基于RBAC模型的网络信息系统权限管理的设计和实现

本文提出了基于RBAC模型的权限管理的设计和实现方案,讨论了权限管理为核心的面向对象设计模型,以及权限访问和权限控制等技术。     

Context-Sensitive Access Control Model for Government Services

During the past two decades, e-government information systems have become less paper-based and more computer-based. Those information systems usually take the form of workflow systems. Due to the large social impact of e-government systems, computer security plays a pivotal role in ensuring its efficiency and effectiveness. Access control is one of the key aspects of computer security. Current access control models do not take into account the context of the system and its environment. In this article, we argue that a formal context-sensitive access control model can improve the development of e-government workflow systems and present a particular context-sensitive access control model. The subject of the article is a specification of the context-sensitive access control model for business processes (COBAC). By using a context-sensitive access control, it is possible to define more sophisticated access control policies that cannot be implemented by existing access control models. The COBAC's context is modeled using Web Ontology Language (OWL) in order to provide formal representation of context, rich representation of diverse contextual information, semantic interoperability between various context-aware systems, and a high degree of inference making. The presented model is applicable in different e-government systems, and supports the definition of access control policies for both simple and complex business processes. The model's prototype is verified by a case study on a real e-government business process—the national petty offense trial proceedings.     

RBAC在B／S系统中的应用

本文根据RBAC96模型,介绍了RBAC的基本理论,分析了RBAC的优点,并结合银行业务系统,讨论了KBAC在B/S系统中的应用.     

A Conditional Role-Involved Purpose-Based Access Control Model

This paper presents a conditional role-involved purpose-based access control (CPAC) model, where users dynamically activate conditional roles in accordance with the context attributes. Based on conditional role, access permissions are assigned that represent what can be accessed for what purpose to roles under certain conditions. On the other hand, conditional purpose is applied along with allowed purpose and prohibited purpose in the model. It allows users using some data for certain purpose with conditions (for instance, Tony agrees that his income information can be used for marketing purposes by removing his name). The structure of a CPAC model is defined and investigated. Access purpose is verified in a dynamic behavior, based on user attributes, context attributes, and authorization policies. Intended purposes are dynamically associated with the requested data object during the access decision. An algorithm is developed to achieve the compliance computation between access purposes and intended purposes and is illustrated with role-based access control (RBAC). Access purpose authorization and authentication in the model are studied with the hierarchical purpose structure. The model separates authorization of access purpose from access decision that improves the flexibility of private data control.     

浅析校园信息系统中权限控制的研究与应用

针对校园信息化建设中统一用户管理系统的权限控制的实现,分析研究用户访问控制模型及其应用;通过剖析传统的基于角色的访问控制模型(RBAC)的不足之处,设计改造出扩展的基于角色和组的访问控制模型(ERBAC),并给出实际应用设计,总结该模型的优势。     

基于.NET构架的OA权限控制的设计

针对办公自动化系统中存在的权限控制问题,提出了一个基于ASP.NET技术的权限控制方案。相对于通用的权限管理解决方法,该方案更为简单和可行。所提出的方案已经成功应用于实际的OA系统中,具有较高的可靠性和安全性。     

基于RBAC的二维访问控制模型设计

基于角色的访问控制(RBAC)是目前应用较为广泛的访问控制技术,但是传统的RBAC模型难以实现多种权限对象的授权和访问控制。本文通过对传统的访问控制方法的分析,在传统的RBAC模型的基础上进行扩充和改进,提出了一种集成功能权限和数据权限的二维访问控制模型。     

基于角色存取控制技术在电子商务安全中的应用研究

本文给出了改进的DBSS模型。通过对传统RBAC模型中角色概念的扩展,提出一种基于应用程序层的RBAC模型。定义了不同的角色关系和操作权限集,给出了角色控制模块中功能层的权限管理,以及数据库访问权限管理的实施方法。     

PKI／PMI技术在电子商务系统中的应用研究

随着电子商务的发展,信息安全越来越显得尤为重要。本文将当前的PKI、PMI、RBAC等安全技术结合起来,提出了一种独立通用的安全模型。该模型使用身份证书和属性证书,并且基于角色授权,采用策略文件对安全进行控制,具有灵活性和可扩展性,能够满足为所有电子商务系统和访问者解决身份认证、访问权限控制、消息传输安全等问题的要求。     

大型信息系统访问控制模型SGFRBAC的设计与实现

本文针对大型信息系统访问控制管理的特点和要求,通过引入主体类、"一主体多用户"模式以及客体资源的域管理等对RBAC模型进行了优化,设计了基于GFAC框架和RBAC模型的访问权限控制模型SGFRBAC。并最终在ASP.NET Framework 2.0+Microsoft SQL2000 Server平台下实现了本模型。