Design And Application Of RBAC-BLP Model For Science And Technology Project Management

Science and technology project management covers the process of project declaration,review,approval,execution,and acceptance,and needs to achieve long-term,multi-process complex authority control and data management.The scientific and technological project management process has the characteristics of high data access security,complicated role and authority division of participants,large number of users,long management process cycle,and dynamic changes of access authority over time.This makes traditional access control methods show unclear authority and management There are many problems such as complex realization,low judgment efficiency and low security.It is urgent and necessary to carry out research on the design and application of intelligent access control model for the full-cycle management mechanism of scientific and technological projects.The role-based access control RBAC model uses roles to connect users and access permissions,which can achieve the user organization management and data security access requirements of multi-level static authority roles.However,for a specific stage of the multi-process technology project management process,it is necessary to realize the data The flexible changes of read permissions are powerless,so there is an urgent need to establish an access control model that is suitable for flexible operation permissions and data read and write capabilities at different stages of the scientific and technological project management process,so as to realize the safe and efficient management of the entire scientific and technological project.According to the actual needs of the scientific and technological project management system,this research combines the common characteristics of role-based access control and mandatory access control,constructs a role-based management-mandatory access control model RBAC-BLP suitable for scientific and technological project management,and promotes its application.The main tasks completed are as follows:First of all,according to the authority division and data access requirements of many participating users in the management of science and technology projects,a multi-layered role system including declaration users,department administrators,junior administrators,senior administrators,and super administrators has been constructed to realize science and technology projects.The role permissions of user management in management are flexibly divided.Secondly,in accordance with the characteristics of the different management stages of the science and technology project management cycle,and the specific needs of specific roles for data access permissions,security levels and trusted subjects are introduced to achieve fine-grained data read and write control,to achieve the purpose of mandatory access management of data by specific roles in a specific stage.Next,fully consider the role-based access control and the mechanism of mandatory access,take time constraints as the link,and consider the characteristics of the whole process management of science and technology projects to build a stage-based Time-constrained role control-mandatory access fusion model RBAC-BLP,and a formal description is given.Finally,based on the proposed RBAC-BLP model,the multi-user role division in the application management process of science and technology projects in Zhoushan City,Zhejiang Province is realized,Process control,authority adjustment,safe reading and writing,and other whole-process management function design.Based on the access control of the RBAC-BLP model,the Zhoushan Science and Technology Project Declaration Management System was developed and deployed.In recent years,the system has steadily and reliably completed the application,approval,execution,and acceptance of the Zhoushan science and technology project management,and has effectively improved the informatization level and administrative efficiency of the government's science and technology management in the Zhoushan Islands New District.An important part of the informatization construction of Zhejiang Province "Run at most once".