摘要
访问控制是一种重要的信息安全技术,基于角色的访问控制(RBAC)模型因其灵活性和相对易维护性而被广为接受和应用。介绍了基于角色的访问控制,然后以基于角色的访问控制理论为基础,结合B/S应用模式的特点,通过控制应用系统各个Web页面对于不同用户角色的可见性,设计和实现了基于角色-页面的访问控制(RPBAC)模型,并给出了部分关键的实现源代码。实践结果表明,该模型满足了对不同用户访问控制的需求,具有安全性好、灵活性高、便于管理等特点。
Access control is an important information security technology. The role-based access control (RBAC) model is accepted and applied abroad because its flexibility and easy maintenance. The role-based access control strategy is introduced, then based on role- based access control theory, and combining the characteristics of the B/S application mode, by controlling web pages of application system availability to different roles, a role-page-based access control (RPBAC) model is designed and implementation, and the key source codes of implementation are given. The practices show that the model meets the demands of access control, possessing the merits of good security, high flexible and easy to management.
出处
《计算机工程与设计》
CSCD
北大核心
2008年第9期2219-2221,共3页
Computer Engineering and Design
基金
国家自然科学基金项目(60503008)
陕西师范大学校级重点基金项目(2004995221)
甘肃工业职业技术学院教科研基金项目(GZY2007-3)