| Access control of the database system is a very important research direction in database security. Currently, Role-Based Access Control (RBAC) is such a model that is universally researched and widely applicated.It wil be very important to deeply research and effectively expand RBAC .When information system's user number are becoming abnormal huge, the allocation and management of user's role become complex and trival. Combining with actual need to expand the original RBAC model ,and offers a new access control model A-RBAC.This model combinate RBAC model with the attribute-based access control model , according to the user's information and resources information, automatically generating user's role, so this model avoids the tedious manual distribution of roles. Through the analysis of user access strategies in correlation of attributes of users and information resource , this model sets up simple attribute expressions and complex attribute expressions, and then offers the concepts of complex permissions and complex roles. According to the user's attributes and resource information attributes related, through simple attribute expressions and complex attribute expressions to allocate user role. Through multiple roles leaded by attribute expressions, it conclude that the user's ultimate role and final authority. By comparing this model with the original model and performance analysis, summarizes the advantage of the model, and implement the model.Laboratory Project Yellowstone cable television network monitoring system used this model to fulfill the unified management of users and devices. Practice shows that the implementation of the model is flexible and can effectively reduce the management workload of role and privilege, and can satisfy the security needs and the finer-grained requirement of the resource information yielding by numerous users growth, and can satisfy the more general application environment needs. |
PDF Full Text Request