用户名: 密码: 验证码:
电子政务中基于组织的访问控制方法及模型研究
详细信息    本馆镜像全文|  推荐本文 |  |   获取CNKI官网全文
摘要
随着信息技术,特别是网络技术的飞速发展,电子政务系统也正经历着由过去单一、小规模的信息系统向现在大型、多应用、分布式的复杂信息系统发展的趋势,系统的规模和复杂度不断膨胀,随之而来的是业务领域的不断扩展、信息资源和工作人员的不断扩张,所有这些都导致了电子政务系统的安全维护变得越来越困难,系统中的权限管理和访问控制工作也变得越来越重要。因此,如何高效、严谨、实用地进行授权管理是电子政务系统建设和整合的关键所在,也是目前国内外专家学者研究工作的热点。
     近年来,基于角色的访问控制模型(Role-based Access Control, RBAC)受到了广泛的关注。该模型不但改善了传统信息系统中权限管理上的任意性和强制性,而且为解决分布式环境下的访问控制问题提供了便利。同时,国内外专家学者根据实际业务的需要,以RBAC模型为基础,对其转授权模型和跨组织、跨信息系统业务协作过程中的授权技术也进行了大量的研究,并取得了一定的研究成果。然而RBAC模型由于其自身特点,模型的复杂度与角色数目、权限数目、角色层次结构的规模密切相关,因此其普遍适用于规模相对较小,用户数、角色数相对有限的信息系统,而在面对当前多级、多部门、分布式的复杂电子政务系统时,由于此时的用户数目、角色数目和权限数目非常庞大,因此基于RBAC模型体系的系统性能会显著降低,并且其管理复杂度也会随之增加,这不但对电子政务系统的权限管理和访问控制工作造成了很大的困难,而且同样对以RBAC模型为基础的转授权模型和组织间业务协作授权技术带来了很多的问题。
     大连理工大学王延章教授采用系统工程的视角,从电子政务系统所具有的组织性角度出发,提出了一种以组织为权限管理核心的基于组织的访问控制方法(Organizaiton-based Access Control Method, OBACM)。OBACM采取以人为本、以管理为主线、以组织为核心的基本思想,一方面有效地解决了RBAC模型无法适应当前多级、多部门、分布式复杂电子政务系统的问题,另一方面与真实世界中政府的实际工作方式相吻合,因此能够更加高效地进行授权管理工作。
     本文的研究工作正是以王延章教授提出的基于组织的访问控制方法为基础,并将其应用到当前复杂电子政务系统组织内部和组织间授权、转授权业务的具体处理过程中来,论文的主要研究内容如下:
     (1)从RBAC模型在面对当前多级、多部门、分布式的复杂电子政务系统时所体现出的处理能力上的不足入手,通过深入分析组织、组织结构和岗位三者的概念和内涵以及组织在电子政务系统的权限管理和访问控制工作中所具有的核心地位,引入基于组织的访问控制方法,并基于此构建其实现模型-OB4LAC模型。通过对OB4LAC模型的具体分析,给出了其组成成员,形式化描述,以及其子模型UPA, PORA、PERA和RRA各自的运行和管理方式。
     (2)从基于RBAC的转授权模型在面对当前多级、多部门、分布式的复杂电子政务系统时所体现出的处理能力上的不足入手,采用基于组织的访问控制方法,构建了一个全新的转授权模型-基于组织的四层动态转授权模型(OB4LDDM)。模型一方面解决了RBAC模型无法适应当前多级、多部门、分布式复杂信息系统的问题;另一方面对转授权过程发起时授权双方协议的达成以及转授权过程发起后授权粒度的动态控制问题提供了支持,并且OB4LDDM模型良好的物理和时空特性也使转授权处理流程变得更加简单和可控。在对OB4LDDM模型的基本思想,组成成员和形式化模型进行充分阐述的基础上,通过具体示例给出了OB4LDDM模型在不同业务情况下转授权发起和撤销的具体实现过程。
     (3)电子政务系统出于对系统权限的可控性和资源的安全性等方面的考虑,其在授权、转授权的具体业务处理过程中不可避免的要受到时限约束、系统资源约束和互斥事件约束三者的统一作用,这里将其统称为复杂时空约束的作用。本文从上述实际问题入手,一方面分析和定义了复杂时空约束各自的特征和表现形式,另一方面则讨论了在复杂时空约束的作用下电子政务系统中授权、转授权业务发起和撤销的具体处理机制,并同时给出了其实现的详细算法流程。
     (4)分析了现有RBAC模型在处理组织间业务协作授权过程中所存在的两方面不足,一是其所采用的角色映射方法在角色穿越多个组织、多个应用边界后,角色所拥有的权限会发生膨胀;二是不同组织所具有的异构性会导致业务协作过程中授权的困难。针对上述问题,作者采用基于组织的访问控制方法,将岗位作为组织间业务协作的支点,并基于此提出了基于岗位映射的组织间业务协作授权模型-OB4LACpm。OB4LACpm模型一方面弥补了角色映射方法自身的不足,另一方面则通过岗位层的引入解决了不同组织异构性所造成的组织间业务协作上的困难。通过对OB4LACpm模型的深入分析,给出了其组成成员、形式化描述以及具体的实现过程。
     (5)通过应用实例:山西省行政审批电子政务系统,具体讨论了基于组织的访问控制电子政务系统的总体设计和技术体系,以及系统中组织人事管理子系统、资源角色管理子系统和分布式授权管理子系统各自的功能和具体实现方式,并通过大量的图例给出了系统的实现状况和应用效果,从实践的角度论证了基于组织的访问控制方法及模型的科学性和可行性。
Following the rapid development of the information technology and network technology, E-government system has changed a lot, from single and small to large and complex. Business scope, information resources and staff expend with the increase of size and complexity of the system, which make the safe of e-government system harder and harder, thus the authorization management and access control become more and more important. So, how to carry out these works efficiently become the key to the construction and integration of E-government system, and which is also the important work to the research all over the world.
     In recent years, the Role-based Access Control model got much attention, which not only improves the randomicity and mandatory of authorization management in traditional information system, but also do a great performance in distributed environment. Thus, the researchers all over the world do a great deal of extended work based on the RBAC model due to the need of real business, and also got much progress. However, because of the characteristics of RBAC, whose complexity is related to the number of users, roles and permissions closely, so it is more suitable to the smaller information system than others. When