| With the rapid development of the enterprise information technology and ERP system,the research on the enterprise network information security is becoming more and more important.Along with all the technologies to protect the enterprise network security,access control technology is one of the most important and widely used technologies.And Role-Based Access Control(RBAC)model is the most frequently used one among all the access control technologies.Nowadays,the research on RBAC model mainly focused on two aspects.One is to extend the RBAC model and the most famous achievement is RBAC96 model.And the other one is to develop the modeling language of RBAC,leading by XACML and Ponder.So this article will follow this direction and do some research on the ontology language—OWL.Then a new method using OWL will be proposed to model RBAC.When compared with the traditional framework such as XACML and Ponder,ontology can have a better performance when expressing the inheritance and constraint of RBAC as well as its extendibility and reasoning skills.In the real environment,RBAC is always combined with other access control policies and requires flexibility when assigning roles.So ontology is very suitable for modeling RBAC as a description logic language.This article will propose how to build the subject,object,resource,role and the inheritance and constraint relationship between them with ontology-based software – protégé.After building the basic framework of RBAC,the important SOD constraints of RBAC will be put into the model,such as the constraint between role and role or between group and role.Then this article will show how to combine the classified documents of MAC to the RBAC model.At last,some cases of an E-commerce company will be introduced to show the availability and reasonability of the model. |
PDF Full Text Request