摘要
为实现智能排考系统的有效访问控制,首先对排考过程中存在的问题进行了分析,针对排考系统用户多、数据量大、访问时间过于集中的特点,对其安全性问题进行了深入研究,然后将基于角色的访问控制(RBAC)方法应用于系统的访问控制;其次,对RBAC模型进行了扩展,并增加义务和奖罚两个元素,将RBAC模型的访问控制力度细化了访问对象的具体操作的控制.同时,对访问控制流程进行了阐述.通过应用结果表明:扩展后的角色访问控制方法,能有效保证整个系统数据库中所有数据的安全性和完整性,而且,在网络环境下有效保证了多用户的并发操作,提高了数据库的访问效率.
To realize effective access control of the intelligent exam-arrangement system, first, the existing prob- lems in the exam-arrangement process were analyzed. Then, aiming at the characteristics that are multi-user, great number of data, and too concentrated access time, the security issues of the system was deeply studied, and role-based access control (RBAC) method was applied to access control of the system. Second, the RBAC model was extended, two elements both the obligations and reward & punishment were added into the model, and access control degree of the RBAC model was further refined to the control of the specific operation of access object. Meanwhile, the access control process was described. As verified by system function test, the results show that the extended role-based access control method can effectively ensure the security and integrity of all data in the system database. Furthermore, this method can ensure multi-user concurrent operation in the net- work environment, and improve the efficiency of database access.
出处
《西安工程大学学报》
CAS
2013年第5期660-666,674,共8页
Journal of Xi’an Polytechnic University
基金
中国纺织工业协会教育教学项目(2011FZJG16)
陕西省普通本科高等学校教学改革研究项目(11BY40)
西安工程大学教育教学改革项目(2010JG64)
西安工程大学哲学社会科学研究项目(2012ZXSK22)
关键词
角色访问控制
智能排考
高校
RBAC
role-based access control
intelligent exam-arrangement
university
RBAC