RBAC model facing the multi-level and distributed E-government system, its performance is worse and the complexity of management will also increasing greatly. These not only take great troubles to authorizaiton management work, but also bring a lot of problems to the delegation model and authorization technologies between organiziations based on RBAC model. The Professor Yanzhang Wang from Dalian university of technology adopt the view of the system engineering, from the organizational perspective of E-government and puts forward the organizaiton-based access control method, which adopt the people-oriented, make the manage as the main line, on one hand it solve the problem that RBAC modle can not adapt to the current multi-level, complex and distributed e-government system, on the other it coincide with the real work method in the real government, thus it can be more efficient.
     The main work of this essay is using the organization based access control method; apply it to the authorization and delegation among organizations, the work of this essay are as follows:
     (1) Through the research about the organization of government and its work flow, this article believes that the reasons which caused the present problems of RBAC model are due to the conflict in work patterns between the model and the real world. So, this article proposes a new access control method-Organization Based Access Control method and its implementation model-OB4LAC model. OB4LAC model adopt the authorizaiton management based on the organization, and put each departments in the organization into great play, make the entire organization achieve the best working condition finally. This essay also analyzes the member, formal description and sub-models UPA, PORA and PERA of OB4LAC model.
     (2) For the purpose of solving the current problems in the delegation model based on RBAC, this paper do a deep analysis with RBAC and introduce the organization-based access control method, based on it to build a new delegation model-organization-based four levels dynamic delegation model(OB4LDDM).OB4LDDM not only solves the problems that RBAC model can not adapt on the current complex information system, but also provides fine-grained dynamic control and the approach for two sides to reach agreement in delegation process. OB4LDDM also have good physical and temporal characteristics which make the delegation process more simple and controllable, this paper give specific examples on the delegation process to prove it.
     (3) Considering the controllability of authority and the security of resources in E-government system, the business processes have to be constrained by the time, system resources and conflict events. From these practical problems, this paper gives the realization and detailed algorithm about the authorization and delegation model under the complex temporal constraints.
     (4) Through the analysis of RBAC model in the process of collaboration among organizations, this essay put forwards two deficiencies:first, the permission of role would swell when crossing multiple organizations using role mapping methods; second, the heterogeneous among organizations also bring problems in the process of authorization. Thus, this essay using the organization-based access control method, and propose a new business collaboration authorization model-OB4LACpm. OB4LACpm model not only make the lack of role mapping method, but also solve the heterogeneity among organzations through the introduction of positions.
