| Access control model is the core of access control technology. The establishment ofstandard access control model builds a foundation for the implementation of strict access control policy. RBAC model is now the most widely used access control standard, but it will cause a complicated management when the system becomes particularly large, especially when multi-systems coexist. Therefore, it is important to simplify the management of systems authorities in the premise of ensuring system security.As the management of access control is complicated in multi-systems in enterprises, we proposed an Extended RBAC model-OBDAC(Organization-Based Distributed Access Control)based upon the notion of the Composite RBAC model in this thesis. In the ODBAC model, all the application systems are divided into two layers:organization structure layer and system layer. The positions and organizations are introduced into organization structure layer, which maps the actual organizations into the organization structure layer. The role and authority of different subsystems are managed by the system layer, which not only reduces the difficulties and workload of developing new system, but also simplifies system maintenance. When the organization structure of the enterprises changes, only the element of organization structure layers need to be changed accordingly. When the authorities or number of the systems change, only the elements of the system layers need to be modified. Besides, the OBDAC model is appropriate for the applications of large enterprises or a government, for it improves the securities of the systems and reduces the complexity of maintenance as much as possible.Then, we define access control policy in the form of access control map, and add the definition of closure to solve the problem of changing of access control policy among multi-systems in this thesis. When access control policy changes in the system-level, each subsystem's access control policy is determined whether to change and how to change according to the three customized principles. In this way, access control policy of each subsystem can realizes synchronization, so that the changes in the real world can be well mapped into the system level.At last, we present the design of the ODBAC model which includes the model of the structural design, functional design and database design. In the model design, we analyze the positions classification, roles differentiation and authority division. To combine the background of training systems along with the practical needs of the project, we demonstrate the implementation of system access control model on J2EE platform, and verify the feasibility and accuracy of the model. |
PDF Full Text Request