数字图书馆系统中访问控制技术的研究
|
摘要
随着现代信息技术的快速发展,需要存储和传播的信息量越来越大,信息的种类和形式越来越丰富,以书刊资料为主要收藏载体的传统图书馆显然不能满足这些需要,难以适应数字时代的要求,数字图书馆因势而生。数字图书馆是一个电子化信息的仓储,能够存储大量各种形式的信息,用户可以通过网络方便地访问它,以获得有用信息,并且其信息存储和用户访问不受地域限制。数字图书馆是数字化、网络化的产物,是评价一个国家信息基础建设水平的重要标志,是社会信息化建设的重要组成部分,也是促进知识经济发展的重要动力。数字图书馆的出现给图书馆事业的发展带来新的契机,必将成为21世纪图书馆事业发展的主旋律。
在数字图书馆系统建设的过程中,安全访问是一个需要重点研究的问题,安全访问建设的好坏将大大影响数字图书馆的发展进程。本文分析研究了传统访问控制技术中存在的一些弊端,通过在基于角色的访问控制RBAC策略基础上,进一步改进、完善,建立了一个权限访问控制的新模型:基于资源类的RBAC模型。该模型提出了“资源类”和“独立权限逻辑”两个新概念。通过对被访资源的归类以期减少系统管理员的繁重工作量;“独立权限逻辑”是使访问权限表由两个独立的实体表关联生成,从而避免了权限的更改对整个系统结构的影响。
本文内容共分六个部分:第1章是论文的绪论部分;第2章介绍了数字图书馆的概念、功能模块、系统组成和面临的关键技术;第3章分析了传统访问控制技术和RBAC模型;第4章提出了基于资源类的RBAC新模型;第5章是对新模型的分析和设计;第6章总结了本文的工作并给出了进一步的工作方向。
With the rapid development of information technology nowadays, more and more information needs to be saved and spread, at the same time, the information category and modality increase so much, obviously, traditional library which depends on books and periodicals can not satisfy requirements in Digital Times. Based on such background, digital library is born. Digital library is an electronic information data store, it can storage plenty of information with different format. Users can access it through network to get useful information, and it doesn't have location limitation in information storage and user accessing. Digital library is the production of digitizing and network, it is one of main standards to evaluate country's information infrastructure level, and it is an important section of society information construction, also it is the vital motivity to push knowledge economical developing. The appearance of digital library will bring new chance of library developing, it must play the main role in 21 century.
During the digital library system building up, how to assurance the security of accessing should be especially considered. Because this will affect digital library developing progress. This article analyzes disadvantages in traditional accessing control technologies, and builds up a new module based on improving RBAC strategy, it is called RBAC based resource classes. This module mentions two new conceptions: Resource Classes and Independent Permission Logic. To assort resource classes can reduce workload of system administrator. The accessing permission table will use association between two independent entity tables, so Independent Permission Logic can avoid the system effects when accessing permission changed.
There are six chapters in this article. Chapter 1 is the summary of article. Chapter 2 introduces the basic conceptions of digital library, functional modules, system constructure and key technologies. Chapter 3 analyzes traditional accessing control technology and RBAC module. Chapter 4 mentions new RBAC module based on resource classes. Chapter 5 is the analysis and implementation of new module. Chapter 6 summarizes all efforts and brings readers to a further research direction.
在数字图书馆系统建设的过程中,安全访问是一个需要重点研究的问题,安全访问建设的好坏将大大影响数字图书馆的发展进程。本文分析研究了传统访问控制技术中存在的一些弊端,通过在基于角色的访问控制RBAC策略基础上,进一步改进、完善,建立了一个权限访问控制的新模型:基于资源类的RBAC模型。该模型提出了“资源类”和“独立权限逻辑”两个新概念。通过对被访资源的归类以期减少系统管理员的繁重工作量;“独立权限逻辑”是使访问权限表由两个独立的实体表关联生成,从而避免了权限的更改对整个系统结构的影响。
本文内容共分六个部分:第1章是论文的绪论部分;第2章介绍了数字图书馆的概念、功能模块、系统组成和面临的关键技术;第3章分析了传统访问控制技术和RBAC模型;第4章提出了基于资源类的RBAC新模型;第5章是对新模型的分析和设计;第6章总结了本文的工作并给出了进一步的工作方向。
With the rapid development of information technology nowadays, more and more information needs to be saved and spread, at the same time, the information category and modality increase so much, obviously, traditional library which depends on books and periodicals can not satisfy requirements in Digital Times. Based on such background, digital library is born. Digital library is an electronic information data store, it can storage plenty of information with different format. Users can access it through network to get useful information, and it doesn't have location limitation in information storage and user accessing. Digital library is the production of digitizing and network, it is one of main standards to evaluate country's information infrastructure level, and it is an important section of society information construction, also it is the vital motivity to push knowledge economical developing. The appearance of digital library will bring new chance of library developing, it must play the main role in 21 century.
