Web统一用户权限控制模型的研究与设计
|
摘要
基于角色的访问控制从上世纪90年代开始出现,其基本思想是:把对资源的访问权限分配给角色,根据用户的职能和责任把适当的角色赋予用户,角色在资源和用户之间起到桥梁作用。它支持最小特权、责权分离和数据抽象等安全原则,在大型应用系统中应用广泛。在学术界,基于角色的访问控制也是一个研究热点,其中以美国George Macron大学的Sandhu等人提出的基于角色的访问控制模型(RBAC96、ARBAC97、ARBAC99等)影响较大。
尽管目前已有的基于角色的访问控制模型可以解决一般的权限问题,但是也存在一些不完善之处,比较难于在大企业和组织的管理信息系统中使用:比如很多模型的具体实现只能控制业务权限,对数据权限的控制很弱或者不好控制;权限控制的粒度太粗,不能做到细粒度、精致的控制;很多权限系统实现效率太低,每次权限验证都需要多次访问数据库,对系统响应时间影响较大;RBAC96模型中角色只能集中式管理,不适应大组织和企业中的非集中式管理和分级授权要求;以及RBAC系列模型不支持动态权限,对工作流中产生的动态角色无法进行细致的控制权限等等。
论文借鉴了RBAC96、ARBAC97模型和TBAC模型的核心思想和优点,并进行了改进,引入了管理域的思想进行分级授权,并使用规则策略实现主体和客体的关联以及对动态权限、上下文相关权限的支持,提出了基于管理域和规则策略的角色管理模型,即DR-ARBAC模型,很好的解决了上述问题。
针对Web应用中的管理信息系统的特点,结合实验室科研项目中国某极地研究所极地科学数据库系统和上海某学院数字校园项目的具体需求,论文分析并给出了DR-ARBAC模型的具体实现,透明的应用于新开发的系统,实现了权限的非集中式管理,在不同组织机构中保证权限控制相对统一,同时又不相互影响,对于数据权限、动态权限和工作流中的动态角色也提供了支持;对于模型实现中的效率和灵活性问题,也给出了具体的解决方案。
在扩展性和灵活性方面,DR-ARBAC模型本身也提供模型的扩展点,通过规则策略中自定义不同的策略,并在上下文支持下,可以扩展本模型,从而支持管理信息系统中复杂多变的权限业务要求。
Arise from the beginning of the 1990s, and the basic idea of Role Based Access Control (RBAC) is: allocate the permissions of resources access to the role; assign the appropriate roles to users according to the functions and responsibilities of that user; the role played as a bridge between users and resources. It supports Principle of Least Privilege, Separation of Duty and Data Abstract, widely used at the large-scale application system. In the academic community, RBAC is also a hotspot; Sandhu’s model of (RBAC96, ARBAC97, and ARBAC99) in the University of the George Macron in United States has the largest impact.
While RBAC can solve the question of general permission problem, there are still some imperfections in the use of management information systems in more difficult environment in the large enterprises and organizations. For example, many of the specific implementation of RBAC can only achieve to control business permission, the data permission control is weak or poor; control of the authority is too coarse granularity, and cannot achieved exquisite control; many permissions system are low efficiency which need too many visits to the database, the system response time is greatly influenced by the RBAC; most of such system does not meet the non-centralized management requirements of organizations and enterprises, and does not support dynamic permission of the work flow and the dynamic role, and so on.
This thesis improved the model based on core ideology from the RBAC96, ARBAC97 model, and introduced the management domain's ideology and use rule policy to relate Subject and Object, proposed manage domain and rule policy based ARBAC model, the DR-ARBAC model, to satisfactorily resolve these problems.
According to characteristics of management information system in the web applications, together with specific needs between polar scientific database system in Polar Research Institute of China and the Shanda Digital Campus project in Shanghai Shanda Institute, this thesis analysis and give a concrete realization of model DR-ARBAC, and transparently applied to the newly developed system to achieve authority of non-centralized management, ensure relatively uniform access control within different organizations with lower side effect, also provided support for the data permission, dynamic permission and dynamic roles in work flow.
Regard to scalability and flexibility, DR-ARBAC model itself also provides the expansion point; the rule policy of this model can be extended to support the management information system in permission of the complex and volatile business requirements.