     (5) Through the application:Shanxi administrative approval E-government system, this essay discuss the system design and technology system of the organization-based access control system, and the personnel management subsystems, the resource management subsystem and the distributed authorizaiton management subsystem. Through a lot of illustrations, this essay demonstrates the characters of science and feasibility from the view of practical.
引文
[1]李桃,王烷尘.电子政务系统研究(1)发展与研究现状.系统工程理论方法应用,2003,12(1):1—6
    [2]刘尧.网上行政审批系统的研究与设计[D].湖南:中南大学,2008
    [3]陈波,王烷尘.电子政务建设与政府治理变革.国家行政学院学报,2002,4:23-25.
    [4]探讨我国当前电子政务的现状问题.2009[2009,04,16]http://www.lunwenwang.com/freepaper/managementpaper/electroniccommerce/200904/freepaper_38283.html
    [5]李大珊.电子政务与政府管理变革.技术经济与管理研究,2003(2):101—102.
    [6]寿志勤,靳鹏,杨皖苏,许君.中国电子政务发展综述.预测,2002,21(6):10—13.
    [7]ZhangLong Hua, AhnGail Joon, ChuBei Tseng. A rule-based framework for role-based delegation.In: Proeeedings of the 6th ACM Symposium on Access Control Models and Technologies, Chantilly, Virginia, USA.2001,153-162.
    [8]丁锋.基于OB4LAC的政府组织授权系统模型研究[D].大连:大连理工大学管理与经济学部,2009
    [9]Sandhu R. Role Based Access Control Models [J]. IEEE Computer,1996(2):38-47
    [10]Sandhu R, Bhamidipati V, Munawer Q. The ARBAC97 Model for Role Based Administration of Roles [J].ACM Transaction on Information and System,1999(2):105-135
    [11]D. Ferrariolo, J.F. Barkley, and D.R. Kuhn.A Role-Based Access Control Model and Reference Implementation within a Corporate Intranet [J].ACM Trans. Information and System Security, vol.2, no.1, pp.34-64,1999.
    [12]D.Ferrariolo, R.Sandhu, S.Gavrila, D.R.Kuhn, R.Chandramouli. Proposed NIST Standard for Role-Based Access Control [J]. ACM Trans. Information and System Security, vol.4, no.3, pp.224-274, Aug.2001.
    [13]EJONGOH, CHANGWOOBYUN, SEOG PARK. An Organizational Structure-Based Administration Model for Decentralized Access Control [J]. Journal of Information Science and Engineering,2006, 22:1465-1483.
    [14]李怀明,叶鑫,王延章.复杂政务信息系统的组织与授权管理研究[J].系统工程,2006,4(24):44-48
    [15]丁锋,陈雪龙,王延章,郭剑锋.基于组织的访问控制系统授权验证单层关系模型[J].大连理工大学学报,2011,51(1):132-136
    [16]Graham G S, Denning P J. Protection-Principles and Practice. In AFIPS Spring Joint Computer Conference,1972,40:417-429.
    [17]Schell R R. Security Kernels:A Methodical Design of System Security.In Technical PaPers, USE Inc.Spring Conferenee,1979,3:245-250.
    [18]Denning D E, Secure Information Flow in Computer Systems:[dissertation]. Purdue Univ., West Lafayette, Ind.,1975,5.
    [19]Anderson J P. Computer Security Technology Planning Study. ESD-TR-73-51, vol.1, ESD/AFSC, HanseomAFB, Bedford, Mass.,1972,10(NTIS AD-758206).
    [20]Tolone W, Ahn G J, Pai T, et al. Access control in collaborative system. ACM Computing Surveys, 2005,37(1):29-41.
    [21]LI Q, Zhang X, Qing S, et al. Supporting ad-hoc collaboration with group-based RBAC model. Collaborate Com-2006, Atlanta, Georgia, USA,2006,11.
    [22]Balfanz D, Durfee G, Smetters D K, et al. In search of usable security:five lessons from the field. Security&Privaey Magazine.2004,5(2):19-24.
    [23]Lampson B W. Protection. In 5th Princton symposium on Information Science and systems, 1971:437-443. Reprinted in ACM Operating Systems Review,1974,8(1):18-24.
