Design And Realization Of Access Control Model Of Educational Information System

With the widely application of information systems, people have paid more and more attentions on the security of system recently. Access control is one of the key technologies that solve the security problems. Based on the gradually deepen that in the theoretical research, the related applied researches have been greatly developed. Compared with traditional DAC and MAC models, Role-Based Access Control (RBAC) Model can show better flexibility and expansibility, and becomes the best and most popular access control model nowadays.Along with the rapid development of the elementary education of Shaanxi Province, especially the implement of modern-times and long-distance education project in the national country school, the computer hardware condition has been greatly improved in elementary school and middle school. Unfortunately, the educational resources are deficient and chaotic. Therefore, the Department of Education of Shaanxi Province arranges the Shaanxi Audiovisual Education Center to start the project of Shaanxi Elementary Education Resources Platform. The goal of the project is to bring the constructions and the applications of the elementary education resources into order by this platform. Based on the fundamental theory of RBAC and the experience of this project, the author researches the application of RBAC that applied in educational information system.Firstly, this paper simply introduces traditional access control strategy and model, and gives the formal description of the model RBAC96 and the model ARBAC97. Based on a careful comparison of the traditional access control models, the paper demonstrates the necessity of using RBAC in the educational information system. According to the characteristics and the security requirements of the educational information system, an improved RBAC model was proposed. When establishing the session, the system adds dynamic constraints on role that can control the roles' data access range and make the model to adapt the multi-level framework of applications. According to the improved RBAC model, the author shapes the realizable plan of RBAC in the educational information system, and carries on the role division, thepermission assignment, the constraint management and the RBAC management, and discusses the characteristic and superiority of the plan. Finally, taking the development of Shaanxi Elementary Education Resources Platform as an example, the author elaborates the realization of RBAC, and proves the feasibility of the plan about the educational information system. Major findings are as follows:(1) In role inheritance, if the role is parted excessively to has the single system permission, it can aggravate the role management. In order to solve the flaw, the author proposes the concept of the role of dynamic limited. The role will be limited when it was activated. In this way, the system guarantees the different organization users have the different accessing permission of different data, but not aggravate the role management.(2) The RBAC model was set up in UML. Firstly, the author portrays the class, the relationship of the class, and its multiplicity. Secondly, the author portrays the method of user accessing the system function with the Use Case Diagram of session establishment and permission assignment. Finally, the author portrays the characters of RBAC dynamic management with the Collaboration Diagram of session establishment and the Sequence Diagram of permission assignment. Through UML express the RBAC model, the application of RBAC model is possible to be carried out.(3) The control architecture was proposed in this paper. Its core is the Access Control Server, including User and Permission management Server, the Role and Permission management Server, role information library, permission information library, and so on.(4) In developing the Shaanxi Elementary Education Resources Platform with RBAC technology, the author creates correlative information database, and describes the arithmetic formula of user management, user assignment, permission assignment. Through the work above, the author practices the access control mechanism in educational information system.