【作者】 骆轶姝；

【导师】 乐嘉锦；

【作者基本信息】 东华大学 ， 管理科学与工程， 2011， 博士

【摘要】 随着信息技术和网络技术的飞速发展,电子商务和电子政务新业务不断涌现,以高速互联网络、无线移动通信网络和云计算正逐渐应用于人们的工作生活领域,用户通过各种接入方式能够便利地在任何时间、任何地点获取和使用数字资源。数据库作为数字资源的载体,正在成为经济、政务、国防等领域的信息基础设施。数据库中存储的信息经过长期积累和整合蕴含着丰富价值,且通过对数据库中数据的分析研究,有利于开发新的产品,延伸客户的产业链,辅助行业组织做出正确决策,对国家的政治发展和经济建设具有重要意义。如今,多样化的数据库产品推动数据库应用领域不断拓宽,成为数据库产业发展的助推器。然而,开放互联网中,授权用户无意或有意地对有价值的数据库资源进行任意的复制和粘贴,以几何级速度进行二次传播,给数据库权益拥有者造成巨大经济损失；非授权用户恶意窃取或删改客户信息和商业情报,廉价地复制和使用数据库资源,侵犯了权利持有人和消费者的权益,挫伤了原创者的积极性；局域网内部,大量涉及机密信息的数据库资源采用电子文档形式进行传输和存储,很容易造成重要内容泄密；数据库开发过程中,为了满足消费者持续增长的需求,越来越多的组织和个体将自己的软硬件维护与升级等服务等数据库业务外包给数据库服务提供者运行,给数据库及其数字资源带来了新的安全问题和权益问题。面对多元化的数据库资源使用环境,相关知识产权保护的主体、客体及权利变得更加丰富和复杂,知识产权保护形式与数据库资源传播和利用之间的矛盾更加尖锐。数据库权益管理成为至关重要的课题。目前有关数据库权益管理的研究主要以法律领域的数据库著作权、计算机领域的数字权益管理和数据库安全为主。在法律范畴内,给予了数据库独创性数据库通常意义上的法律保护,给予了不具有独创性数据库“特殊权利”保护。但是,两者均从数据库投资者的利益出发,忽视了社会公众的权益,某种程度上限制了数据库资源的自由流通,甚至会造成垄断。数字权益管理针对特定的数字资源进行权利描述和执行,但是在数据库产品的使用和管理过程中,用户需要频繁地在不同场合使用不同来源、不同格式、不同使用规则的数字资源,现有权利描述模型互操作性不足,阻碍了权益管理系统的互通互联。数据库安全方面的研究过多地考虑在封闭系统中的数据完整性、机密性和可用性,一旦数字资源下载到客户端,就失去了对它的保护,且授权发生在用户使用数据资源之前,对用户活动过程难以监控,缺乏对数据库资源的持久性保护。因此,迫切需要从法律、管理和信息技术等多个领域出发,构建数据库产业良性发展的环境。本文综合运用管理学和计算机领域的理论作指导,重点研究数据库权益管理的权利描述、数据库的资源使用控制、数据库的委托授权管理和通用数据库权益管理体系结构等问题,在深入分析现有技术、标准和系统的基础上,提出了若干新的思想和方案来解决数据库权益管理的应用问题。论文工作主要包括五个方面,其中第2点至第5点是本文的创新点：1)对数据库权益管理的研究对象进行详细定义,分析数据库权益管理需求及其相关领域国内外研究现状,形成数据库权益管理理论基础。首先给出数据库主体、数据库客体、数据库权益、数据库权益管理等定义,明确本文研究内容和技术路线。然后,在相关文献资料查阅和数据收集基础上,针对知识产权保护、数字权益管理和数据库安全等进行国内外研究进展分析,探讨已经取得的成果和存在的问题,为数据库权益管理研究提供理论基础。2)提出数据库的权利描述模型DBRE (Database Right Expression)。明确数据库权利描述的需求,确定数据库权利描述对象的粒度,建立权利管理应用标识来唯一确认数据库对象；抽象出数据库权利描述模型中各个实体及其联系,将约束从条件中独立出来,建立一套针对数据库的通用合理的权益描述规则和方法；建立数字许可证,定义对于某一数据库资源实施访问的特定主体的权利授予,根据已经确认的使用者身份和数据库对象标记,从许可证中解析出当前时刻的合法权利；为不同权利描述语言的许可证之间的映射提供一种解决方案,针对不同数据库资源各自独立许可证组合的要求,满足了组合产品的最终许可证的互操作性问题。3)提出基于角色的数据库资源使用控制模型RBUC (Role Based Usage Control)。确保使用控制的决策连续性和属性可变性。明确数据库资源使用控制的需求,根据数据库权利描述模型,扩展使用控制核心模型,设置授权规则、义务、条件和约束等限制,扩展出活动属性,确保数据库资源使用的全过程只有合法授权用户被授予权利和进行活动；将权利授予与权利撤消分离,根据使用决策,可以在使用前、使用中或者使用后撤销不符合规则的权利,解决数据库资源使用过程中决策连续性问题；主体和客体的属性可以根据使用情况而改变,进而影响使用决策,实现属性可变性,避免了主体无限次地使用对客体的权利;纳入了角色管理的思想,增强用户管理和权利分配的灵活性。4)在RBUC模型基于角色部分提出委托授权模型,并加入时间限制。设计了角色树及其对应的授权链,解决数据库系统授权过程中分级委托功能;做时间约束的扩展,充分考虑随时间变化而引起模型的动态变化,并增加了角色互斥约束、部分委托约束、依赖委托约束等,支持基于角色使用控制环境下委托授权的限制功能；数据库用户可以通过获得委托角色来使用数据库资源,通过动态授予或撤销委托角色的方法来解决用户数量相对较多而委托角色数量相对较少的矛盾；定义了委托凭证完整地表达委托需求,在此基础上提出了一套委托授权执行规则,实现数据库系统授权管理的灵活性。5)提出通用的分层数据库权益管理体系结构模型,设计了面向云计算的数据库权益管理原型系统。明确数据库权益管理系统的需求,构建了分层数据库权益管理体系结构,支持数据库及其数字资源在生产、传播、销售、使用过程中整个生命周期内的合理使用；面向云计算环境构建了基于私有云的数据库权益管理原型系统,解决权益管理系统间互操作性、灵活性和持久保护性问题,以适应用户跨平台跨系统的需求,增强用户的满意度。本文针对数据库的权利描述、资源使用控制、委托授权管理、通用体系结构等方面进行研究,解决网络环境下数据库权利描述及其互操作性、使用过程中权利连续性和属性可变性、数据库系统授权管理灵活性等问题,用以保证数据库资源在整个生命周期内的合法使用,平衡数据库产业链中各个权利人的利益和需求,以期对数据库权益管理的理论发展和实际运作有所裨益。更多还原

【Abstract】 With the rapid development of the information technology and network technology, the new business of electronic commerce and the electronic government are constantly emerging, and high-speed internet, wireless mobile communication network and cloud computing are gradually applied in people’s work and life domain. The digital resources can be accessed conveniently through various methods whenever and wherever. As the carrier of digital resources, database is to become the information infrastructure of economic, government, national defense and other areas. Through long-term accumulation and integration, the rich value is contained in databases and the analysis of the data in the database are useful for the development of new products, extending the customer chain, decision making for the industry organization. It is significant for the country’s political and economic construction.Nowadays, database application fields have been promoted to expand by the diversity of database products, which become boosters of the database industry. However, in an Open Network Environment, the valuable resources in databases are often duplicated and pasted, and then are spread at tremendous speed by the authorized users accidentally or intentionally whose behaviors cause huge economic losses. At the same time, the unauthorized users steal or deleted customer information and business intelligence