| As one of the five standard security services defined by the InternationalStandardization Organization (ISO), access control is an important mechanism to ensuresecurity of an information system. And, the access control mechanism has demonstratedgreat advantage in meeting the security requirements of the internal system of anenterprise or institution. However, the technologies of traditional access control, i.e.,discretionary access control and mandatory access control lag far behind the securityrequirements of modern systems. In contrast, administrative role-based access control(ARBAC) is becoming a significant component of a secure and reliable applicationsystem. Thus it is of great significance to build a complete and practical ARBAC modelas well as a rationally and efficiently designed application framework based on theARBAC model.A brief introduction to present access control technologies, especially severaltraditional and classical role-based access control (RBAC) models, is given by thisdissertation at first. And the reasons for the obstruction of the practicality of RBACmodels are also analyzed.On this basis, the points which can link RBAC96, ARBAC97, ARBAC02 andSARBAC with realistic systems are found out by this dissertation. And a new practicalARBAC model is described though the tree-structured organizational unit and theadministrative scope. With additional administrative functions like administrativepermissions delegation, user pool and permission pool, this ARBAC model is madeflexible and simple in administration and easy to be understood and realized. Then thedata structure schemes of the ARBAC model and the simple design of major moduleinterfaces are laid out in this dissertation.According to the ISO10181 access control framework, the application frameworkof the practical ARBAC model is designed in this dissertation, and its designtechnologies are discussed in detail. The application framework of the model strives forhigh efficiency and practicality. At this dissertation's ending, the implement of the application framework is described in an intranet monitoring system. |
PDF Full Text Request