Research And Application Of Role-based Access Control Improved Model

Access control model is a way to manage the policy that subject to object accessrestriction, through the access control model guarantee only authorized users to gain access tothe system resources, enhance data security and integrity of the system. This paper studies therole-based access control model, put forward with an improved model against the limitationsof the model, and formal description of the improved model to give proof of satisfiability,finally validate the model through the coal quality management information system.Based on analysis the realization mechanism of the access control, making a contrastamong DAC, MAC and RBAC access control model, focuses on analyzing the limitation inRBAC model and the problem of lacking formal description, proposes a role-based accesscontrol improved model. From subject set, object set and permission set three part forchanging, established a new access control model, and gives permission control and accessprocess, combined with system development experience cited some security policies indevelopment process.Aiming at the problem of lacking formal description and the proof of satisfiability, usingattributive concept language with complements(ALC) formal descriptions for the improvedmodel, syntax and semantics by ALC, establishes description logic knowledge library K,figure out Tbox terminology set and Abox assertions set and model of formal descriptionconcept expression. Finally adopt Tableau algorithm to verify the satisfiability and rationalityof improved model.Finally, Based on Java language and builds JSP+Struts2+Spring+iBatis architecture onthe Eclipse platform of coal quality management information system for large scale coalindustry. Mainly realizing the management module of the system, verify the model permission assignment and access control process, then make a conclusion that model isfeasible and effective.Apply the results of research in a large coal mining industry coal quality managementinformation system, the results show that through the formal description of the role-basedaccess control improved model, the concept disambiguation and easier to understand andextend, and models can meet system requirements. Practical systems development indicatesthat the model can resolve limitations of RBAC model, simplifying permission configuration,implement permissions for fine-grained access control, easy to be current mainstreamframework to achieve, possessed of popularization and application value.