【作者】 罗安德；

【导师】 胡华；

【作者基本信息】 浙江工商大学 ， 计算机应用技术， 2009， 硕士

【摘要】 随着计算机与网络通信技术的高速发展,互联网已经将政务、商务、以及人们的日常生活紧密联系在一起。但是,在享受信息高度网络化带来的种种便利之时,我们还必须应对随之而来的威胁信息安全的各种挑战。一个没有安全保障的系统难以提供安全有效的业务支持,人们逐渐认识到,信息安全是系统设计开发的重要因素。针对目前主要的信息安全技术,本文选择了网络安全防范和保护的核心内容——访问控制技术作为研究内容。作者在分析目前流行的Role Base Access Control(基于角色的访问控制,RBAC)、Task Based Access Control(基于任务的访问控制,TBAC)、Task-Role Based Access Control(基于任务-角色的访问控制,TRBAC)等主流访问控制模型的基础上,比较了各模型的应用特点与局限性。并从形式化描述、约束规则、授权规则以及安全性分析等方面对TRBAC进行了深入的研究和分析。针对浙江省学科竞赛门户网站系统的安全性需求和具体的应用特点——系统中的同一用户的权限随应用的变化而变化,将TRBAC访问控制模型应用到本系统的访问控制机制中。在具体的应用实施中,本文还针对具体的业务需求,从增强系统的灵活性和易维护性角度出发,对TRBAC的具体应用实施做了部分改进——访问权限以及系统资源的模块化管理和基于面向对象的任务分类思想的引入。同时在系统设计阶段,利用统一建模语言——UML对TRBAC访问控制模型进行建模、分析和设计,为访问控制模型在系统中的具体实现提供了参考依据。最后,本文从TRBAC在系统中的具体应用入手,用面向对象的方法来设计实现该系统,使系统的各个层次相对独立,降低了系统的耦合性。另外,为提高代码的复用性,增强系统的灵活性和可维护性,在系统开发过程中采用了整合Struts、Hibernate和Spring的轻量级J2EE体系架构进行开发设计,使系统的分层更加清晰、程序健壮性进一步得到提高。更多还原

【Abstract】 With the rapid development of the computer technology and network, the internet has connected the government, business and the people’s daily life closely. But, when we enjoy the conveniences of the network, we must copy with the kinds of challenges with the information securities. The networks without security is just like as a castle in the air, the safety is gradually become the first element of the network construction. According to the main information security technologies, this paper chosethe core strategy of the network security and protection--accesscontrol technology as the research content.The writer study and analyze the current mainstream access control models fatherly, such as TBAC、RBAC and TRBAC, and analyze the characteristics and limitations of their application. Particularly, introduce and analyze the model of TRBAC in detail, including its formal description, constraint rules, authorization rules, and security’s analysis and so on. According to the security needs of the project of the portal system of the subject contest of this province and its specificcharacteristics of the business--the same user’s access changes withthe business in this system, we use the model of the TRBAC applying in the system. In the specific application, according to the specific business needs and enhancing the flexibility and Maintenance of the system, we make some improvement in the specific application of TRBAC, such as the modular management with the access permission and the system resource, and the classification ideology of the tasks’ application based on object-oriented. When the design stage, we use the UML to model、analyze and design the TRBAC model, which provide the References for the specific realization of the system.Finally, basing on the specific application of TRBAC in this system, we use the Object-oriented method to realize the system, which makes all levels of the system independent relatively and ensures the system of the coupling loose. In addition, in order to improve the reusability of the codes, enhance the flexibility and maintainability of the system, we use the lightweight j2ee architecture for the development ,which is based on the integration of the Struts, Hibernate and Spring. And it makes the levels of the system more clear, and the program more robust.更多还原