【作者】 陈玮；

【导师】 顾韵华；

【作者基本信息】 南京信息工程大学 ， 系统分析与集成， 2008， 硕士

【摘要】 当前,随着网络技术的飞速发展,信息安全问题日益受到关注。身份认证和访问控制作为信息安全领域的两种重要机制,在网络信息系统中发挥着至关重要的作用。但在传统的安全方案中,这两种机制之间缺乏必要的衔接和关联,形成认证与授权之间的脱节,带来了一定的安全隐患。为解决此问题,本文提出了基于可信度的RBAC模型。该模型将可信度技术与访问控制相结合,将身份认证的结果用可信度值来度量,以此来强化身份认证与访问控制的联系。论文研究了在RBAC中引入可信度的模型及实现的相关问题,主要研究工作包括:(1)引入可信度的RBAC模型及特点;(2)可信度及其计算;(3)基于可信度的对象访问条件;(4)引入可信度的RBAC模型在教学管理系统中的应用。论文着重分析了基于可信度的对象访问条件,用户通过不同的认证机制将获得不同的可信度值,系统以此作为访问判定的依据,授予用户不同的访问权限。将此对象访问条件应用到RBAC访问控制模型中,用户必须通过角色、权限的可信激活约束才能获得相应权限,否则其权限将减少或者受限。由于在授权中考虑了用户认证结果,因此该模型实现了身份认证和访问控制的关联。以我校教学管理系统的研发为背景,提出了系统中安全子系统的整体结构,将基于可信度的RBAC模型应用到该系统中,规划了系统对用户进行身份认证和访问控制的流程,并详细分析了各安全组件的功能和数据库的设计。更多还原

【Abstract】 Nowadays, with the development of network, the problem of information security is emphasized more and more. As tow important security technologies in the area of information security, authentication and access control have played an important role in network information systems. However, in traditional security plans, there exists a key problem that these two mechanisms have little relationship with each other. This causes the authentication and the authorization disjointed and thus brings potential safety threats.To solve this problem, this issue raises the RBAC model based-on trustworthiness. This model combines access control with trustworthiness technology, using the trustworthiness value to measure the result of authentication. In this way, the relationship between authentication and access control has been strengthened. The model and the application of RBAC based-on trustworthiness are researched in this paper. The main task includes: (1) the RBAC model based-on trustworthiness and its features; (2) trustworthiness value and its calculation; (3) the object access condition base-on trustworthiness; (4) the application of the trustworthiness-based RBAC model in the teaching administration system.The object access condition base-on trustworthiness is stressed in this paper. The users get different trustworthiness values according to the intensity of the authentication rules which they have passed. Then the trustworthiness value will become the decision basis for the system granting different authorities to the user. Applying this object access condition to RBAC access model, the users cannot get their deserved authorities unless they have satisfied the two levels trust access constraints for roles and permissions. Because the result of authentication is considered in the process of authorization, this model favorably reaches the goal of relating the authentication process and access control.At the background of the research and development of the teaching administration system for our school, the overall structure of the security sub-system is proposed. Applying the trustworthiness-based RBAC model to the security sub-system, the flow process of authentication and access control is programmed. And the function of the security components and the design for database are also detailed discussed.更多还原