èŠ‚ç‚¹æ–‡çŒ®

XMLæ•°æ®åº“çš„æ‰©å±•RBACæ¨¡åž‹æž„å»º

Building of Extended RBAC Model for XML Database

åˆ†é¡µä¸‹è½½
åˆ†ç« ä¸‹è½½
æ•´æœ¬ä¸‹è½½
åœ¨çº¿é˜…è¯»
ä¸æ”¯æŒè¿…é›·ç‰ä¸‹è½½å·¥å…·ï¼Œè¯·å–æ¶ˆåŠ é€Ÿå·¥å…·åŽä¸‹è½½ã€‚

ã€ä½œè€…ã€‘ çŽ‹å®å¨Ÿï¼›

ã€ä½œè€…åŸºæœ¬ä¿¡æ¯ã€‘ å±±ä¸œå¤§å¦ ï¼Œ è®¡ç®—æœºè½¯ä»¶ä¸Žç†è®ºï¼Œ 2011ï¼Œ ç¡•å£«

ã€æ‘˜è¦ã€‘ éšç€Internetçªé£žçŒ›è¿›åœ°å‘å±•,åŸºäºŽäº’è”ç½‘çš„åº”ç”¨è¶Šæ¥è¶Šæ·±å…¥,è€ŒXMLæ— è®ºæ˜¯ä½œä¸ºæ ‡è®°è¯è¨€è¿˜æ˜¯è¢«ä½œä¸ºå˜å‚¨ç»“æž„çš„æ•°æ®åº“éƒ½éšç€Internetä¸Šçš„å„ç§åº”ç”¨å¢žå¤šè€Œè¢«è¶Šæ¥è¶Šå¹¿æ³›çš„åº”ç”¨ã€‚ä¸ºäº†è§£å†³XMLä½œä¸ºä¿¡æ¯è½½ä½“çš„å¹¿æ³›åº”ç”¨å¸¦æ¥çš„å®‰å…¨é—®é¢˜çš„å®‰å…¨æœåŠ¡æ¨¡åž‹â€”â€”å®‰å…¨è®¿é—®æŽ§åˆ¶æ¨¡åž‹,å·²æˆä¸ºçŽ°åœ¨äººä»¬ç ”ç©¶çš„ç„¦ç‚¹ã€‚æœ¬è¯¾é¢˜å°†ä»¥ä¼ ç»Ÿçš„åŸºäºŽXMLæ–‡æ¡£RBAC(åŸºäºŽè§’è‰²çš„è®¿é—®æŽ§åˆ¶)æ¨¡åž‹ä½œä¸ºæ–‡ç« ç ”ç©¶çš„å‡ºå‘ç‚¹,ä»Žè€Œæå‡ºäº†åŸºäºŽXMLæ–‡æ¡£æ•°æ®åº“çš„æ‰©å±•RBACæ¨¡åž‹ã€‚è¯¥æ¨¡åž‹ä½¿ç”¨äº†Schemaè¯è¨€æ¥å®šä¹‰äº†XMLæ•°æ®åº“æ–‡æ¡£ç»“æž„,é’ˆå¯¹XMLæ–‡æ¡£çš„ç‰¹æ€§,åœ¨åˆ†æžåŸºäºŽXMLçš„RBACæ¨¡åž‹å˜åœ¨è§’è‰²æŽˆæƒè¿‡äºŽåºžå¤§å’Œçº¦æŸæœºåˆ¶ä¸å®Œå–„çš„é—®é¢˜åŸºç¡€ä¸Š,å¯¹å…¶è¿›è¡Œæœ‰æ•ˆçš„æ”¹é€ å’Œæ‰©å±•,æå‡ºäº†ä¸€ç§æ–°çš„åŸºäºŽXMLæ–‡æ¡£çš„æ‰©å±•RBACæ¨¡åž‹ã€‚æ–‡ç« åˆ†æžäº†ä¼ ç»Ÿçš„RBACæ¨¡åž‹å˜åœ¨çš„é—®é¢˜,å¹¶åœ¨æ¤åŸºç¡€ä¸Šé’ˆå¯¹è¿™äº›é—®é¢˜æå‡ºäº†è§£å†³æ–¹æ¡ˆâ€”â€”åŸºäºŽXMLæ–‡æ¡£çš„æ‰©å±•RBACæ¨¡åž‹,å¹¶å¯¹æ–°çš„æ‰©å±•RBACæ¨¡åž‹è¿›è¡Œå®Œæ•´çš„å®šä¹‰å’Œè¯¦ç»†çš„è¯´æ˜Žã€‚è®ºæ–‡ä¸è¿˜ç»“åˆäº†å®žä¾‹æ¨¡åž‹é›†ä¸ä»ŽåŸºäºŽXMLæ–‡æ¡£çš„æ‰©å±•RBACæ¨¡åž‹çš„ç³»ç»Ÿå®žçŽ°åŠå…¶ç³»ç»Ÿå®žçŽ°æ‰€éœ€çš„ä¸»è¦æŠ€æœ¯æ”¯æŒè¿›è¡Œè€ƒè™‘,é’ˆå¯¹åŸºäºŽXMLæ–‡æ¡£çš„æ‰©å±•RBACæ¨¡åž‹çš„è®¾è®¡,ç»“åˆä¸€ä¸ªç®€åŒ–çš„ä¼ä¸šå†…éƒ¨äººå‘˜ç®¡ç†ä¿¡æ¯ç³»ç»Ÿä¸ºè®¿é—®æŽ§åˆ¶æ¨¡åž‹çš„åº”ç”¨çŽ¯å¢ƒ,è¿›è¡Œæ›´ä¸ºç›´è§‚å’Œæ·±å…¥çš„æè¿°å¹¶å…·ä½“å±•ç¤ºäº†åœ¨åŸºäºŽXMLæ–‡æ¡£çš„æ•°æ®åº“ä¸,å®žçŽ°æ‰©å±•çš„RBACç³»ç»Ÿæ‰€ä½¿ç”¨çš„å…³é”®æ€§æŠ€æœ¯ã€‚æœ¬è®ºæ–‡é¦–å…ˆå¯¹è®¿é—®æŽ§åˆ¶æ¨¡åž‹ä¸çš„å®¢ä½“æŒ‰ç…§å…¶å±žæ€§è¿›è¡ŒæŠ½è±¡å½’ç±»,å†å°†æƒé™é…ç½®ç»™ä¸€ç±»å®¢ä½“,æ¨¡åž‹ä¸çš„ä¸»ä½“å¯¹å®¢ä½“çš„è®¿é—®æƒé™,æ˜¯ç”±ä¸»ä½“å¯¹åº”çš„è§’è‰²å’Œè®¿é—®åŸŸå…±åŒæ¥ç¡®å®š,è¿™æ ·æžå¤§åœ°å‡å°‘äº†è§’è‰²å’Œæƒé™çš„å®šä¹‰æ•°é‡ã€‚å…¶æ¬¡æ–‡ç« é‡‡ç”¨çš„æ˜¯èŒè´£å…³ç³»éš”ç¦»(separation of duties)è§„åˆ™æ¥è§£å†³ç³»ç»Ÿä¸è§’è‰²é—´å˜åœ¨çš„åˆ©ç›Šå†²çªï¼Œä»¥é¿å…ç”¨æˆ·æƒé™è¿‡å¤§æˆ–è€…ç”¨æˆ·è¶Šä½è¶Šæƒç‰çŽ°è±¡å‡ºçŽ°,è€Œå½±å“ç³»ç»Ÿçš„å®‰å…¨æ€§èƒ½ã€‚æ–‡ç« è¿˜å°†ä½¿ç”¨schematron(åŸºäºŽè§„åˆ™çš„XMLæ¨¡å¼è¯è¨€)æ¥å¯¹çº¦æŸè§„åˆ™è¿›è¡Œå½¢å¼åŒ–æè¿°ã€‚åŸºäºŽXMLæ–‡æ¡£çš„æ‰©å±•RBACæ¨¡åž‹èƒ½å¤Ÿç¬¦åˆXMLæ–‡æ¡£ç»†ç²’åº¦çš„è®¿é—®æŽ§åˆ¶éœ€æ±‚,è¯¥æ¨¡åž‹ç»“æž„ç®€æ´çµæ´»ä¸”æ¯”è¾ƒå®¹æ˜“å®žçŽ°ã€‚æ›´å¤š è¿˜åŽŸ