    [24]Harrison M H, Ruzzo W L, Ullman J D. Protection in operating system.Communications of the ACM,1976,19(8):461-471.
    [25]Lipton R J, Snyder L.A linear time algorithm for deciding subject security. Journal of the ACM,1977, 24(3):455-464.
    [26]Loekman A, Minsky N.Unidirectional transport of rights and take-grant control. IEEE Transactions on Software Engineering,1982,8(6):597-604.
    [27]Bishop M.Theft of information in the take-grant protection model. In Proceeding of IEEE Computer Security Foundations Workshop, Franconia, NH,1988,6:194-218.
    [28]Sandhu R S.The schematic protection model:Its definition and analysis for acyclic attenuating schemes. Journal of the ACM,1988,35(2):404-432.
    [29]Ammann P E, Lipton R J, Sandhu R S.The expressive power of multi-parent creation in monotonic accesse control models. In Proceedings of IEEE Computer Security Foundations Workshop, Franeonia, NH, 1992,6:148-156.
    [30]Ammann P E, Sandhu R S.The extended schematic protection model [J]. The Journal of Computer Security,1992, 1(3&4):335-384.
    [31]Sandhu R S.Expressive power of the schematic protection model.The Journal of Computer Security, 1992, 1(1):59-98.
    [32]Sandhu R S.The typed access matrix model. In Proceedings of IEEE Symposium on Researeh in Security and Privaey, Oakland, CA,1992,5:122-136.
    [33]Ammann P E, Sandhu R S.Implementing transaction control expressions by checking for absence of access rights. In Proceedings of 8th annual computer security Application Conference, San Antonio, TX, 1992,12:131-140.
    [34]Sandhu R S, Suri G. Non-monotonic transformations of access rights. In Proeeedings of IEEE Symposium on Research in Security and Privaey, Oakland, CA,1992,5:148-161.
    [35]Sandhu R S, Ganta S. On testing for absence of rights in access control model. In Proeeedings of IEEE Computer Security Foundations Workshop, Franeonia, NH,1993,6:109-118.
    [36]Munawer Q. Administrative models for role-based access control. A dissertation submitted in Partial fulfillment of the requirements for the degree of Doctor of Philosophy at George Mason University,2000.
    [37]陈旺,李中学,张茂军.角色访问控制和强制访问控制的统一模型研究[J].小型微型计算机系统,2008,29(3):422-427.
    [38]Robert W.Naming and Grouping Privileges to imply security manage in large database. In Proceedings IEEE Computer Society Symposium on Research in Security and Privacy. Oakland, CA.1990,61-70.
    [39]Qian X and Lunt T F. A MAC Policy framework for multilevel relational database[J].IEEE Transactions on Knowledge and Data Engineering,8(1),1996,1-14.
    [40]MeCollum C J, Messing J R, Notargiacomo L. Beyond the Pale of MAC and DAC-Defining new forms of access control. In Proc. of the IEEE Symposium on Security and Privacy.oakland, CA,1990, 190-200.
    [41]Patrick M, Atul P.Methods and limitations of security Policy reconciliation[J].ACM Transactions on information and System Security,9(3),2006,259-291.
    [42]廖通.基于安全视图的XML访问控制模型的研究[D].黑龙江:哈尔滨工程大学,2007
    [43]韩贞.基于XML的访问控制和信任协商的研究[D].陕西:电子科技大学,2005
    [44]李静.XML递归模式的访问控制[D].河北:燕山大学,2006
    [45]罗鑫.访问控制技术与模型研究[D].北京:北京邮电大学,2009
    [46]徐争前.动态约束支持的访问控制技术研究[D].浙江:浙江大学,2005
    [47]陈珂.开放式环境下敏感数据安全的关键技术研究[D].浙江:浙江大学,2007
    [48]张健.工作流安全和访问控制若干问题研究[D].吉林:吉林大学,2008
    [49]王杜娟.电子政务中的组织与访问控制体系研究与实现[D].辽宁:大连理工大学,2006
    [50]韩伟力.分布式环境下的约束访问控制技术研究[D].浙江:浙江大学,2003
    [51]Sandhu R S, Coyne E J, Feinstein H L, et al. Role-based access control models. IEEE Computer,1996, 29(2):38-47.