尽管目前已有的基于角色的访问控制模型可以解决一般的权限问题,但是也存在一些不完善之处,比较难于在大企业和组织的管理信息系统中使用:比如很多模型的具体实现只能控制业务权限,对数据权限的控制很弱或者不好控制;权限控制的粒度太粗,不能做到细粒度、精致的控制;很多权限系统实现效率太低,每次权限验证都需要多次访问数据库,对系统响应时间影响较大;RBAC96模型中角色只能集中式管理,不适应大组织和企业中的非集中式管理和分级授权要求;以及RBAC系列模型不支持动态权限,对工作流中产生的动态角色无法进行细致的控制权限等等。
论文借鉴了RBAC96、ARBAC97模型和TBAC模型的核心思想和优点,并进行了改进,引入了管理域的思想进行分级授权,并使用规则策略实现主体和客体的关联以及对动态权限、上下文相关权限的支持,提出了基于管理域和规则策略的角色管理模型,即DR-ARBAC模型,很好的解决了上述问题。
针对Web应用中的管理信息系统的特点,结合实验室科研项目中国某极地研究所极地科学数据库系统和上海某学院数字校园项目的具体需求,论文分析并给出了DR-ARBAC模型的具体实现,透明的应用于新开发的系统,实现了权限的非集中式管理,在不同组织机构中保证权限控制相对统一,同时又不相互影响,对于数据权限、动态权限和工作流中的动态角色也提供了支持;对于模型实现中的效率和灵活性问题,也给出了具体的解决方案。
在扩展性和灵活性方面,DR-ARBAC模型本身也提供模型的扩展点,通过规则策略中自定义不同的策略,并在上下文支持下,可以扩展本模型,从而支持管理信息系统中复杂多变的权限业务要求。
Arise from the beginning of the 1990s, and the basic idea of Role Based Access Control (RBAC) is: allocate the permissions of resources access to the role; assign the appropriate roles to users according to the functions and responsibilities of that user; the role played as a bridge between users and resources. It supports Principle of Least Privilege, Separation of Duty and Data Abstract, widely used at the large-scale application system. In the academic community, RBAC is also a hotspot; Sandhu’s model of (RBAC96, ARBAC97, and ARBAC99) in the University of the George Macron in United States has the largest impact.
While RBAC can solve the question of general permission problem, there are still some imperfections in the use of management information systems in more difficult environment in the large enterprises and organizations. For example, many of the specific implementation of RBAC can only achieve to control business permission, the data permission control is weak or poor; control of the authority is too coarse granularity, and cannot achieved exquisite control; many permissions system are low efficiency which need too many visits to the database, the system response time is greatly influenced by the RBAC; most of such system does not meet the non-centralized management requirements of organizations and enterprises, and does not support dynamic permission of the work flow and the dynamic role, and so on.
This thesis improved the model based on core ideology from the RBAC96, ARBAC97 model, and introduced the management domain's ideology and use rule policy to relate Subject and Object, proposed manage domain and rule policy based ARBAC model, the DR-ARBAC model, to satisfactorily resolve these problems.
According to characteristics of management information system in the web applications, together with specific needs between polar scientific database system in Polar Research Institute of China and the Shanda Digital Campus project in Shanghai Shanda Institute, this thesis analysis and give a concrete realization of model DR-ARBAC, and transparently applied to the newly developed system to achieve authority of non-centralized management, ensure relatively uniform access control within different organizations with lower side effect, also provided support for the data permission, dynamic permission and dynamic roles in work flow.
Regard to scalability and flexibility, DR-ARBAC model itself also provides the expansion point; the rule policy of this model can be extended to support the management information system in permission of the complex and volatile business requirements.
引文
[1]. Ravi Sandhu,Coyne E J, Feinstein H L et al. Role_Based Access Control Modals. IEEE Computers, 1996,29(2) : 38-47.
[2]. David F. Ferraiolo, Ravi S. Sandhu, Serban Gavrila, D. Richard Kuhn and Ramaswamy Chandr-amouli. Proposed NIST standard for role-base access control[J]. ACM Transactions on Information and Systems Security, Aug 2001,3:224~274
[3]. Sanhu R , Bhamidipati V , Munawer Q.The ARBAC97 model for role-based administration of roles.ACM Transactions Information and System Security,1999,2(1):105~135
[4]. John Barkley.Rationale for the RBAC96 family of access control models. ACM Transactions on Information and System Security,1996,2(1):154~162
[5]. R.KThomaS,R.5.Sandhu,Odyssey Researeh Assoeiates.Task 一 based Authorizatior Controls(TBAC):A Family of Models of Active and Enterprise 一 Oriented Authorization Management. T.Y.Lin,Shelly Qian eds.Proeeedings of the IFIP WGll.3 WorkshoP on Database Security.LakeTahoe,California.1997.NewYork:Chapman&Hall,1998.409 一 415.
