| With the booming of global Internet, net systems and applications which is based on Internet technologies have been experiencing a rapid development. In an open Web environment, access control techniques take an important role in system security. This paper theoretically and practically studies the techniques of integrating Role-based Access Control with Web-based applications.We analyze the deficiency of NIST-RBAC model in access control granularity and propose an improved RBAC model. We also discuss the principle of system security such as privilege compartmentalization and least privilege and the characters of access control in Web-based applications. According to the result of these discussions, we summarize the requirements and goals of common Web-based applications. We investigate insufficient of existing RBAC applicative models and explore a way to improve them using JSP, JavaBeans, JDBC and combination of these techniques. We extend the existing RBAC applicative models to a new Java platform supportive one, JRBAC, by subjoining error handle, audit and Web-based RBAC administration tools. Finally, we apply this new model into a Web-based financial DDS to prove its feasibility.This paper has three main sections. Section one analyzes the requirements of an actual Web-based system. Section two studies the conceptual model of RBAC and implement method. Section three designs and implements the JRBAC applicative model. |
PDF Full Text Request