Barkley, "Implement Role Based Access Control using Object Technology"
[6] 张慧宇,袁卫忠,黄皓,谢立,《LDAP研究及其在CA中的应用》2002/10
[7] 林磊,骆建彬,邓宪,宋志刚,《管理信息系统中基于角色的权限控制》,计算机应用研究,2002/6
[8] 胡艳,戴英侠,卢震宇,连一峰,《基于RBAC模型的认证和访问控制系统》,计算机工程,2002/10
[9] 葛佳,王立福,张世琨,《基于角色的访问控制应用研究》,安全技术防范,2002/4
[10] 叶锡君,许勇,吴国新,《基于角色的访问控制在Web中的实现技术》,计算机工程,2002/1
[11] 韩兰胜,刘辉,《基于角色的访问控制中角色的划分》,湖北工学院学报,2002/9
[12] 查义国,徐小岩,张毓森,《在Web上实现基于角色的访问控制》,计算机研究与发展,2002/3
[13] 张大江,钱华林,《RBAC的数字证书实现方案》系统工程理论与实践,2002/4
[14] SD-ERP2000开发平台开发白皮书,广州速达软件开发公司
[2] Gail-Joon Ahn, Ravi Sandhu, Myong Kang and Joon S. Park, "Injecting RBAC to Secure a Web-Based Workflow System"
[3] Joon S. Park, Gail-Joon Ahn, Ravi Sandhu, Joon S. Park, "Role-based Access Control on the Web Using LDAP"
[4] Joon S. Park, "Smart Certificates: Extending X.509 for Secure Attribute Services on the Web"
[5] John Barkley, "Implement Role Based Access Control using Object Technology"
[6] 张慧宇,袁卫忠,黄皓,谢立,《LDAP研究及其在CA中的应用》2002/10
[7] 林磊,骆建彬,邓宪,宋志刚,《管理信息系统中基于角色的权限控制》,计算机应用研究,2002/6
[8] 胡艳,戴英侠,卢震宇,连一峰,《基于RBAC模型的认证和访问控制系统》,计算机工程,2002/10
[9] 葛佳,王立福,张世琨,《基于角色的访问控制应用研究》,安全技术防范,2002/4
[10] 叶锡君,许勇,吴国新,《基于角色的访问控制在Web中的实现技术》,计算机工程,2002/1
[11] 韩兰胜,刘辉,《基于角色的访问控制中角色的划分》,湖北工学院学报,2002/9
[12] 查义国,徐小岩,张毓森,《在Web上实现基于角色的访问控制》,计算机研究与发展,2002/3
[13] 张大江,钱华林,《RBAC的数字证书实现方案》系统工程理论与实践,2002/4
[14] SD-ERP2000开发平台开发白皮书,广州速达软件开发公司