    [52]李怀明.电子政务系统中基于组织的访问控制模型研究[D].大连:大连理工大学管理与经济学部,2009
    [53]Sandhu R S, Bhamidipati V, Munawer Q.The ARBAC97 model for role-based administration of roles. ACM Transactions on Information and Systems Security,1999,2.
    [54]S.Oh. Master integrity principle for effective management of role hierarchy[J].Journal of Korea Information Processing Society, Vol.12-C,2005:981-988.
    [55]F.Cuppens and A.Mige, "Modeling contexts in the or-BAC model," in Proceedings of the 19th Applied Computer Security Associates Conference,2003:416-427
    [56]F.Cuppens and A.Mige, "Administration model for or-BAC," in Workshop on Metadata for Security, International Federated Conference,2003:754-768
    [57]SEJONGOH, CHANGWOOBYUN, SEOG PARK. An Organizational Structure-Based Administration Model for Decentralized Access Control [J]. Journal of Information Science and Engineering,2006, 22:1465-1483
    [58]Hung P C K, Karlapalem K. A secure workflow model. Australian Computer Society, Inc. Darlinghurst, Australia,2003:33-41.
    [59]Wainer J, Kumary A, Barthelmessz P.DW-RBAC:A formal security model of delegation and revocation in workflow systems, Information Systems,2007,32(3):365-384.
    [60]陈西海.企业信息集成中电子文档安全管理技术的研究[D].河北:华北电力大学,2006
    [61]马亚南,标准化系统中电子文档的安全存储技术研究[D].山东:山东大学,2009
    [62]Workflow Management Coalition. Workflow management coalition common object model. Technical Report, WfMC-TC-1022, Winehester:Workflow Management Coalition,1998.
    [63]Mohan C. Recent trends in workflow management products, standards, and research. The Journal of Systems and Software,2003,64(5):156-162.
    [64]Alonso G, Agrawal D, Abbadi E A, et al. Functionality and limitations of current workflow management systems[J]. Electronic Commerce Research and Applications,2003,6:24-33.
    [65]Jaehong park, Rvai sandhu. Originator Control in Usage Control.3rd International Workshop on Policies for Distributed Systems and Networks (Policy02).June 05-072002.
    [66]Jaehong Park, Ravi Sandhu "Towards Usage Control Models:Beyond Traditional Access Control", SACMAT02, June 3-4,2002, Monterey, California, USA, ACM.
    [67]Jaehong Park, Xinwen Zhang, Ravi Snadhu. Arrtibute mutability in usage control. In Proceedings of the Proceedings of 18th Annual IFIP WG 11.3 Working Conference on Data and Applications Security. 2004.
    [68]Carl Adam Petri. Kommunikation mit Automaten, PhD thesis. Bonn:Institut fuer Instru-mentelle Mathematik,1962.
    [69]Wang Lisong, Qin Xiaolin, Ding Qiulin. Modeling Access Control Resource Based on Process Algebra[J]. International Journal of Computer Science & Network Security, Vol.10, No.3, March 2010
    [70]Jaehong Park, Ravi Sandhu. The UCONABC Usage Control Model[J]. ACM Transactions and System Security, Vol.7 No.1, February 2004, Pages:128-174.
    [71]Xinwen Zhang, Ravi Sandhu, Jaehong Park. Formal Model and Policy Specification of Usage Control[J].ACM Transactions on Information and System Security, Vol.8, No.4, November 2005, Pages 351-387.
    [72]Insup Lee, Anna Philippou, Oleg Sokolsky. Resources in process algebra[J]. The Journal of Logic and Algebraic Programming 72 (2007) 98-122
    [73]David Pym, Chris Toftsa. Systems Modeling via Resources and Processes:Philosophy, Calculus, Semantics, and Logic [J]. Electronic Notes in Theoretical Computer Science, Volume 172,1 April 2007, Pages 545-587.
    [74]彭华熹.一种基于身份的多信任域认证模型[J].计算机学报,2006,29(8):1271-1281.
    [75]钟勇,秦小麟.基于高可信体系安全锁协议算法研究[J].南京航空航天大学学报,2004,36(4):528-532.
    [76]何鸿君,曹四化,罗莉冯,涛潘莉,邹之霁.显式授权机制及对应的可信安全计算机[J].计算机学报,2006,29(8):1318-1328.
    [77]胡程瑜,李大兴.带时间约束和角色控制的工作流系统授权模型[J].山东大学学报(工学版),2006,36(3):39-42.