[6]. E.Bertino , E.Ferrari , V.Atluri.Speeifieation and Enforecement of Authorization Constraints in Workflow Management Systems.ACM Transactionson Information and System Security,1999,25(6):65 一 104.
[7]. Miehael J. Covington,MatthewJ.Moyeretal.Generalized Role 一 Based Access Control for Seeuring Future Applications.Proe.2000 National Information Systems Seeurity Conferenee,Baltimore,MD,Oct.2000.
[8]. Von Solms S H, Der Merwe L V. The management of computer security profiles using a role-oriented approach .Computers &Security, 1994, 13(8) :673~680.
[9]. 陈林, 阳富民, 胡贯荣. 基于角色的多级访问控制模型[J]. 华中科技大学学报(自然科学版) , 2002,(02)
[10]. C.Mccollum, J.Messing and L.Notargiacomo. Beyond the pale of MAC and DAC—defining new forms of access control .In Proceedings of the Symposium on Security and Privacy,IEEE Press, Los Alamitos, California, 1990, :190-900 .
[11]. 李成锴,詹永照,茅兵,谢立. 基于角色的 CSCW 系统访问控制模型[J]软件学报 , 2000,(07) .
[12]. 安晓江 , 李大兴 .PMI 系统中 RBAC 策略的实现与管理 . 计算机工程与应用,2004(7):115-117
[13]. 乔颖,须德,戴国忠. 一种基于角色访问控制(RBAC)的新模型及其实现机制[J]计算机研究与发展 , 2000,(01) .
[14]. 胡和平, 汪传武. 一种基于角色访问控制的新模型[J]. 计算机工程与科学 ,2002,(04)
[15]. 王新月. 校园网中的 Role-based Access Control 模型设计[J]. 计算机与现代化 , 2004,(03)
[16]. 刘琼波,施军,尤晋元.用 RBAC 实现 DAC 和 MAC 的一种方法.计算机工程,2000,26(10):62~64
[17]. Ravi Sandhu, Role Activation Hierarchies In Proceeding of 3rd ACM Workshop on Role Based Access Control[C].ACM, Fairfax, October 1998.
[18]. 刘伟, 孙玉芳. 基于角色访问控制模型及其在操作系统中的实现[J]. 计算机科学,2003,30(8):166~168
[19]. Jason Crampton. Understanding and Developing Role-Based Administrative Models[C] .Proceedings of the 12th ACM Conference on Computer and Communications Security CCS‘05. 2005, :158-167 .
[20]. Department of Defense Computer Security Center. Trusted Computer System Evaluation Criteria. DoD 5200. 28-STD. 1985.
[21]. D. P. Guelev, M. Ryan, and P.-Y. Schobbens. Model-checking access control policies. In Proc. 7th Information Security Conference (ISC), pages 219–230, 2004.
[22]. 叶春晓,符云清,吴中福. RBAC 中权限扩展的实现. 计算机工程 , 2005, (09)
[23]. Sejong Oh,Seog Park. Task-role-based access control model. Information Systems,2003,28(6):533~562
[24]. Steve Barker,Peter J. Stucky. Flexible access control policy specification with constraint logic programming.ACM Transactions on Information and System Security,2003,6(4):501~546
[25]. John F. Barkley, D. Richard Kuhn, Lynne S. Rosenthal. Role-Based Access Control for the Web. http://hissa.ncsl.nist.gov/rbac/cals-paper.html
[26]. Osborn S, Sandhu R, Munawer Q. Configuring rolebased access control to enforce mandatory and discretionary access control policies .ACM Transactions on Information and System Security, 2000, 3 :85-106 .