ã€Abstractã€‘ With the rapid development of Internet, more and more in-depth Internet-based applications, and XML is either as a markup language, or it is used as the stored structure of the databases on a variety of applications as the Internet has been growing more and more widely used. XML as an information carrier in order to solve the security problems caused by widely used security services model - secure access control model, has become the focus of research is now.This paper takes the traditional role-based access control (RBAC) model as the starting point of the study,and puts forward the extended RBAC model that based on the XML document database.This model uses the Schema language to define the document structure of the XML database,according to the characteristics of the XML document,on the problem that the role model authorized redundantly and the constraint mechanism performed imperfectly of the RBAC model that based on XML,we put forward a new extended RBAC model that based on XML documents which is effective and expansive.This paper analyzes existing problems of the traditional RBAC model, and on this basis puts forward the solution of these problems-the extended RBAC model that based on the XML documents, and completely defines and details to the new extended RBAC model. The paper combines instance model and focus from the implementation of system and needed technical supports for the extended RBAC model that based on the XML documents to consider, and directs at the design of the extended RBAC model that based on the XML documents, combines the technical support for the main consideration for the extension of RBAC-based XML document model design, and combined with a simplified internal staff management information system as the application environment to access control model to describe which more intuitive and in-depth,and definite shows that achieved the key technologies for the extended RBAC system on the database that based on the XML documents.Firstly, in this paper,we classify the object of the access control model abstractly according to their attributes,then assign the permissions to a class of objects.The access permission of the subject to the object in the model is decided by the corresponding roles and access domain of the subject,this way can greatly reduce the number of the roles and permissions definitions. Secondly,this paper adopts the rules of separation of duties to solve the rolesâ€™ interest conflict in the system,in order to avoid the phenomenon that the users have excessive permissions or the users beyond their authorities which affects the security performance of the system.In addition,this paper also uses the schematron(the XML schema language based on rules) to describe the constraint rules formally.The extended RBAC model that based on XML document can satisfy the fine-grained access control requirements of the XML document.This modelâ€™s structure is simple and flexible,and itâ€™s easy to be realized.æ›´å¤š è¿˜åŽŸ

ã€å…³é”®è¯ã€‘ XMLï¼› RBACï¼› å…¬å…±è®¿é—®åŸŸï¼› ç‰¹å®šè®¿é—®åŸŸï¼› çº¦æŸè§„åˆ™ï¼›
ã€Key wordsã€‘ XMLï¼› RBACï¼› PADï¼› SADï¼› Constrained Rulesï¼›

ã€ç½‘ç»œå‡ºç‰ˆæŠ•ç¨¿äººã€‘ å±±ä¸œå¤§å¦

ã€åˆ†ç±»å·ã€‘TP309
ã€ä¸‹è½½é¢‘æ¬¡ã€‘35
æ”»è¯»æœŸæˆæžœ

çŸ¥ç½‘èŠ‚ä¸‹è½½

èŠ‚ç‚¹æ–‡çŒ®ä¸ï¼š

æœ¬æ–‡é“¾æŽ¥çš„æ–‡çŒ®ç½‘ç»œå›¾ç¤º:

æœ¬æ–‡çš„å¼•æ–‡ç½‘ç»œ

èŠ‚ç‚¹æ–‡çŒ®

èŠ‚ç‚¹æ–‡çŒ®

XMLæ•°æ®åº“çš„æ‰©å±•RBACæ¨¡åž‹æž„å»º

Building of Extended RBAC Model for XML Database

æœ¬æ–‡é“¾æŽ¥çš„æ–‡çŒ®ç½‘ç»œå›¾ç¤º:

XMLæ•°æ®åº“çš„æ‰©å±•RBACæ¨¡åž‹æž„å»º