Research On Access Control Based On RBAC And Its Application On Risk Monitoring And Control System Of Tax In Local Tax Bureau

In recent years,with the continuous development of the Internet,information technology has become a major trend in the development of society.At the same time,with the implementation of the "golden three" project,the degree of information of national tax administration is also increasing,with tax management information systems produced based on the "golden three" system,and the risk control system is also based on this system to strengthen the risk management application.However,the following network security problems are becoming more and more prominent.According to the standard of network security system put forward by ISO,it includes five services:identity authentication,access control,data confidentiality,data integrity and non repudiation.Access control,as the second line of defense system after identity authentication,is an important strategy to protect the information system.This paper introduces several common access control policies,compares these strategies,and analyzes role-based access control models,including RBAC96 model cluster,ARBAC97 model and ARBAC02 model.In view of the shortage of RBAC model,the concept of role domain and identity is introduced,the granularity of user role distribution is refined,and the complexity of role management is reduced.In addition,based on the entropy analysis method,the extended model and RBAC model are quantitatively analyzed,and the N dimension security entropy of the two models is compared The conclusion shows that the N dimension security entropy of the extended model is smaller and the security is higher.Then according to the access control demand in the tax risk control system,the page level and the object level access control of the risk control system are analyzed and designed respectively.Page level access control refers to access control of web resources,that is,which function modules are available and what are not available when users are using the system,and object level access control refers to access control to objects in database,taking custom query as an example.Finally,the access control of the page level and the object level is implemented.The page level access control implementation includes identity authentication and role authority,to ensure the legitimacy of users and access rights of page resources;The object level access control includes the implemention of filter,authentication,execution parts,to provide a series of processing of the input SQL string.The above work satisfies the access control requirements of the risk monitoring and control system in local tax bureau,and contributes to the access control problem in large-scale information system environment.