Design And Implementation Of Bank Privilege Middleware Based On Improved RBAC Model

With the rapid development of information technology, the flexibility of access control requirement, for enterprise-wide management information system is a greater challenge. Popular permissions control technology at the15th International Computer Security Conference by Ferraiolo and Kuhn role-based access control (Role-Based Access Control, RBAC), assign permissions to roles to users, assign roles way to complete the access authorization and control, user permissions phase separation authority control flexibility. This control technology can reduce the complexity of the management information system permissions control, reduce the workload of the permissions administrator, saving the overhead of system security management has been widely recognized and concerns. Permission definition is often limited to the well-known increase, delete, change, check the operation of the weak control of the level of data, such as data users operating authority on the part of the column data in the data table and part of the line can not be limited. Therefore, the traditional model of the fine-grained requirements are relatively high system and sensitive data operating authority can not be effectively controlled.For existing RBAC model in practical applications, there are still too close coupling the authority control granularity enough refinement and other defects, improved RBAC model to improve the permissions control mechanisms of the existing management information systems. RBAC model proposed in this paper has better theoretical significance, and has good application value in the practical application. In the paper presented an efficient and easy-to-use, improved model based AOP and RBAC permissions control solutions, fine-grained permission control and authority control logic and business logic completely decoupled, then the equipment platform gives the concrete realization of the rights middleware core part (authorized part and permissions check part) combined with China Merchants Bank, in order to verify the AOP and improved RBAC model combines the availability and efficiency. The main content of this paper include the following aspects:(1) Permission to access control model research problem, this paper presents an improved RBAC model, the model has to alleviate the workload of permissions administrator to increase the flexibility of the advantages of the authorization process;(2)Introduced the concept of crosscutting concerns architecture. The crosscutting features modular condensed of the purpose of the development process;(3)Combined AOP technology and RBAC improvements to the model proposed a new permission middleware design based on Aspect Oriented Technology (AOP);(4) A new AOP-based user authentication and authorization management system solutions. In this paper, the improved RBAC model is based on a fine-grained permissions control and separation of concerns using aspect-oriented programming techniques, making improved rights management module better maintainability and scalability.