Extension Of RBAC Model And Its Application In The Home Open Platform

Access control theory has been an important research problem in the field of information security,which is aimed at effectively ensuring that the resources are legally access to and preventing the abuse of authority.At present,with the continuous development of the network,the objects have been more diversified.Especially,in those information systems with WEB portal,there are more and more problems on authority management.A reasonable and effective security mechanism is the key to solving these problems.Role-based access control technology is one of the hotspot in the research of access control.The roles combine users and permissions,so the user is no longer associated directly with the operating actions.It is of great flexibility and high efficiency.When there are lots of requirements,it is of great applicable value.First,this thesis discusses the characteristics of RBAC96 and ARBAC97 model,and then on the basis of the RBAC model,an extended model(ODG-RBAC model)is put forward.The permission of RBAC model is refined,and four elements such as object,action,domain and group are added to the model.The domains and groups are sets of objects.Furthermore,the inheritance of domains and a method of representing the hierarchical relationship are put forward.It can provide a more fine-grained permissions management.Later,the ODG-RBAC model is used as the theoretical basis of domain problem in the home open platform system.The thesis analyzes the privilege management function of home open platform systems and puts forward a design of a variety of roles and permissions according to the service requirements,which solves the problem of access control and the complex responsibility assignment problems in the system.The privilege management system is divided into four parts,and they are domain management,group management,role management and user management.SSH framework(Spring,Struts and Hibernate)is adopted to realize the visual user interface of the management system which is convenient for user to manage privileges.Compared with the traditional RBAC model,ODG-RBAC model is better.Especially when there are more terminals in each domain,the more obvious improvement effects there are.Meanwhile,the more complex hierarchical relationships of domain in the system,the more improvements of query efficiency it is.Therefore,it is proved that when there is a complex hierarchical relationships problem on objects,the ODG-RBAC model can effectively solve these problems,and achieve better effects.