| Role Based Access Control, as one of the most popular mechanism for permission management, has been widely adopted for wide-scale system in practice. Also, there are much research focusing on it and a general RBAC standard has been available and accepted by industry as NIST RBAC. The essential of RBAC is the separation of user and permission. As a bridge between them, role is defined and it can comply with people's duty in work.Although RBAC is convenient and flexible for access management, there are some problems in practice. It's hard to define permission system should be controlled and there is no much extension mechanism for it. And there is space for further improvement of RBAC when putting it into practice, such as role constraint etc.The dissertation introduces methods of access control. It first presents general access method DAC and MAC, and then introduces RBAC in detail. The improvement of RBAC comparing with DAC and MAC is represented in it. TwoThe dissertation researches the techniques of RBAC integrated with process. It discusses a way to define permission and role based on process definition in which permission maintenance and system extension ability will be largely improved. Then it discusses on role constraint in RBAC system in detail. A constraint classification is put up and some new constraints are extended in besides NIST RBAC. After that, the techniques and strategies about how control RBAC system itself with RBAC mechanism is illustrated in detail.At the end of the dissertation, the functions, architecture, design and implementation of a Process based RBAC are presented. It's Web based and works under J2EE. It supports Permission and Role definition and maintenance.
|
PDF Full Text Request