The Study And Realization Of File Monitor System Based On RBAC

With the rapid development of computer network, the scale of Intranet is expanding gradually. Managers in enterprises think a lot of border-security of Intranet. To ensure important data not to be stolen or destroyed, enterprises have spent massive manpower, physical resources and financial resources. However it is proved that these measures only can reduce Intranet exterior security threat, and decrease opportunity to which the hacker intrudes. Enterprise's important data is facing the converging threats of both interior and outerior, and facing the destruction which or has no intention. Important data of enterprises is often kept dispersedly in the computers of cadremen. Some employees underestimate the importance of security, so the data is exposed directly to the threats from interior vicious employees. According to this situation, a file-monitor system solution based on RBAC is presented in this paper. Based on analysis, research and comparison to the access control theory, an overall solution about file-monitor system based on RBAC is proposed. Research, design and realization complete process of the management end and the monitoring end are explained. In the view of the operation pattern of enterprises, the solution is feasible. For the design and realization of the monitoring end, studies focus on the technology of concealment about Trojan horse. Process-concealment and communication concealment in Win2000 system are realized in this paper. Two modes used most commonly recently are analysed, and API function intercepting technique is narrated in detail. It makes a solid foundation to realize the plan. In the safeguard system of confidentiality and integrality, an entire set of solution that includes obtaining secret key, encryption, decryption and message digest is proposed. RC5,MD5 and how to get secret key safely by CA center are also narrated in detail in this paper. For the design and realization of the management end, the characteristic of RBAC in database design and realization is narrated, and each database function as well as mutually between relations are focused. At present, the solution designed in this paper has already obtained preliminary application, and further experiment and improvement will be needed.