maliciously, which results in the cheap use and copy of the database. The interests of the right holders and customers are infringed, and the enthusiasms of originators are dampened. In LAN, a large number of confidential database resources are transferred and stored in the form of electronic documents, which provide the chances for the information leak. During the process of the database development, more database services of organizations and individuals on software and hardware are outsourced to the database service provider to meet consumers’ growing demand, which lead to new problems of security, rights and interests. Facing the application environment of diversified database resources, the subjects, objects and rights of intellectual property rights protection become more various and complex, and conflicts between the form of intellectual property rights protection and the usage and spread of the database resources become more violent. It is important to conduct research on database rights management.In view of existing research field, the law of database copyright, digital rights management and the database security are related to the database rights management. In the legal category, original database is protected by the common law and non-original database is sheltered by "special rights". Both support the interests of investors and ignore the social the public’s rights and interests. The free flow of information is limited, and to some degree, the digital-resource markets even be monopolized. Digital rights management provides the digital rights expression and enforcement for certain digital resources. However, during the process of usage and management, the database resources with different sources and different format will be used frequently in different situations following different rules. The existing rights expression model is lack of interoperability, which hinders the communication development of rights management system. The database security focuses on data integrity, confidentiality and usability in a closed system. Once the digital resources have been downloaded to the client, its protection is lost. Furthermore, the permission is authorized before the user acts on the resources. It is hard to monitor the user’ behavior and decrease the persistent protection for the database resources. Thus, the urgent need is put forward to construct good development environment for database industry with the comprehensive consideration of the law field, management as well as information technology.This paper is directed by the theories of management and computer science. Database rights expression, usage control on digital resources in database, delegation authorization management and layered architecture for database rights management are emphasized. Some new ideas are put forward base on the thorough analysis of existing technology, standard and rights management system as solutions to the application of the database rights management. Main work in this paper is divided into five parts where the points 2 to 5 are the contribution of this research, shown as following:1) Definitions to the research objects on database rights management in detail are given, and the theoretic base to database rights management is formed by the analysis of this study in China and abroad the requiremcnt of database rights management. First, the definitions of subject, object, rights and rights management of database are provided, and the purpose of this paper and the technology route are established. Then, based on the related literature reviewing and data collection, the research progress of the law for intellectual property protection, digital rights management and the database security are discussed. The achievements and problems of them have been put forward. the theoretic base to database rights management is provided.2) A database rights expression model (DBRE) are proposed, and an idea to solve the interoperability between database rights management is presented. First, the requirements of database rights expression are fixed. Second, both the object