The Research And Application Of Access Control Model In Moodle

With the network technology development, the security of network information becomes increasingly important. Access control is a special information security technology which confines user's access ability and access scope by some means. Through the China-Canada co-operation project "The Western Region of China Education Network Teaching System", this thesis mainly discusses the research and application of access control model in Moodle.This thesis analyzes access control mechanism and access control polices, then an in-depth research on the tradition access control Discretionary Access Control (DAC) technology and Mandatory Access Control (MAC) technology is carried out. DAC could induce the proliferation of permissions easily and MAC may lack of flexibility caused by strict specification. They can not adapt to the complex application environments. The emergence of RBAC effectively overcame the shortcomings of tradition technology, but in practical applications there is still some shortcoming on distributing the authority role to user in an better way in a particular context.Based on the core ideas of RBAC96, ARBAC97 model, this thesis selects the access control model of Moodle to study. Through the research on the definition of the access control for a particular role based on the context of constraints, the component and deployment of the access control model in Moodle, we found that the access control model of Moodle has the advantages of being combined with RBAC, and that it is proved very suitable for the development of network teaching system. In this thesis Moodle is selected for the basis development platform. By extending the concept of user group in existing access control model, increasing proper roles and permission and introducing the corresponding units of the entity body, corresponding changes are taken from user, roles to permission.Through analysis, design, implementation and testing the expansion model, the results show that the expanded access control model in the context of constraints on the role in the network teaching system could be easily to use and enhance the performance; the requirements of the course of the practical application of user group, resource organization could also be satisfied. By using the design ideas of Moodle, the costs of development and maintenance also could be reduced, therefore the system has good application prospects.