| Secure spatial database,as a very important field in the research of information security,boasts wide applications,whose research is highly confidential since the countries with advanced information technology have been practicing the strategy of prohibiting the export of state-of-art security products to China,including database security products.Consequently,to research and develop independent security database products is a significant measure to be taken in terms of information protection.The appearance of RBAC(Role-Based Access Control) model facilitates the permission administration within an organization.At the same time,with the wider and wider applications of role-based assess control,it is imperative to take the spatial characteristics into consideration in the model.This thesis,based on open resource database PostgreSQL,is intended to discuss the characteristics of role hiearchy within a GEO-RBAC.A role hierarchy defines semantics concerning permission inheritance and role activation via the relationship among roles.The thesis first analyzes in detail the demerits of the existing role inheritance mechanism and then expounds on role inheritance semantics by reclassifying the semantics.Besides,a hybrid role hierarchy relationship is introduced into the GEO-RBAC model.This thesis mainly focuses on the following four issues:Firstly,a notion relevant to role hierarchy—a user's activable sets,has been introduced to indicate the access capabilities of a user after his being assigned a certain role in the hierarchy.The introduction of this notion makes it possible to formally show how to determine activable sets in a hybrid model with spatial characteristics and to elaborate how to control the user permission assignment by constraining the roles relevant to activable sets.Secondly,a set of inference rules have also been introduced,which can be used to infer the hierarchical relationship between two roles without apparently direct relevance.Research indicates that this set of inference rules is sound and complete.Thirdly,this thesis also discusses the issue of hierarchical transformations,which are analyzed in terms of role addition,role deletion and role partitioning.Last but not the least,on the basis of the theoretical research,this thesis,with PostgreSQL as the platform,realizes the secure access control and administration of role hierarchies within a system by inserting a GEO-RBAC model into the analyzer module of PostgreSQL.In a word,this thesis,based on a detailed analysis of the role hierarchy relationship within a GEO-RBAC model,makes some reasonable improvements over the existing role hierarchy relationship and realizes the GEO-RBAC model and role hierarchy administration tool on the PostgreSOL database platform. |
PDF Full Text Request