XML論文：XML數(shù)據(jù)庫的擴展RBAC模型構(gòu)建

1、xml論文：xml數(shù)據(jù)庫的擴展rbac模型構(gòu)建【中文摘要】隨著internet突飛猛進地發(fā)展，基于互聯(lián)網(wǎng)的應用 越來越深入，而xml無論是作為標記語言還是被作為存儲結(jié)構(gòu)的數(shù)據(jù) 庫都隨著internet上的各種應用增多而被越來越廣泛的應用。為了 解決xml作為信息載體的廣泛應用帶來的安全問題的安全服務模型 安全訪問控制模型，已成為現(xiàn)在人們研究的焦點。本課題將以傳 統(tǒng)的基于xml文檔rbac（基于角色的訪問控制）模型作為文章研究的 出發(fā)點，從而提出了基于xml文檔數(shù)據(jù)庫的擴展rbac模型。該模型使 用了 schema語言來定義了 xml數(shù)據(jù)庫文檔結(jié)構(gòu)，針對xml文檔的特性, 在分析基于xml的rb

2、ac模型存在角色授權(quán)過于龐大和約束機制不完 善的問題棊礎上，對其進行有效的改造和擴展,提出了一種新的基于 xml文檔的擴展rbac模型。文章分析了傳統(tǒng)的rbac模型存在的問題， 并在此基礎上針對這些問題提出了解決方案基于xml文檔的擴 展rbac模型,并對新的擴展rbac模型進行完整的定義和詳細的說明。 論文中還結(jié)合了實例模型集中從基于xml文檔的擴展rbac模型的系 統(tǒng)實現(xiàn)及其系統(tǒng)實現(xiàn)所需的主要技術支持進行考慮，針對基于xml文 檔的擴展rbac模型的設計，結(jié)合一個簡化的企業(yè)內(nèi)部人員管理信息 系統(tǒng)為訪問控制模型的應用環(huán)境,進行更為直觀和深入的描述并具體 展示了在基于xml文檔的數(shù)據(jù)庫中，實現(xiàn)

3、擴展的rbac系統(tǒng)所使用的關 鍵性技術。本論文首先對訪問控制模型中的客體按照其屬性進行抽象 歸類，再將權(quán)限配置給一類客體，模型屮的主體對客體的訪問權(quán)限，是 由主體對應的角色和訪問域共同來確定,這樣極大地減少了角色和權(quán) 限的定義數(shù)量。其次文章采用的是職責關系隔離(separation of duties)規(guī)則來解決系統(tǒng)中角色間存在的利益沖突，以避免用戶權(quán)限 過大或者用戶越位越權(quán)等現(xiàn)象出現(xiàn)，而影響系統(tǒng)的安全性能。文章還 將使用schematron(基于規(guī)則的xml模式語言)來對約束規(guī)則進行形 式化描述?；趚ml文檔的擴展rbac模型能夠符合xml文檔細粒度 的訪問控制需求，該模型結(jié)構(gòu)簡潔靈活且比

4、較容易實現(xiàn)?！居⑽恼縲ith the rapid development of internet, more and more in-depth internet-based applications, and xml is either as a markup language, or it is used as the stored structure of the databases on a variety of applications as the in ternet has bee n growing more and more widely used xml as an i

5、nformation carrier in order to solve the security problems caused by widely used security services model - secure access control model, has become the focus of research is now this paper takes the traditional role-based access control (rbac) model as the starting point of the study, and puts forward

6、 the extended rbac model that based on the xml document database.this model uses the schema language to define the document structure of the xml database, according to the characteristics of the xml document, on the problem that the role model authorized redundantly and the constraint mechanismperfo

7、rmed imperfectly of the rbac model that based on xml, we put forward a new extended rbac model that based on xml documents which is effective and expansive this paper analyzes existing problems of the traditional rbac model, and on this basis puts forward the solution of these problems-the extended

8、rbac model that based on the xml documents, and completely defines and details to the new extended rbac mode 1. the paper combincs instance model and focus from the implementation of system and needed technical supports for the extended rbac model that based on the xml documents to consider, and dir

9、ects at the design of the extended rbac model that based on the xml documents, combines the technical support for the main consideration for the extension of rbac-bascd xml document model design, and combined with a simplified internal staff management information system as the application environme

10、nt to access control model to describe which more intuitive and in-depth, and definite shows that achieved the key technologies for the extended rbac system on the database that based on the xml documents. firstly, in this paper, we classify the object of the access control model abstractly accordin

11、g to their attributes,then assign the permissions to a class of objects.the access permission of the subject to the object inthe model is decided by the corresponding roles and access domain of the subject,this way can greatly reduce the number of the roles and permissions definitions secondly, this

12、 paper adopts the rules of separation of duties to solve the roles' interest conflict in the system, in order to avoid the phenomenon that the users have excessive permissions or the users beyond their authorities which affects the security performance of the system in addition, this paper also

13、uses the schematron(the xml schema language based on rules) to describe the constraint rules formal1y. the extended rbac model that based on xml document can satisfy the fine-grained access control requirements of the xml document .this model? s structure is simple and flexible, and it' s easy t

14、o be realized【關鍵詞】xml rbac公共訪問域 特定訪問域 約束規(guī)則【英文關鍵詞】xmlrbacpadsadconstrained rules【目錄】xml數(shù)據(jù)庫的擴展rbac模型構(gòu)建摘要8-9 abstract 910 第 1 章 緒論 11t71 1 課題提出的背景及研究意義11t21.2國內(nèi)外研究現(xiàn)狀12-151.2. 1國外研究現(xiàn)狀12-141.2.2國內(nèi)研究現(xiàn)狀14-1513論文研究內(nèi)容1514論文結(jié)構(gòu)15-16本章小結(jié)16-17 第2章xml數(shù)據(jù)庫結(jié)構(gòu)特點17-282. 1 xml 簡介 17-192. 2 xml 與 html 比較19-212. 3 xml數(shù)據(jù)庫

15、與關系數(shù)據(jù)庫比較21-222. 4 xml文檔定義規(guī)則 22-252. 5 xml存在的隱患 25-262. 6 xml安全問題的解決方案26-27本章小結(jié)27-28 第3章訪問控制模型概述28-363.1訪問控制定義28-293.2訪問控制技術29-323.2. 1自主訪問控制dac 293. 2.2強制訪問控制mac 29-303.2.3基于角色的訪問控制rbac 30-323. 3 rbac96 模型 32-353. 3. 1 rbac0 模型333. 3. 2 rbac1 模型 33-343. 3. 3 rbac2 模型34-353. 3. 4 rbac3 模型 35本章小結(jié) 35-36 第 4章 基于xml文檔的擴展rbac模型36-474. 1基于xml文檔的rbac模型36-384. 2基于xml文檔的rbac模型屮存在的問題38- 394. 2. 1角色授權(quán)過于龐大38-394. 2. 2約束策略不完善394. 3基于xml文檔的擴展rbac模型39- 464. 3. 1約束條件定義 43-444. 3. 2實例44-46 木章小結(jié)46-47 第5章 模型框架及設計47- 615.1模型框架47-485. 2模型系統(tǒng)實現(xiàn)48- 495. 3模型的模式定義49-535. 4模型中xml數(shù)據(jù)的描述53-565. 5訪問模型的具體實現(xiàn)56-5