Research On Access Control Model Based On EGR-RBAC And Spring Security Framework

With the rapid development of network technique and enterprise informationtechnique, computer applications become more and more complex, as well as themanagement and control of resources is increasingly difficult. In information systems,privilege control model is one of the highest reusable components. Normally,software developers need to re-design and implement privilege control model fromthe scratch for each applications, which usually cause a lot of waste of time and cost.Therefore, the research of highly scalable and easily extensible access control modelis very meaningful.Access control is one of the most important part of the information managementsystem, and an excellent access control model is an important guarantee for safe andstable operation of the system. RBAC (Role Based Access Control) is a mainstreamaccess control, authentication and authorization model based on user-assigned roles,which effectively overcomes the defects of traditional access control policy, reducesthe complexity of the authorization management and cost. This thesis firstly illustratesthe defect of RBAC model and extends the model, then an extended RBAC model,which is based on extended user group and resource RBAC model(EGR-RBAC) isproposed. In EGR-RBAC model, a new layer, namely user group, is added to realizethe effect of batch management of user roles and privileges assigned to a specificorganization functions. EGR-RBAC model also strengthens the description of theobject, abstracts the system resources, and enhances the commonality of the model. Inaddition, we also modify and extend the source code of Spring Security Frameworkwhich integrates with EGR-RBAC model and implements the dynamic databaseprivilege management.The thesis conducts a detailed analysis of conflict situtation under the Sepetationof Duty(SOD) constraints,and gives the corresponding conflict resulation methods. Aprototype system of proposed privilege control model is also detailed in this thesis,which is combined with Spring Security framework. The prototype systemdemonstrates the feasibility and adaptability our proposed EGR-RBAC model.