扩展RBAC模型在WEB应用中的研究与实现-计算机应用技术专业毕业论文.docxVIP

摘要摘要：随着Internet的普及应用，人们对网络安全的需求日益增加，访问控制是 摘要 摘要：随着Internet的普及应用，人们对网络安全的需求日益增加，访问控制是 防止非授权访问的一种重要的网络安全手段。访问控制在身份认证的基础上，依 据授权对提出的资源访问请求加以控制。通过访问控制，既可以限制对关键资源 的访问，也能够防止非法用户的入侵或合法用户的不慎操作所造成的破坏。 本文在比较分析访问控制三种主流技术——自主访问控制、强制访问控制、 基于角色的访问控制的基础上，着重研究了基于角色访问控制的几种主要模型。 据此提出本文的重点——引入了分组、时间的概念，扩充基于角色访问控制模型， 称之为扩展RBAC模型，引入分组的目的是为了授权的清晰和简化，引入时间的目 的是使系统更加安全有效。然后对该模型的具体实现和关键内容做出了阐述，详 细给出了关键类的说明和数据结构描述，以及该模型基于WEB模式的身份验证和 加密方式。最后以教学平台系统为例，具体阐述了基于角色的安全访问控制方案 的实现，论证了设计方案在教学平台系统中的可行性。 关键词：访问控制：基于角色的访问控制；RBAC模型；扩展RBAC模型；身份验证； 权限控制子系统 分类号： AB AB STRACT ABSTRACT： With the development of Intemet application，the demands for security of network keep increasing．Access control is one of the important techniques to avoid unauthorized accesses．Access control Can limit the user tO access the resource with his／her owns permission．It bases on Authentication．With access control service，illegal approach is critical resource and damage caused by illegal user’S intrusions restricted from or legal inappropriate operations is reduced． First，the thesis compares and analyzes the advantages and disadvantages of the three main technologies of access control which are DAC，MAC and RBAC．Secondly, the thesis specializes in the several main models of role—based access contr01．Thirdly, the thesis puts forward a textual point--introduces the concepts of group and time to expand the RBAC model which we called an Expand Model of RBAC．To make the authorization clear and concise，we introduce the concept of group，while to make the system more safely and effectively,we introduce the concept of time．In the thesis，we elaborate on realization and key contents of the model；give in detail description of database and key class．Identification and encrypt also are given for this Expanded Model of RBAC in the thesis．Finally,to explain how tO realize this system based on RBAC，we implement the given model in SiYuan Teaching Platform System．The result shows that the given model is feasible． KEYWORDS：Access Control；Role-Based Access