    [78]李怀明,高国伟,王延章.电子政务综合服务门户应用研究[J].计算机应用研究,2005,22(10):77-79.
    [79]刘强,陈新度,邓光利.复杂资源的小粒度分级授权机制的研究[J].计算机工程,2005,31(13):81-83.
    [80]周彬,刘连忠.多维授权对象RBAC模型的设计与实现[J].兰州理工大学学报,2005,31(2):77-80.
    [81]赵庆松,孙五芳,孙波.基于系统先决条件的授权模型研究[J].计算机研究与发展,2003,40(3):406-411.
    [82]Joon S Park, Ravi S Sandhu, SreeLatha Ghanta. RBAC on the Web by Secure Cookies. International Federation for Information Processing the 13th Intenational Conference Database Security, Deventer, Washington,1999.
    [83]Matthew Collinson and David Pym. Algebra and logic for access control. Technical Reports, HP Laboratories HPL-2008-75R1,2008.
    [84]Matthew Collinson and David Pym. Algebra and logic for access control. Formal Aspects of Computing (2010) 22:83-104
    [85]Matthew Hennessy, Manish Gaur. Counting the Cost in the Picalculus (Extended Abstract).Electronic Notes in Theoretical Computer Science, Volume 229, Issue 3,22 July 2009, Pages:117-129.
    [86]黄勤,高东群,刘益良.工作流系统中基于任务状态的转授权模型[J].计算机技术与发展,2011,21(2):34—38
    [87]魏永合,王成恩,马明旭.工作流系统中的委托授权机制研究[J].计算机集成制造系统,2009,15(1):160-165.
    [88]马甜.基于角色的动态转授权模型的研究及应用[D].辽宁:大连理工大学,2006
    [89]刘涌.我国电子政务发展的问题与完善措施[J].学术交流,2007,10:38-41
    [90]道炜,汤庸.基于时限的角色授权委托模型[J].计算机集成制造系统,2008,14(8):1533-1538.
    [91]E Barka, R Sandhu. Framework for Role-based delegation models. The 16th Annual Computer Security Applications Conf, New Orleans, Louisiana,2000
    [92]C. Goh and A. Baldwin, Towards a more Complete Model of Role, Proc. of 3rd ACM Workshop on Role-Based Access Control. October,1998.
    [93]E. Barka and R. Sandhu, A Role-Based Delegation Model and Some Extensions, Proc. of 23rd National Information Systems Security Conference, Dec,2000.
    [94]L. Zhang, G. Ahn, and B. Chu, A rule-based Framework for Role-Based Delegation, ACM Transactions on Information and Systems Security, Vol 6, No.3, August 2003, Pages 404-4.
    [95]钟华,冯玉琳,姜洪安.扩充角色层次关系模型及其应用[J].软件学报,2000,11(6):779-784.
    [96]王小明,赵宗涛,冯德民.一种动态角色委托代理授权模型[J].计算机科学,2002,29(2):66-68.
    [97]赵庆松,孙玉芳,孙波RPRDM基于重复和部分角色的转授权模型[J].计算机研究与发展,2003,40(2):221—227.
    [98]孙波,赵庆松,孙玉芳TRDM-具有时限的基于角色的转授权模型[J].计算机研究与发展,2004,41(7):1104—1109.
    [99]李黎,王小明,张黎明ARDM-基于代理的角色代理模型[J].计算机应用研究,2005,22(11):106—109.
    [100]付争方,王小明,刘丁,张宏琳.一种新的复杂信息系统访问控制模型[J].计算机应用研究,2007,24(8):42-47.
    [101]李黎,王小明,张黎明.一种具有自我管理能力的授权代理模型[J].计算机工程,2005,31(23):132-140
    [102]徐震,李斓,冯登国.基于角色的受限委托模型[J].软件学报,2005,16(5):970-978.
    [103]张志勇,普杰信.一种扩展的委托授权模型及其面向对象的建模[J].计算机应用与软件,2005,22(9):30-32.
    [104]翟征德.基于量化角色的可控委托模型[J].计算机学报,2006,29(8):1401—1407.
    [105]张少敏,王保义,周利华.一种具有时间约束的基于角色的授权管理模型[J].武汉大学学报,2006,52(5):578-581.
