基于角色的权限管理访问控制系统平台研究与实践
摘要
在信息技术高速发展的当今社会,随着互联网的飞速发展,各种信息管理系统如雨后春笋般地不断涌现,为了维护信息管理系统的安全及网络安全,权限管理访问控制系统扮演着举足轻重的角色。构建强健的权限管理访问控制系统,保证管理信息系统的安全性是十分重要的,权限管理访问控制系统是管理信息系统中可代码重用性最高的模块之一。但几乎每个单位都有自己的权限管理系统,都要在这方面投入相当的人力、财力,为此我们有了构建统一的、通用的权限管理访问控制模型并赋予实践的念头。本文首先分析已有的基于角色的RBAC四种模型,RBAC0、RBAC1、RBAC2、RBAC3的现状及实施问题;总结其优缺点并对其进行改良,提出了改良的E-RBAC模型,并从需求分析、模型架构、模型实施方法等方面对模型进行了详细阐述,并给出了模型实施图;文中还对模型的设计从设计任务、设计约定、对象设计、数据库设计、功能设计、测试设计等方面进行了详细阐述;最后还对模型实施、关键算法、进行了概括阐述,对本系统的特点及使用前景进行了概括总结。
In the current society with information technology being developed rapidly, with the fast progress of Internet, big amount of different kinds of information management systems keep emerging. In the area of assuring the safety of the information management systems and the network, RBAC (Role-based access control) system plays an important role. It' s critical to construct a robust permission management access control system to make sure the safety of the management information system security. In the meantime, permission management system is one of the modules which code could be reused to the best degree. However, the current situation is that almost every unit has its own permission management system and invest considerable human and financial resources to it. Hence it dawns on us that we should build a unified, universal permission management model and subsequently put it into practice. This paper is based on the analysis of the status and implementation issues about the role of four RBAC models - RBAC0, RBAC1, RBAC2, RBAC3, summing up their strengths and weaknesses and making improvements to them by proposing new E-RBAC model; It also gives detailed description for the model in the aspects of needs analysis, model structure, and model implementation methods, etc. It proposes the implementation plans as well. Furthermore, it elaborates the model of the design tasks from the design, design agreement, object design, database design, functional design, and testing design aspects, . etc. Finally, the paper briefly explains the way of the implementation of the model and the key algorithm; also it summarizes the features of this system and its prospect in use.
In the current society with information technology being developed rapidly, with the fast progress of Internet, big amount of different kinds of information management systems keep emerging. In the area of assuring the safety of the information management systems and the network, RBAC (Role-based access control) system plays an important role. It' s critical to construct a robust permission management access control system to make sure the safety of the management information system security. In the meantime, permission management system is one of the modules which code could be reused to the best degree. However, the current situation is that almost every unit has its own permission management system and invest considerable human and financial resources to it. Hence it dawns on us that we should build a unified, universal permission management model and subsequently put it into practice. This paper is based on the analysis of the status and implementation issues about the role of four RBAC models - RBAC0, RBAC1, RBAC2, RBAC3, summing up their strengths and weaknesses and making improvements to them by proposing new E-RBAC model; It also gives detailed description for the model in the aspects of needs analysis, model structure, and model implementation methods, etc. It proposes the implementation plans as well. Furthermore, it elaborates the model of the design tasks from the design, design agreement, object design, database design, functional design, and testing design aspects, . etc. Finally, the paper briefly explains the way of the implementation of the model and the key algorithm; also it summarizes the features of this system and its prospect in use.
引文
[1]江水,基于角色的存取控制--RBAC.计算机工程,1998.24(10)
[2]吴远成等,基于角色的访问控制RBAC系统的概要设计.电子科技大学-卫士通信息安全联合实验室,2001.
[3]David F.Ferraiolo,Janet A.Cugini,D.Richard Kuhn,Role-Based Access Control(RBAC):Features and Motivations,National Institute of Standards and Technology,U.S.Department of Commerce
[4]Ravi S.Sandhu,Edward J Coyne,Hal L.Feinstein and Charles E.Youman,Role-Based Access Control Models,IEEE Computer 29(2)
[5]何斌,顾健,基于角色访问控制的权限管理系统[J].计算机工程,2004.30(增刊):326-328.
[6]梁彬,孙玉芳,石文昌等.一种改进的基于角色的访问控制实施BLP模型及其变种的方法[J].计算机学报,2004.27(5):636-644.
[7]Michael E.Shin,Gail-Joon Ahn.基于角色访问控制的UML表示[J].非程序员,2001.(25):20-22.
[8]蔡兰,郭顺生,李益兵,基于角色访问控制的动态权限配置研究与实现[J].管理技术,2005.20(3):86-87.
