Research And Application Of Access Control Based On RBAC And AOP

The Access Controlling Model becomes one of the discussed hotspots, and the Model based on RBAC (Role-Based Access Control) is a focus in these hotspots. In addition, it has shown great advantage in meeting the security need in management information system. With access control service, illegal approach is restricted from critical resource, and damage caused by illegal user's intrusions or legal user's inappropriate operations is reduced. Comparing with general access control model, RBAC introduces to the concept of 'role'. RBAC assign access permissions to relevant roles, and executes access control based on a user's role in an organization.In this thesis, firstly, several popular access control models including relevant environment are researched in this paper. The RBAC model is the emphasis of them. Although the RBAC model has accepted by many people, the traditional RBAC model is defective in role-management, such as heavy complexity and rough granularity. As a result, an improved model is proposed, and the characteristics of this model are described in detail in which group, special permissions and permission constraint elements are included. And then the implementation of applying this improved model based Aspect-Oriented Programming (AOP) technology is studied indepth and described indetail.As a conclusion, AOP does well in separating the behaviors, which crosscut many component of the system. These behaviors can be implemented separately. By such approach, when the target is invoked the permission verifiation mechanism will be triggered automatically based on the principle of interceptor instead inherits the access verify and invokes it. It results in the permission verify code in operation module completely disappear.Finally, this model has been implemented based on AOP with which the codes are greatly reused as well as the codes complexity of the kernel module are reduced and the couple of the modules are eliminated by contrasting with Object-Oriented Programming (OOP). And then, the implementation is detailedly described.This thesis is on the background of the framework FrameServer, but the RBAC model isn't localized at the framework. The implementation is based on AOP, so it if fit for the frameworks which provides AOP especially for the interceptor.