size of database rights expression and the database object identification are defined. Third, the entities of database rights expression are abstracted and the relationships between them are described. At the same time, the constraint entity is Isolated from condition entity and a set of reasonable expression rules and methods are established. Forth, digital license as a carrier of rights expression is built which gives the description of the rights and its grant for particular subject to use particular object according to the subject’s identity and database objects. The legal right of certain moment can be interpreted. At last, for the mapping between different language licenses, an idea is put forward to solve interoperability and guarantee satisfaction to the decomposition and combination requirements of independent licenses.3) A role based usage control model (RBUC) is proposed to realize decision continuity and Attribute mutability. First, the requirements of usage control on database resources are fixed. Second, the core model is extended according to the entities in database rights expression model, based on which the user action attribute is added, to ensure that only authorized users can use the corresponding database resources during the usage. Third, the authorization and the revocation are separated from each other in this model. According to the usage decision, the rights can be revoked before usage, during usage or after usage which settle the problem of decision continuity. The attributes of subjects and objects are allowed to vary before usage, during usage or after usage. These changes affect usage decision in turn to avoid the infinite usage on the objects. Besides above, the idea of role management enhances the flexibility of user management and right distribution.4) An idea of authorization delegation is employed and time limit is added in RBUC model to solve the problem of the multi-step delegation. The role tree and the corresponding right spread chain are designed to realize authorization delegation function. Then, to consider dynamic changes caused by the time changes, the time limit as one of constraints is added. At the same time, the exclusive role constraints, the partial delegation constraints and delegation dependencies constraints are used to support the constrained delegation. Database users can use database resources through the delegated role and can be granted or revoked the delegated role dynamically which solve the weakness of a large number of users with a small number of roles. Furthermore, delegation certification is defined to express the requirement of delegation, based on which, a set of complete executive rules are proposed to realize the flexibility of authorization management system for database.5) A layered architecture for database rights management system is proposed and a prototype database rights management system is designed facing cloud computing. The requirements of database rights management system are confirmed. With the limitation shared by all current digital rights management systems being pointed out, a four-layer architecture is proposed and layers are defined, which support the reasonable usage of database resources during its whole life cycle such as production, distribution and sales. Facing the cloud computing environment, a prototype database rights management system is built based on private cloud to solve the problems of interoperability, flexibility and persistence between systems and meet the needs of users across the cross-platform and customer satisfaction.Research on rights expression, usage control and authorization management for database are studied in this paper to realize the interoperability across systems, decision continuity, attributes variation and the flexibility of authorization management. The legitimate use during the database lifecycle is ensured and the various interests of right holders in industry chain are balanced. The theoretical value and actual value of this paper is expected to bring benefit for future research on database rights management.更多还原