【作者】 丁锋；

【导师】 王延章；

【作者基本信息】 大连理工大学 ， 管理科学与工程， 2009， 博士

【摘要】 人类社会的许多活动都以组织的形式进行。组织产生于社会分工和专业化,并随着科学技术的进步和生产社会化程度的提高而日益复杂。在现代社会中,由于各种活动规模扩大,与环境的关系日益复杂,完成目标需要更复杂的协同工作和劳动,因此,组织的作用就愈发显得巨大而不可替代。组织结构则是组织的重要组成部分,是组织运作的重要手段。政府的组织结构是指政府存在的形式,组织结构涉及到组织内部各构成部分和人员的具体分工和职能划分问题,它决定组织系统的整体性、各种机构和人员之间纵横交错的权责关系、工作分工、协调、沟通的具体方法。从本质上讲,政府是一个按照一定目的和意图构成的复杂的组织,具有程序化的结构和相应的特性。中国政府组织的信息化建设正在逐步向前推进,随着大规模网络系统的应用和部署,信息安全面临严峻的挑战,使组织授权问题受到学者和研究机构越来越多的关注,并成为研究热点。随着理论探讨的不断深入和实践经验的不断总结,OB4LAC(Organization Based 4 Levels Access Control)模型对分布式系统的安全保障起到了至关重要的作用。为了让组织授权岗位本体发挥最大的作用,就需要让组织授权岗位本体得到充分的共享。为了使得在开发组织授权岗位本体时尽可能的节省人力,就需要使得开发出的组织授权岗位本体能够被重用。组织授权岗位模型需要得到岗位本体支持才能发挥方便快捷的授权优势,同时为了实现分布式的组织授权结构,岗位本体的构建是十分重要的一环。本文通过对现有的各种安全体系和安全验证方式的比较,基于OB4LAC提出了描述用户、岗位、角色和操作之间关系的详细算法,包括组织授权结构中的单层关系模型和多层关系模型,同时对分布式组织授权系统中的岗位及其与用户、角色和操作的关系进行了重点研究,并使用OWL对岗位的构成方式和逻辑规则进行了详细的描述。主要内容如下:(1)组织结构涉及到组织内部各构成部分和人员的具体分工和职能划分问题,它决定组织系统的整体性、各种机构和人员之间纵横交错的权责关系、工作分工、协调、沟通的具体方法。对政府组织结构进行分析,按照现行的体系进行结构划分,得出便于模型化的组织结构形式,即横向结构和纵向结构。通过改进已有模型,在用户和角色中间增加岗位,通过“用户-岗位-角色-操作”的关系来实现用户权限的合理分配,降低系统维护工作量,使组织授权系统结构更加贴近现实,以使系统达到的最佳运行状态。面向组织授权系统,针对目前的授权模型框架方面存在的不足,给出了一种基于OB4LAC的岗位网络模型框架。(2)分析构成岗位本体的组成元素,基于岗位本体的数据结构进行了设计,对岗位本体的属性数据进行了描述。对岗位本体的构成方式及特性进行了分析,并给出了相应的代码示例。由于现实中组织授权系统的分布性特点,所创建的相应OWL本体必须允许信息能够从分布的信息源收集起来。其中,允许组织授权岗位本体间相互联系,包括导入其他组织授权岗位本体的信息,从而实现分布式系统中的用户识别、操作授权功能。(3)为了让组织授权岗位本体发挥最大的作用,需要让组织授权岗位本体得到充分的共享。为了使得在开发组织授权岗位本体时尽可能的节省人力,需要使得开发出的组织授权岗位本体能够被重用。分析组织授权岗位本体的逻辑结构,对构成岗位本体的组成元素进行了系统的分析和总结,对不同层次,不同区域的本体间建立关联所需的必要逻辑条件进行了分析和举例。对岗位间的等价规则、同一性规则和差异性规则进行了描述。(4)现实中对于人的识别主要通过相貌、身份、姓名、性别、年龄、住址等进行识别,用户本体可以借鉴这些要素,并对这些要素进行分析、整理、关联,使之结构化,从而形成不同的用户本体间的关联。网络中的用户对应于现实中的人的个体。为了清晰的在系统中描述人的特征,需要建立可推理的描述用户的本体。基于不同的应用系统,有不同的用户群存在,而这些用户之间不是孤立的,这种关联与现实社会中人的关联类似。通过对用户、岗位、角色、操作的分析,文中建立了组织授权系统单层关系模型和组织授权系统多层关系模型,并给出了相应的算例。(5)通过对国家安全生产监督体系结构进行了分析和抽象,对人员与岗位的映射及管理方式进行了分析和设计,对大规模的组织授权系统提出了集中式部署和分散式部署。组织授权的单层关系和多层关系在应用中发挥了重要作用,从应用的角度论证了本文所提出的理论与方法的科学性与有效性。更多还原