[27]. 高昊江, 张宜生等. 面向 Web 服务的企业信息系统集成开发技术研究与应用[J]. 计算机工程与科学. 2004,26(6):105~109
[28]. Christopher C. Shilakes and Julie Tylman, “Enterprise Information Portals”. Merrill Lynch, 16 November,1998
[29]. 崔艳荣. RBAC 在医院管理信息系统中的应用. 电脑知识与技术 , 2005, (02)
[30]. Ravi Sandhu. Mandatory controls for database integrity[A]. In: D. L. Spooner and C. E. Landwe-hr,
[31]. 毛碧波,孙玉芳. 角色访问控制[J]. 计算机科学,2003,30(1):121~123
[32]. 孙晋文,肖建国. 企业应用集成与基于 Web service 的构架应用[J]. 计算机工程与应用,2003,21:205~208
[33]. 陈旺, 李中学, 廖虎雄. 多重安全的 Web RBAC 系统研究与实现. 第九届全国青年通信学术会议论文集 , 2004
[34]. 黄凯, 陈云等. 基于角色的 B/S 系统访问控制的研究与应用[J]. 计算机工程与应用, 2003,20:227~229
[35]. Yang, Geng, "A novel approach for role-based access control", Chinese Journal of Electronics, v 16, n 1, January, 2007, p 1-6
[36]. Chen, Ying, "Dynamic access control scheme across multi-domains in grid environment", Computer Research and Development, v 43, n 11, November, 2006, p 1863-1869
[37]. ISO 10181-3,Information technology Open systems interconnection Security frameworks for open systems Access control framework.1996
[38]. Sandhu, R.,"Role Hierarchies and Constraints for Lattice-Based Access Controls," Proc. of the Fourth European Symposium Research in Computer Security, Rome, Italy, September 25-27, 1999.
[39]. Osborn, S. L.”Mandatory Access Control and Role-Based Access Control Revisited,“ Proceedings of the Second AC}I Workshop on Role-Based Access Control,November 1997.
[40]. Yolanta Beresneviehiene. A role and context based security model. Technical Report UCAM-CL-TR-558,Computer Laboratory,University of Cambridge,January2003.
[41]. 欧阳星明,张华哲.大型 MIS 系统中基于角色的权限管理.计算机工程与应用,2000,36(4):138~140
[2]. David F. Ferraiolo, Ravi S. Sandhu, Serban Gavrila, D. Richard Kuhn and Ramaswamy Chandr-amouli. Proposed NIST standard for role-base access control[J]. ACM Transactions on Information and Systems Security, Aug 2001,3:224~274
[3]. Sanhu R , Bhamidipati V , Munawer Q.The ARBAC97 model for role-based administration of roles.ACM Transactions Information and System Security,1999,2(1):105~135
[4]. John Barkley.Rationale for the RBAC96 family of access control models. ACM Transactions on Information and System Security,1996,2(1):154~162
[5]. R.KThomaS,R.5.Sandhu,Odyssey Researeh Assoeiates.Task 一 based Authorizatior Controls(TBAC):A Family of Models of Active and Enterprise 一 Oriented Authorization Management. T.Y.Lin,Shelly Qian eds.Proeeedings of the IFIP WGll.3 WorkshoP on Database Security.LakeTahoe,California.1997.NewYork:Chapman&Hall,1998.409 一 415.
[6]. E.Bertino , E.Ferrari , V.Atluri.Speeifieation and Enforecement of Authorization Constraints in Workflow Management Systems.ACM Transactionson Information and System Security,1999,25(6):65 一 104.
[7]. Miehael J. Covington,MatthewJ.Moyeretal.Generalized Role 一 Based Access Control for Seeuring Future Applications.Proe.2000 National Information Systems Seeurity Conferenee,Baltimore,MD,Oct.2000.
[8]. Von Solms S H, Der Merwe L V. The management of computer security profiles using a role-oriented approach .Computers &Security, 1994, 13(8) :673~680.
[9]. 陈林, 阳富民, 胡贯荣. 基于角色的多级访问控制模型[J]. 华中科技大学学报(自然科学版) , 2002,(02)
[10]. C.Mccollum, J.Messing and L.Notargiacomo. Beyond the pale of MAC and DAC—defining new forms of access control .In Proceedings of the Symposium on Security and Privacy,IEEE Press, Los Alamitos, California, 1990, :190-900 .
[11]. 李成锴,詹永照,茅兵,谢立. 基于角色的 CSCW 系统访问控制模型[J]软件学报 , 2000,(07) .
[12]. 安晓江 , 李大兴 .PMI 系统中 RBAC 策略的实现与管理 . 计算机工程与应用,2004(7):115-117
[13]. 乔颖,须德,戴国忠. 一种基于角色访问控制(RBAC)的新模型及其实现机制[J]计算机研究与发展 , 2000,(01) .