    [106]杨帅.电子政务中面向组织协作的访问控制模型研究[D].大连:大连理工大学管理与经济学部,2010.
    [107]张鹏,王延章.电子政务环境下组织管理模型研究[J].辽宁师范大学学报(社会科学版),2007,30(1):15-18
    [108]唐建湘.湖南国税IT服务管理机制创新研究[D].湖南:中南大学,2008
    [109]唐方成,马骏,席酉民.和谐管理的祸合机制及其复杂性的涌现[J].系统工程理论与实践,2004,11:68-79
    [110]杨冰之.协同政务:中国电子政务的趋势与实现之道-电子政务的突出问题与解决思路系列谈之四[J].信息化建设,2005(6):22-23.
    [111]汪玉凯.中国电子政务的发展展望[J].中国信息界,2010(4):4-8.
    [112]王艳,谷峻战.国外电子政府发展概况及启示.国家行政学院学报,2002.(:5)71—76.
    [113]叶鑫.基于角色网络理论的行政审批系统模型及应用研究[D].大连:大连理工大学管理与经济学部,2005
    [114]牛光新面向政务流程分析的角色网络模型研究[D].大连:大连理工大学管理与经济学部,2008
    [115]盛辉,成良斌.我国电子政务发展的现状分析.科技管理研究,2004,(5)18-25
    [116]冯甜甜.加快整合,提升服务一我国电子政务未来发展趋势探讨.中南民族大学学报,2005,Sl:34-35
    [117]党秀云,张晓.电子政务的发展阶段研究.中国行政管理,2003,(1):21-23.
    []18]王一冰.政府办公自动化系统开发平台的设计与实现[D].大连:大连理工大学,2005.
    [119]黄如芬.电子政务建设中的有关技术问题探讨[J].漳州师范学院学报(自然科学版),2003,16(1):39-41.
    [120]陈波,王烷尘.电子政务系统经络模式[J].科技与管理,2002(3):124—126.
    [121]刘倩婧.事业单位岗位设置问题及实践研究[D].北京:中央民族大学,2010.
    [122]薛福任.辛华.工作流技术在电子政务领域中的应用.北京理工大学学报,2004,24(8):705-707
    [123]刘树信.服务型政府:我国政府管理的新范式.国家行政学院学报,2005,(1):35-36
    [124]韩庆军.智能文档:电子行政审批新的技术支撑.信息化建设,2004,(7):36-37
    [125]张国庆.行政管理学概论.北京.北京大学出版社,2000.
    [126]顾佳敏.电子政务与网上工商.北京:机械工业出版社,2002,7
    [127]苏新宁,吴鹏,朱晓峰,阂东.电子政务技术[M]北京:国防工业出版社,2003.
    [128]张建,胡克瑾.基于协作体的电子政务协同工作模型研究[J].同济大学学报(自然科学版),2005,33(10).1380—1384
    [129]Li chengkai, ZhanYongzhao, MaoBingXieLi. A Role-Based Access Control Model for CSCW Systems[J]. Journal of Software,2000, 11(7):931-937.
    [130]徐晓林.电子政务导论[M].武汉:武汉出版社,2002.
    [131]姚国章.电子政务基础用与应用[M].北京:北京大学出版社,2003.
    [132]B·盖伊·彼得斯.政府未来的治理模式[M].北京:中国人民大学出版社,2001
    [133]孙健,马均培,陈光伟.分布式信息共享平台框架体系和关键技术研究[J].计算机集成制造系统,2004,10(8):991-996.
    [134]陈振明.公共管理学原理[M].北京:中国人民大学出版社,2003.
    [135]拉塞尔·M·休登.无缝隙政府:公共部门再造指南[M].北京:中国人民大学出版社,2002.
    [136]周颖洁,张长立.试析西方组织理论演变的历史逻辑[J].现代管理科学,2007(5):68-69
    [137]韩平.行政组织内部冲突的和谐管理:(硕士学位论文).苏州:苏州大学,2006.
    [138]J. B. D. Joshi, A. Ghafoor, W. Aref, E. H. Spafford. Digital Government Security Infrastructure Design Challenges. IEEE Computer, Vol.34, No.2, February 2001, pages 66-72.
    [139]刘家真.电子文件管理理论与实践[M].北京:科学出版社,2003.
    [140]周庆行.行政信息管理学[M].重庆.重庆大学出版社,2003
    [141]戚鲁.电子政务环境下政府组织管理研究与实践[D].南京:南京理工大学,2004.
