| Access control is a safety mechanism which protects recourses from un-authorized visits.The Role Based Access Control (RBAC) model is the most preferable model. It has been developed after the origination of Discretionary Access Control (DAC) model and Mandatory Access Control model (MAC). In the RBAC model, the separation of roles and authorities simplify the management of authorities. Compared with the traditional access control models, the RBAC model shows the advantage of neutral, which can achieve both role based access control and discretionary access control through configuration of resources. Also RBAC model can be used in different applications. All of these merits lead to the widespread of RBAC model.Although RBAC model is the most popular one, when a huge system is running, especially multi-systems are in application, the information need to be processed will increase drastically. The problem will be even worse when considering the complicated structures of enterprises and changes of human resources. Therefore, it is of great importance to simplify the systems'authorities management, once the securities of systems have been attained.In this thesis study, based upon the notion of the Composite RBAC model, an Extended Role Based Access Control (ERBAC) model has been proposed to address the problems brought along by the multi-systems control. In the ERBAC model, all the application systems have been divided into two layers: organization structure layer and system layer. Compared with Composite RBAC model, positions and organizations have been introduced into organization structure layer, making the actual layers are reflected in the organization structure layer. The system layer only needs to control the authorities and tasks of subsystems. By this mean, the difficulties and work load of developing new system are reduced. When the organization structures of the enterprises change, only the organization structure layers need to change accordingly. When the number or authorities of the systems change, only some small changes need to be taken to the components of the system layers. The ERBAC model improves the securities of the systems and are appropriate for the applications of large enterprises or governments.The design of ERBAC model has been done in this thesis study based on the information supervision system. In regarding to the requirement of the system, the modular of system access control has been achieved by using J2EE platform, which proves the feasibility and validity of ERBAC model. |
PDF Full Text Request