| In recent years, RBAC (Role-Base Access Control) as an area of access controll is developed rapidly. The basic idea of RBAC is to achieve logical isolation between User and Privilege through Role, thus simplifying the access control management. However, when it comes to many users, roles and privileges of large systems, how to define and manage hundreds of users, roles, privileges and the relationship between them is very complex. Although ARBAC97 and ARBAC99 framework for the management of RBAC model is the solution of this problem to a certain extent, but it still has its limitations.ARBAC97 models built on the subject of the restricted user pool and the restricted privilege pool. The assignment of users to roles and the assignment of privileges to roles are more complex and serious information redundant. Role hierarchy is difficultly maintained and established security strategy is often destroyed by role-conflict. Furthermore, the model does not change dynamice with the context of information content. In this Paper we improve the ARBAC97 models partly from the perspective of application. The RBAC administration model, which including URA model, PRA model and RRA model, is optimal designed by using the methods of System Prerequisite Conditions, Private Privilege and Role Separation. And to obtain dynamic character by adding task-based run time constraints. Thus, a new RBAC administration model came into being. The model overcame the shortcomings of ARBAC97 models. It can meet the needs of various applications. Furthermore the management of RBAC is simple and effective.Based on the improved model of RBAC, combining current popular Compoment techniques, a detailed designed system is given. The system is cross-platform, reusable and can be easy maintained. It can easy adapt the needs of access control management of large enterprise application system. |
PDF Full Text Request