[14]. 胡和平, 汪传武. 一种基于角色访问控制的新模型[J]. 计算机工程与科学 ,2002,(04)
[15]. 王新月. 校园网中的 Role-based Access Control 模型设计[J]. 计算机与现代化 , 2004,(03)
[16]. 刘琼波,施军,尤晋元.用 RBAC 实现 DAC 和 MAC 的一种方法.计算机工程,2000,26(10):62~64
[17]. Ravi Sandhu, Role Activation Hierarchies In Proceeding of 3rd ACM Workshop on Role Based Access Control[C].ACM, Fairfax, October 1998.
[18]. 刘伟, 孙玉芳. 基于角色访问控制模型及其在操作系统中的实现[J]. 计算机科学,2003,30(8):166~168
[19]. Jason Crampton. Understanding and Developing Role-Based Administrative Models[C] .Proceedings of the 12th ACM Conference on Computer and Communications Security CCS‘05. 2005, :158-167 .
[20]. Department of Defense Computer Security Center. Trusted Computer System Evaluation Criteria. DoD 5200. 28-STD. 1985.
[21]. D. P. Guelev, M. Ryan, and P.-Y. Schobbens. Model-checking access control policies. In Proc. 7th Information Security Conference (ISC), pages 219–230, 2004.
[22]. 叶春晓,符云清,吴中福. RBAC 中权限扩展的实现. 计算机工程 , 2005, (09)
[23]. Sejong Oh,Seog Park. Task-role-based access control model. Information Systems,2003,28(6):533~562
[24]. Steve Barker,Peter J. Stucky. Flexible access control policy specification with constraint logic programming.ACM Transactions on Information and System Security,2003,6(4):501~546
[25]. John F. Barkley, D. Richard Kuhn, Lynne S. Rosenthal. Role-Based Access Control for the Web. http://hissa.ncsl.nist.gov/rbac/cals-paper.html
[26]. Osborn S, Sandhu R, Munawer Q. Configuring rolebased access control to enforce mandatory and discretionary access control policies .ACM Transactions on Information and System Security, 2000, 3 :85-106 .
[27]. 高昊江, 张宜生等. 面向 Web 服务的企业信息系统集成开发技术研究与应用[J]. 计算机工程与科学. 2004,26(6):105~109
[28]. Christopher C. Shilakes and Julie Tylman, “Enterprise Information Portals”. Merrill Lynch, 16 November,1998
[29]. 崔艳荣. RBAC 在医院管理信息系统中的应用. 电脑知识与技术 , 2005, (02)
[30]. Ravi Sandhu. Mandatory controls for database integrity[A]. In: D. L. Spooner and C. E. Landwe-hr,
[31]. 毛碧波,孙玉芳. 角色访问控制[J]. 计算机科学,2003,30(1):121~123
[32]. 孙晋文,肖建国. 企业应用集成与基于 Web service 的构架应用[J]. 计算机工程与应用,2003,21:205~208
[33]. 陈旺, 李中学, 廖虎雄. 多重安全的 Web RBAC 系统研究与实现. 第九届全国青年通信学术会议论文集 , 2004
[34]. 黄凯, 陈云等. 基于角色的 B/S 系统访问控制的研究与应用[J]. 计算机工程与应用, 2003,20:227~229
[35]. Yang, Geng, "A novel approach for role-based access control", Chinese Journal of Electronics, v 16, n 1, January, 2007, p 1-6
[36]. Chen, Ying, "Dynamic access control scheme across multi-domains in grid environment", Computer Research and Development, v 43, n 11, November, 2006, p 1863-1869
[37]. ISO 10181-3,Information technology Open systems interconnection Security frameworks for open systems Access control framework.1996
[38]. Sandhu, R.,"Role Hierarchies and Constraints for Lattice-Based Access Controls," Proc. of the Fourth European Symposium Research in Computer Security, Rome, Italy, September 25-27, 1999.
[39]. Osborn, S. L.”Mandatory Access Control and Role-Based Access Control Revisited,“ Proceedings of the Second AC}I Workshop on Role-Based Access Control,November 1997.
[40]. Yolanta Beresneviehiene. A role and context based security model. Technical Report UCAM-CL-TR-558,Computer Laboratory,University of Cambridge,January2003.
[41]. 欧阳星明,张华哲.大型 MIS 系统中基于角色的权限管理.计算机工程与应用,2000,36(4):138~140
© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号 地址:北京市海淀区学院路29号 邮编:100083 电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700 |