电力市场运营系统中的安全访问控制

Study on Security Access Control in Electricity Market Operation System

电力市场覆盖范围广,市场成员分散,交易中心与市场成员之间需要交换大量市场私有信息。市场中用户类型众多,访问权限各不相同,并且受市场规则变动的影响。电力市场的信息保密性、用户多样性和访问权限多变性,要求支持市场运行的电力市场运营系统必须具备严格而且灵活的安全访问控制机制。为此,文中描述了硬件层、系统软件层和应用软件层相协调的安全访问控制的整体结构,设计了基于Java 2平台企业版(J2EE)架构的内嵌访问控制、动态代理和控制中心 3种应用层用户访问控制方案。对各方案的对比分析表明,控制中心方式安全性高,配置灵活,能够将权限管理与应用开发彻底分离,使应用开发人员专注于业务逻辑实现,以快速响应市场交易模式和访问逻辑的变化。基于该控制方式的区域电力市场运营系统已经投入现场运行。

A great deal of private data will be exchanged between market system operator and market participants in the running electricity market, in which lots of market participants scatter. The characteristics of private data exchange, varieties of user types, access authorization and authentication variation with market rules in electricity market demand flexibility and rigidity of security access control in electricity market operation system, which supports the operation of electricity market. In order to surmount the difficult, a general security access control solution is presented in this paper, that is the integration of hardware layer, system software layer and application software layer security access control. And three types of application layer security access control solutions based on J2EE software infrastructure are also introduced, which include J2EE intrinsic security access control, dynamic proxy and control center. Through the analysis of the presented solutions by contrast, the control center security access control solution is selected for its excellent security and flexibility. Application suggests that control center security access control solution could separate authorization and authentication from application development, enable application developers devote their mind to business logic implementation and response to the variation demands of market rule and access logic quickly.