[9]徐震,李斓,冯登国.基于角色的受限委托模型[J].软件学报,2005.16(5)
[10]龙勤,刘鹏,潘爱民,基于角色的扩展可管理访问控制模型研究与实现[J].计算机研究与发展,2005.42(5)
[11]周沈刚,赵嵩正.一种基于RBAC的Web环境下信息系统权限控制方法[J].计算机应用研究,2005,(6)
[12]周福才,李金双,曹光辉等.基于MIS系统访问控制模型的研究[J].小型微型计算机系统,2004,25(9)
[13]邹晓.基于角色的访问控制模型分析与实现[J].微计算机信息,2006,22(63):108-110,224.
[14]张世明,杨寅春,基于角色的访问控制技术在大型系统中的应用[J].计算机工程与设计,2006,27(19):3723-3725.
[15]王振江,刘强,基于RBAC的扩展访问控制模型[J].计算机工程与应用,2005,(35):23-25.
[16]乔颖,须德,戴国忠.一种基于角色访问控制(RBAC)的新模型及其实现机制[J].计算机研究与发展,2000,37(1):37-44.
[17]National Computer Security Center,A Guide to Understanding Discretionary Access Control in Trusted Systems,NCSC-TG-003,September 1987.
[18]苗雪兰,一种基于角色的授权管理安全模型的研究与实现[J].计算机工程,2002(9)
[19]王广慧,基于角色的访问控制[J].网络安全技术与应用,2002.(9)
[20]Sandhu Ravi,Coyne Edward J,Feinstein Hal L,etal.Role2 Based Access Cont rol Models[J].IEEE Computer,1996,29(2):382-407.
[21]黄建,卿斯汉,温红子,带时间特性的角色访问控制[j].软件学报,2003.(14):11
[2]吴远成等,基于角色的访问控制RBAC系统的概要设计.电子科技大学-卫士通信息安全联合实验室,2001.
[3]David F.Ferraiolo,Janet A.Cugini,D.Richard Kuhn,Role-Based Access Control(RBAC):Features and Motivations,National Institute of Standards and Technology,U.S.Department of Commerce
[4]Ravi S.Sandhu,Edward J Coyne,Hal L.Feinstein and Charles E.Youman,Role-Based Access Control Models,IEEE Computer 29(2)
[5]何斌,顾健,基于角色访问控制的权限管理系统[J].计算机工程,2004.30(增刊):326-328.
[6]梁彬,孙玉芳,石文昌等.一种改进的基于角色的访问控制实施BLP模型及其变种的方法[J].计算机学报,2004.27(5):636-644.
[7]Michael E.Shin,Gail-Joon Ahn.基于角色访问控制的UML表示[J].非程序员,2001.(25):20-22.
[8]蔡兰,郭顺生,李益兵,基于角色访问控制的动态权限配置研究与实现[J].管理技术,2005.20(3):86-87.
[9]徐震,李斓,冯登国.基于角色的受限委托模型[J].软件学报,2005.16(5)
[10]龙勤,刘鹏,潘爱民,基于角色的扩展可管理访问控制模型研究与实现[J].计算机研究与发展,2005.42(5)
[11]周沈刚,赵嵩正.一种基于RBAC的Web环境下信息系统权限控制方法[J].计算机应用研究,2005,(6)
[12]周福才,李金双,曹光辉等.基于MIS系统访问控制模型的研究[J].小型微型计算机系统,2004,25(9)
[13]邹晓.基于角色的访问控制模型分析与实现[J].微计算机信息,2006,22(63):108-110,224.
[14]张世明,杨寅春,基于角色的访问控制技术在大型系统中的应用[J].计算机工程与设计,2006,27(19):3723-3725.
[15]王振江,刘强,基于RBAC的扩展访问控制模型[J].计算机工程与应用,2005,(35):23-25.
[16]乔颖,须德,戴国忠.一种基于角色访问控制(RBAC)的新模型及其实现机制[J].计算机研究与发展,2000,37(1):37-44.
[17]National Computer Security Center,A Guide to Understanding Discretionary Access Control in Trusted Systems,NCSC-TG-003,September 1987.
[18]苗雪兰,一种基于角色的授权管理安全模型的研究与实现[J].计算机工程,2002(9)
[19]王广慧,基于角色的访问控制[J].网络安全技术与应用,2002.(9)
[20]Sandhu Ravi,Coyne Edward J,Feinstein Hal L,etal.Role2 Based Access Cont rol Models[J].IEEE Computer,1996,29(2):382-407.
[21]黄建,卿斯汉,温红子,带时间特性的角色访问控制[j].软件学报,2003.(14):11