| Role-based access control system has very obvious advantages over the traditional access control model,which can not be well applicable to enterprise management due to the disadvantages of complex authorization.With the proposal of the role-based access control model,the permissions in the system are no longer assigned directly to the user,but indirectly to the user through the role.By restricting the access to key resources,it has gradually become the first choice for enterprises to establish a security model.Role to the system can be divided into top-down and top-up ways: the enterprise analyzes the rights needed by employees and allocates roles one by one according to the experience of the experts to meet the requirements of the enterprise;the bottom-up way is to analyze the relationship between existing users and permissions and find the role needed by users through the role mining algorithm.No restricted user rights during role mining leads to redundant problems with the roles excavated by the role mining algorithm.For better application of the role set of the system,the role in the role engineering corresponds to the object concept of the concept lattice,to compare the extension of the user and the concept to the connotation of the role-based concept lattice;then,after a new role in the system,the evaluation of authority to prevent the loss of important roles.Simplify the concept lattice according to the rules of the father-son concept pair,which does not need to rebuild the concept lattice,define the minimum role set according to the principles and concepts of minimum permission,and finally evaluate the minimum character collection to ensure the stability of the system.For the problem,an access control model combining attribute and RBAC is proposed.Personalize the rights required by users to complete the task according to the user subject attribute,object attribute and operation attribute,and the attribute authorization center will fine-grained the role according to the policy rules;recommend the basic rights through the records of the user access system,and check the user's permissions according to the separation of responsibilities whether they meet the access control rules.The optimization of the role set is evaluated by clustering roles and checking the static mutually exclusive role constraints on the user assigned roles,and the computation of weighted structural complexity satisfying the role set of the system.Finally,the role mining algorithm is designed on combining attributes and RBAC access control model to realize role fine-grained and dynamic authorization.The above role-based access control system can effectively limit the number of privileges in the user,which greatly solves the redundancy of the role mining due to the large amount of data,and obtains the results of user role allocation meeting the needs of the system.By forming a new access control model by combining the attributes with the RBAC,the dynamic role allocation and role permission fine-grained allocation can be completed according to the attributes of the user.Finally,the responsibility separation constraint and static mutually exclusive role constraints obtain the minimum role set required by the system,which greatly expands the role-based access control model,thus effectively promotes the development of role engineering,and provides a guarantee for the safe and efficient application of role engineering in the enterprise. |
PDF Full Text Request