| Information is the key resource of modern enterprise, and the mass information of them is required to be stored and managedeffectively, efficiently and securely. As a resources management platform, Enterprise Information System (EIS) is one of the infrastructures by which a modern enterprise can obtain competitive advantage. In order to manage resources effectively by using computers, EIS development method plays an essential role. However, most EIS projects are still not successful as being expected, and the Information System Architecture (ISA) is far behind the maturity of industry's desire.In any large-scale distributed EIS design, different people with different interests are involved. These people, called stakeholders, have their own views on the EIS design, for which they use their own modeling languages, techniques, and tools. So these differences and variety between different stakeholder-models make stakeholders cannot understand and communicate each other and commonly. During the past few years, EIS Development methods have treated access control as an assisted server, not a core component of architecture. Therefore, EIS architecture is not secure enough for itself. In addition, these access control technologies only restrict the rights by which one subject can access an object. That should raise the risk of divulging object's data because an authorized subject can access whole dataset the object owned.According to the consistency among stakeholder models, we analyze the complexity of EIS and proposed an ISA framework, called Entity-Controlled Based Information System Architecture Framework (ECISAF). In ECBISAF, "resource management" is established as a common point of interest, and "entity managing model" is served as a global unified perspective for stakeholder's view. To help produce a coherent and consistent design, the relationship between model clusters and that between the models of stakehold-er's members are built, and some rules used to judging the model consistency is also given. Compared to other frameworks employed multi-viewpoint design, ECBISAF not only guarantees consistency in the multi-viewpoint design, but also supports direct inter-conversation between models without any middle-model.After that, ECBAC (Entity-Controlled-Based Aaccess Control), an access control model, is proposed to resolve the problem of information resources security. Different from other access control techniques that structure user's action at levels of management, ECBAC orients to entity management and focus on who and how to do duties for information resources management. ECBAC provides a perfect constraint mechanism for subject identifying, duties obtaining and object resource accessing, so it can protect information resources statically and dynamically during whole managing process. Compared to other access control techniques, ECBAC achieves more fine-granule control for resources accessing.Finally, a security-rule driver EIS architecture (SRDEISA) is proposed based on ECBISAF and ECBAC. SRDEISA provides a schema of security rule representation to uniformly encapsulate policies for structuring, managing and transferring entity-controlled. The results of experiment and performance analysis show that SRDEISA can reduce workload of system development, and increases maintainability and manageability of target system. In addition, it achieves not only software entities reuse, but also system-level platform reuse.
|
PDF Full Text Request