T-RBAC Based Expended Digital Rights Management Model Research On Enterprise Environment

With the development of internet technology and the enlarging of enterprise scale, information management in the intranet becomes complicated increasingly. The sensitive data in the system need protect at different levels. The workflow technologies are used widely that increases the difficulty of security control for data. The emergence of new business connection makes the cooperation scope larger than before. The complexity and frangibility of the business information system cause the security problems arisen continuously. Currently, the DRM is paid more attention increasingly, still constrained because of the low effect management and the invalid access control mechanism in protecting enterprise data contents.This thesis takes the modern enterprise application requirement as study background, takes the limit of restricting the capability of accessing key resource and the prevention of protecting the data from invading by illegal visitor or misusing by legal user because of the carelessly operating as the aim, mainly studies and discusses the problems that how to enhance the security of information system and workflow at the aspect of access control. After analyzing the condition and progress that are relevant to this studying field, based on several typical access control models and existent DRM models, according to the character of this studying background, this thesis proposes Task-Role Expended Digital Rights Management model (TR-EDRM) that is applicable to local general resource and workflow. The model absorbs the advantages of Access Control and DRM, based on RBAC-and-TBAC combined approach. On the basis of task classification, it can apply to workflow and non-workflow tasks. It solves the problem of role hierarchy partial inheritance.This thesis gives primary conception of the model, the formalized description of T-REDRM and a detailed analysis of several key components of the model realization, puts forward the corresponding solution. In this model, it makes the concept of role for non-workflow, the permission and the user separate in logical meaning by use of the concept of the role to improve the management of access control; It integrates the concept of role and the standpoint of task to carry out the access control for workflow in order to force the validness of role permission change along the alteration of task's state, enhancing the security. Finally, this thesis gives the main frame of this model and the design of the central modules. The model has been implemented and applied in the enterprises. It can satisfy the needs of the business enterprise in protecting electronics files.