基于角色访问控制的研究与应用

论文字数:22082,页数:40 有开题报告，任务书，PPT

摘  要
 计算机技术安全管理的范围很广，可以包括网络安全性、数据安全性、操作系统安全性以及应用程序安全性等。对一个多用户商用应用系统而言，系统的安全访问控制是必须的，系统不仅要满足功能性需求，还要满足安全性需求。系统的安全访问控制一般是通过用户认证和用户权限管理来实现。各类应用系统的整个体系结构上要设计一个安全可靠、配置灵活、易扩展的安全控制模块，它主要有两部分内容：用户认证和用户权限管理。目前大致有三种安全模型：访问矩阵、基于角色的访问控制（RBAC-Role based access control）模型和多级模型。其中基于角色的访问控制模型得到了日益广泛的应用。
 基于角色的访问控制是一种新型访问控制模型，它的基本思想是将权限与角色联系起来，在系统中根据应用的需要为不同的工作岗位创建相应的角色，同时根据用户职务和责任指派合适的角色，用户通过所指派的角色获得相应的权限，实现对文件的访问。它支持最小特权、责任分离以及数据抽象三个基本的安全原则。

关键字：访问控制；基于角色访问控制；角色；自主访问控制；强制访问控制；RBAC96，ARBAC97
Research and Application on Role-Based Access Control
 
 
Abstract
 The computer technology safety control scope is very broad, may include the network security, the data security, the operating system security as well as application program security and so on. Speaking of a multi user commercial application system, the system safe access control is must; not only the system must meet the functionality need, but also must meet the secure need. The system safe access control is generally realizes through the user authentication and the user jurisdiction management. In each kind of application system entire architecture must design the safety control module which a security reliable, the disposition nimble, easy to expand, it mainly has two parts of contents: User authentication and user jurisdiction management. At present approximately have three kinds of security models: Visit matrix, based on role access control (RBAC-Role based access control) model and multistage models. In which obtained day by day the widespread application based on the role access control model.
 Based on the role access control is one kind of new access control model, its basic thought is relates the jurisdiction and the role, needs to found the corresponding role in the system according to the application for the different operating post, simultaneously acts according to the user duty and the responsibility designation appropriate role, the user through the role which appoints obtains the corresponding jurisdiction, realizes visit to the document. It supports the least privilege, the responsibility separation as well as the data abstract three basic security principle.
Keywords: Access control; RBAC; role; discretionary access control; mandatory access control;  RBAC96;  ARBAC97
目  录

1 绪论 1
1.1信息安全中的访问控制技术 1
1.2访问控制技术的发展过程 2
1.3基于角色的访问控制技术（RBAC）的现阶段研究 3
1.4本论文选题的意义 4
1.5本文研究的主要内容 5
2 访问控制方法 6
2.1传统访问控制技术 6
2.1.1DAC技术及其发展 7
2.1.2MAC技术及其发展 7
2.2新型访问控制技术 9
2.2.1基于角色的访问控制 (RBAC)及其进展 9
2.2.2其它访问控制及其进展 10
2.3访问技术的发展趋势 11
3 RBAC理论模型 11
3.1RBAC理论模型介绍 11
3.1.1RBAC核心 (Core RBAC) 12
3.1.2角色的层次(Hierarchal Role) 13
3.1.3 RBAC的约束 14
3. 2 RBAC理论模型近年的发展 14
4 RBAC96和RBAC97模型 15
4.1RBAC 96 模型 15
4.2ARBAC 97（Administration RBAC Model）模型 16
4.2.1用户-角色分配管理（User Role Assignment URA 97） 16
4.2.2权限-角色分配管理（Permission Role Assignment  PRA 97） 16
4.2.3角色-角色分配管理（Role-Role Assignment RRA97） 16
5 基于角色访问控制在实际项目中的应用 17
5.1超市人事管理系统需求分析 17
5.2超市人事管理系统设计思想 18
5.3人事系统的总体结构 18
5.4RBAC在超市人事管理系统中的设计与实现 19
5.4.1人事系统RBAC访问控制模型 20
5.4.2角色的设计 20
5.4.3角色间的关系设计 21
 5.4.3.1角色间的继承关系 21
 5.4.3.2角色间的静态互斥关系 23
5.4.4 RBAC于人事系统的数据库设计 24
 5.4.4.1 SQL Server2000中的RBAC特征 25
 5.4.4.2系统前后台实现权限统一管理 25
 5.4.4.3 RBAC数据库实现 26
5.5 RBAC系统的运行步骤 29
5.6 RBAC安全授权的相关机制 29
总结 31
致 谢 33
参考文献 34