Research And Application Of An Extended Role-Based Access Control Model

The21st century is the information age, information technology has become thehandwriting of the times, portraying the direction of reform and development. As thephysical entities and critical infrastructure of the information technology,information system is increasingly showing its importance. The access control model isthe important infrastructure of implementing the security of information system. Byappropriate access permissions management， access control protects the systeminformation and resources, and prevent the user‘s unauthorized access to the systeminformation.The basic idea of role-based access control is to not directly granting permissionsto specific users but setting the role of bridge between the users and permissions. Eachkind of roles is accompanied by a set of corresponding permissions. Due to theintroduction of the characters that simplifies user’s authority management and reducesthe cost of system, it has been widely applied and researched.Firstly this article analyzes and compares the discretionary access control, themandatory access control and the role-based access control in detail, then the role-basedaccess control of the RBAC96model is been researched deeply. The author putsforwards a kind of extended access control model according to the shortcomings of theRBAC96model in practical application, which adds time constraints and sequencecontrol, details the privilege control and solves the problem of the original model thatlacks time constraints. In order to prevent the senior roles owning unnecessarypermissions, the new model is improved by adding classified attributions whichinclude public attributions and private attributions on the inheritance relationships.Besides, this model also joins the audit system which can record the operation of users,make sure that any errors can be tracked.The extended RBAC model has been realized and applied in the design of QingdaoTechnology university bachelor teaching evaluation system. This paper not onlydescribes the core functional modules, database designs and the realization of RBAC model in teaching evaluation system but also analyzes the safety of the system, thenrealizes the access control strategy.By test and trial run, this system works well.