| The thesis researches on the identity authentication and access control in information security technology. According to the security requirements of the highway project information management system, a fessible authentication and access control scheme is proposed in the thesis, and the implementation in the highway project information management system is given.This thesis researches on existing popular Single Sign-On model and Kerberos authentication protocol, and discusses the limits of Kerberos protocol in symmetric key technology, improves Kerberos protocol with the public key technology. Then it designs and realizes the agent-based single sign-on system, and by the second ticket method, ensures the safety of the SSO system. Meanwhile, the program has better performance in implementation, operating and management.The typical role-based access control model can't construct complex and flexible access control policies, through further abstract to user groups, resources, management roles and access models, the thesis expands the RBAC model and make it has stronger and more universal ability of expressing the real world. And, the expanded RBAC model-ERBAC model and the formal description are given.Finally, the thesis describes the implementation of agent server, ticket and filters in subsystem of authentication, and introduces the definition of the user groups, the structure of database and the setting monitor in subsystem of access control. |
PDF Full Text Request