    [142]谢庆奎,燕继荣,赵成根.中国政府体制分析.北京:华夏出版社,1994,78
    [143]彭和平.公共行政管理.第一版.北京:中国人民大学出版社,1998,60
    [144]袁振华.电子政务.北京:致公出版社,2001,771
    [145]张辉.组织结构、行政权力与利益关系研究-县级行政决策的实证研究[D].上海:复旦大学,2005
    [146]谢庆奎.中国地方政府体制概论.第一版.北京:中国广播电视出版社,1998,14
    [147]王众托.系统工程引论[M].北京:电子工业出版社,1991.
    [148]赵国强.组织中权力及授权的资源配置理论[J].现代管理科学,2009(9):51-53.
    [149]黄福玉.面向组织记忆的岗位知识管理系统研究[M].哈尔滨:哈尔滨工业大学,2007
    [150]魏娜,吴爱明.当代中国政府与行政[M].北京:中国人民大学出版社,1999.
    [151]J. B. D. Joshi, E. Bertino, and A. Ghafoor, Temporal hierarchies and inheritance semantics for GTRBAC, In Proceedings of the 7th ACM symposium on Access control models and technologies, ACM Press, New York, NY, USA,74-83.
    [152]R.W.C. Lui and L.C.K. Hui, a Model for Delegation of Accountability, IASTED International Conference on Software Engineering, SE 2004
    [153]R. K. Thomas. Team Based Access Control (TBAC):A Primitive for Applying Role-based Access Controls in Collaborative Environments. ACM Proceedings of the second ACM workshop on Role-based access control, Fairfax, Nov,1997.
    [154]J. B. D. Joshi, E. Bertino, U. Latif, and A. Ghafoor. Generalized Temporal Role Based Access Control Model [J]. IEEE Transactions on Knowledge and Data Engineering, Volume 7, Issue 1, Jan.2005.
    [155]J. Crampton and H. Khambhammettu. Delegation in role-based access control. In Proceedings of the Computer Security-ESORICS 2006,11th European Symposium on Research in Computer Security, Hamburg, Germany, September 18-20,2006, Lecture Notes in Computer Science, pages 174-191. Springer, 2006.
    [156]赵雷.域数据模型的研究与实现[D].江苏:苏州大学,2006
    [157]张苏;张晓艳;王芳.访问控制技术应用研究[J].电脑知识与技术,2008,8(4):2301—2304
    [158]张苏.面向Web应用集成的访问控制模型设计与应用(硕士学位论文).苏州:苏州大学,2005
    [159]J. Wainer, A. Kumar, A Fine-grained, Controllable, User-to-user Delegation Method in RBAC, ACM Symposium on Access Control Models and Technologies, Sweden, Jun 1-3,2005.
    [160]A. Schaad. A Framework for Organizational Control Principles. PhD thesis, The University of York, York, England,2003.
    [161]李怀明,马甜,王延章.基于角色的动态转授权模型的研究与实现[J].计算机集成制造系统,2007,11(13):2115-2120.
    [162]L.A. Wolsey, Integer Programming. New York:John Wiley,1998.
    [163]B. Shafiq, J. B. D. Joshi, E. Bertino, A. Ghafoor, Secure Interoperation in a Multi-Domain Environment Employing RBAC Policies[J], IEEE Transactions on Knowledge and Data Engineering,2005, 17(11):1557-1577.
    [164]S.L. Osborn, R. Sandhu, and Q. Munawer, "Configuring Role-Based Access Control to Enforce Mandatory and DiscretionaryAccess Control Policies," ACM Trans. Information and System Security, vol. 3, no.2, pp.85-106, Feb.2000.
    [165]李立新,陈伟民,黄尚廉.强制访问控制在基于角色的安全系统中的实现[J].软件学报,2000,11(10):1320—1324.
    [166]唐寅.基于授权的主动网络安全防护技术研究[D]成都:电子科技大学,2003
    [167]余杰,李舟军,陈火旺.自由访问控制的安全性:研究综述[J].计算机科学,2007,34(S):275—277
    [168]R. Pottinger and P.A. Bernstein, Merging Models Based on GivenCorrespondences, Proc. Very Large Data Bases Conf.,826-873,2003.

© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号

地址:北京市海淀区学院路29号 邮编:100083

电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700