| Web OA is a kind of OA system based on the Intranet/Internet. The increasingly serious security problems, however, are restricting its applications. This paper studies some key technologies such as authentication, data security, access control and audit for the application security of Web OA. Then a solution using two-level authentication, RBAC and Audit is presented and realized in our Web OA system.PKI is one of the most popular technologies in the present security domain. We can conveniently realize user's authentication and provide confidentiality, anti-forgery, non-repudiation and integrity, by using CA authentication, SSL proxy, digital signature and digital envelope based on PKI. On the basis of CA authentication, a two-level authentication is realized in this paper, in which CA authentication and the authentication of application system are integrated.Access control aims at no illegal authority to use the system's resources. Role based access control is one kind of access control technologies which has been developed in the recent years. It helps the manager reduce the access control complexity. This paper presents two improved RBAC model-SP-RBAC and ARBAC based on RBAC model. And they have been realized in our Web OA system.Audit is for the system's verification, examination and computation. It is an effective supplement to the system's security. This paper takes the RBAC model as a foundation, presenting a kind of role-based audit model-RBA and two advanced RBA models, which fully use the superiority brought by role in the system's access control. The proposed models can facilitate the realization of the system's application audit.
|
PDF Full Text Request