Application Research Of Extended Privilege Management Model In EBMS Based On RBAC

As the Internet continues to grow, network security becomes increasingly important. Due to web-based system’s openness and sharing of resources, its system security has always been an urgent problem. After a long-term study in depth, researchers raise a number of authentication mechanisms. But with the system size and complexity continuing to increase, people are increasingly aware that single security method has some limitations. In order to really solve the problems, we must rely on a variety of security mechanisms.The traditional access control strategies include:Discretionary Access Control(DAC), Mandatory Access Control(MAC). But they have some shortcomings. DAC’s security performance is weak. During the process of movement of information, its access relationship my be altered. MAC needs large amount of work and is strict for access control. So MAC is not suitable for large scale systems that subject or object updates frequently. On this basis, in the 1990s, David Ferraiolo and Rick Kuhn made the first RBAC (Role-Based Access Control) model. After that, Ravi Sandhu and others proposed a representative and normative RBAC96 model and other derivative models. Because this model separates user and privilege, making access control more flexible, it has been widely used. Electronic Broadcast Management System is called EBMS for short. It is defined in the use of network and system platform, and via information technology such as digital transmission and video playback, to network electronic display devices such as business hall televisions, electronic screen poster and other display devices. So we can remotely manage all types of electronic screens by means of unifying content, unifying broadcast, unifying monitoring to enhance the integration, paperless management level of business hall.Since EBMS is relatively complex, and it is also strict for the security of roles, users and privilege, traditional RBAC model is difficult to adapt to system requirements. Therefore, it is necessary for the system to extend RBAC model, to achieve flexibility and security of privilege management.In this context, this paper researches the extended RBAC model.Chapter 1 is an introduction, it describes the background of this project. This chapter introduces the definition of EBMS, the scope of its application and its Management mechanism. It also describes the MVC pattern that is used in the project.Chapter 2 researches correlation theory of privilege management. This chapter studies in depth from the traditional access control strategies, to the basic RBAC model, and then RBAC96 model, ARBAC97 model, DRBAC models. It also compares them and finds the differences.Chapter 3 extends the RBAC model. On the basis of fully theoretical study in the previous section, according to the features of EBMS and based on design principles of RBAC model, we introduce the concepts of "group" and "direct authorization", propose the extended RBAC model and explain its features finally.Chapter 4 introduces the concrete realization of extended RBAC model in EBMS from an overall perspective. First of all, this chapter describes the frameworks of the system, including JavaScript framework and PHP framework. In the next place, it describes the design of data dictionary. And finally, for several system modules, including login authentication module, role management module, and user management module, it describes their specific implementation mechanisms.Chapter 5 is a summary and outlook. It summarizes the progress of current work and outlooks the work in the next stage.