| With the development of enterprise information construction, the security of information systems is paid attention day by day. As an important mechanism to ensure system security, authority management has been a research focus. Vulnerability database is a platform to publish information of security vulnerabilities, and the research on its authority management model is a very important step of platform construction, which is of practical significance.In this article, based on the investigation of development status of vulnerability database and authority management, we analyzed the deficiencies that current authority management model is difficult to modify, monotonous in role hierarchy, insufficient in strict inspection, and too rough in control level. For the fact that vulnerability database requires business security to be easy to modify, valid in role hierarchy, strict in inspection and fine in control level and to be of a dynamically extensible authorization mechanism, we designed a dynamic, strict, hierarchical and controllable access control model, whose innovation is: that we extended the RBAC access control model, took security elements such as dynamic authority definitions, role hierarchies, role constraints and instance-level access control into consideration, and extended the Spring Security framework to make it dynamically modifiable, hierarchical in role definition, strict in role inspection, and fine in access control level. The authority management system developed and implemented in the article was applied in vulnerability database, and reached the goal that the access control model in vulnerability database is suitable for business security flexibility. |
PDF Full Text Request