【Abstract】 Many activities of human society are performed with a form of organization.Organization came from the social division of labor and specialization,and becomes more complex with the progress of science and technology,and the improvement of socialized production.In modern society,because of the enlargement of scale of all kinds of activities and the complexity with environment,more complex cooperation work and labor are needed to accomplish the targets. The function of the organization is so important to be irreplaceable.The structure is a key part of an organization.The structure of government refers to the existence form of government and it comes down to work division of the internal parts and personnel.This is so close to the integration of the system.Government is defined as the body within an organization that has authority and function to make and the power to enforce laws,regulations,or rules.The construction for informationization of China government is going forward step by step.The information security is being challenged with the deployment and application of large scale network system,so many scholars and institutes focus on the organization authorization. With the ongoing theory research and practice,OB4LAC(Organization Based 4 Levels Access Control) model plays an important role in protecting the large scale distributed system. The organization authorization ontology should be shared efficiently to maximize the function of the ontology.Only when the ontology can be reused,we can reduce the workload of development of the ontology.The superiority of the organization authorization model can be shown with the support of the position ontology.It is an important process to construct the position ontology to realize the organization authorization structure.An algorism,based on OB4LAC,was put forward in detail for describing the relationship between user,position,role and operation by comparing with different security systems and safety verification methods. The single-layer mapping model and multi-layer mapping model were included.The author laid emphasis on the research of description about the position and its relationship with user, role and operation in distributed organization authorization system.And also the author described the component and logic rules of position in detail with OWL.(1) Getting the organization structure,horizontal and vertical structure,this can be formalized easily by analyzing the structure of the sections and departments of the government. A position layer was added between the user layer and role layer.With the four layers, user-position-role-operation,the access control of the authorization system becomes more reasonable.And the workload of maintenance for the system was reduced greatly.This made the organization authorization was more close to the reality.(2) The attribute data of position ontology was described,the elements components which consist of the position ontology were analyzed and the data structure of the position was designed in this paper.Some parts of the source code were given in this paper.Because of the distribution of the authorization system in practice,there is a need to collect the information from distributed information source by the OWL ontology.This can realize the user identification and operation authorization in distribution circumstance.(3) The organization authorization ontology should be shared efficiently to maximize the function of the ontology.Only when the ontology can be reused,we can reduce the workload of development of the ontology.The logic rules of the position ontology in organization authorization system were analyzed and summarized.The necessary logic rules for the connection of ontology in different region and layers were discussed,and followed by some examples.The rules about equivalence,identity,and otherness were described.(4) In the reality we can indentify a person by looking,status,name,gender,age,address, and so on.The user ontology can rely on these elements to form the relation of different users. For describing the characters of user clearly in the system,the user ontology for reasoning should be created.There are different groups of user base on different systems.It is not standing alone between the users.The relationship of the users in the system is similar to the people in real life.A single-layer mapping model and a multi-layer mapping model were founded by analyzing the relationship between user,position,role and operation.And the relating examples were given.(5) Analyzing and designing the mapping of user and position for the state administration of safety work of China.Integrated deployment and distributed deployment were both suggested in large scale organization authorization systems.Single-layer and multi-layer model played important roles in the application.更多还原