The Research And Application Of RBAC Model In Web Environment

With the development of Internet application, the demands for security of network keep increasing. Access control has become one of the most important techniques to avoid unauthorized access. Access control is generally concerned with determining what users and groups of users can perform what operations on what resources. With access control service, we can restrict the approach to critical resource, avoiding damage brought by illegal user's intrusions or legal user's inappropriate operations.Discretionary Access Control (DAC) and Mandatory Access Control (MAC) are two primary traditional access control techniques. But both of them have their own typical shortage. Role-Based Access Control (RBAC) technique emerges as the latest development of Access Control theory. In RBAC, an important conception"role"is introduced. It effectively overcomes the shortages of traditional access control technique mentioned above. It can reduce complexity of grant management and decrease the cost of management, as well as make the process of designating and executing specific policy of protection more flexible, which gives the administrator a better environment to implement policy of security. But the traditional RBAC model also has many shortages such as dynamic role in the lack of certification, the oversize of permission granularities and not disassembles workflow to tasks.With the research or traditional RBAC model, this project improves and provides a new RBAC model: Task Time-constraint RBAC model. This model imports the conception task unit and time constraint and overcomes the shortages of traditional RBAC model. This model provides the ability to dynamic access control in the Web environment. According to this model, this project designs and develops an application system. With the visualized role editing interface, workflow definition and task disassembly, the administrator can construct roles and their hierarchy, permission association and user deployment quickly and straightforwardly. This project also provides dynamic permission verification of resource accessing and transparent to users. It solves the problems of resource access dynamic control at Web environment.