During the digital library system building up, how to assurance the security of accessing should be especially considered. Because this will affect digital library developing progress. This article analyzes disadvantages in traditional accessing control technologies, and builds up a new module based on improving RBAC strategy, it is called RBAC based resource classes. This module mentions two new conceptions: Resource Classes and Independent Permission Logic. To assort resource classes can reduce workload of system administrator. The accessing permission table will use association between two independent entity tables, so Independent Permission Logic can avoid the system effects when accessing permission changed.
There are six chapters in this article. Chapter 1 is the summary of article. Chapter 2 introduces the basic conceptions of digital library, functional modules, system constructure and key technologies. Chapter 3 analyzes traditional accessing control technology and RBAC module. Chapter 4 mentions new RBAC module based on resource classes. Chapter 5 is the analysis and implementation of new module. Chapter 6 summarizes all efforts and brings readers to a further research direction.
引文
[1] 毛垣生.数字图书馆建设与发展.北京:中国市场出版社,2006
[2] 张永忠,张义兰,张敏等.数字图书馆操作与实务.上海:复旦大学出版社,2005
[3] 王忠华,周勇.数字图书馆.北京:北京邮电大学,2000
[4] 郭彦琦.数字图书馆工程中数字产品的版权保护和访问权限控制的研究和实现:(硕士学位论文).上海:上海海事大学,2004
[5] 张荣博,李胜宇,李席广等.基于角色访问控制的研究与应用.沈阳航空工业学院学报,2007,24(1):41-43
[6] http://www.lunwennet.com/thesis/2005/7076.html
[7] http://www.chinafirestone.net/communication.htm
[8] http://www.cbinews.com/solution/news/1717.html
[9] 胡云琴,陆光宇,李卉.网格安全访问控制方案设计.舰船电子工程,2007,27(2):91-94
[10] http://www.ahcit.com/lanmuyd.asp?id=1207
[11] SNDHU S, COYNE E J, FEINSTEIN H L, et al. Role-based access control models[J].IEEE Computer, 1996,29(2):38-47
[12] 杨庚,沈剑刚,容淳铭.基于角色的访问控制理论研究.南京邮电大学学报(自然科学版),2006,26(3):1-8
[13] 陈明忠.基于角色访问控制模型的应用研究.电脑与电信,2007,21(5)
[14] 张路桥,赵军,何林波.基于角色的访问控制综述.计算机与信息技术,2007,10
[15] 石稀林,方勇,张野等.分布式环境下的一种基于角色的访问控制模型.四川大学学报(自然科学版),2007,44(2):303-306
[16] 张野,方勇,吕伟等.一种基于对象组的RBAC权限模型.信息与电子工程,2007,5(2):138-141
[17] 吴春雷,张学辉.一种基于RBAC扩展模型的Web系统权限控制方法.科学技术与工程,2007,7(11):2672-2676
[18] http://202.116.65.193/2007jpkc/sztsg/7_1_12.htm
[19] 王晶,马斌荣.基于网络的多用户管理信息系统中访问控制模型的研究.北京生物医学工程,2007,26(2):132-135
[20] http://www.mmit.stc.sh.cn/bitlibrary/
[21] 田丰,孙辉.基于角色的访问控制技术在国防科技信息青年权管理中的应用.现代图书情报技术,2007,2:75-77
[22] 蔡琼,韩洪木,左翠华.RBAC模型的角色层次关系及授权管理研究.计算机工程与科学,2007,29(4):36-37
[23] 叶伟,刘强.IRBAC模型的研究与实现.计算机工程与科学,2006,28(A2)
[24] 胡云琴,陆广宇,李卉.网格安全访问控制方案设计.舰船电子工程,2007,2:91-94
[25] 蒙应杰,张海波,杨西宁等.基于角色授权的Web service访问控制模型.兰州大学学报(自然科学版),2007,43(2):84-88
[26] 覃章荣,王强,欧镔进等.基于角色的权限管理方法的改进与应用.计算机工程与设计,2007,28(6):1282-1284
[27] 刘孝保,杜平安.基于角色的访问控制在多应用层CIMS中的应用.四川大学学报(工程科学版),2007,39(2):140-144
[28] 蔡红霞,俞涛.制造网格中访问控制的研究.计算机集成制造系统,2007,13(4):716-720
[29] 蔡耀华,彭鑫,赵文耘.面向特征的Web服务角色访问控制.计算机工程与科学,2006,28(A2):52-55
[30] 吕锋,苗露,王长亮.基于RBAC策略的网格安全访问控制模型.计算机科学与应用,2007,3:108-110
[31] 刘益和,沈昌祥.基于角色管理的安全模型.计算机应用研究,2007,24(5):119-121
[32] 李学俭,黄晨晖.基于RBAC的访问权限控制的研究.中国科技信息,2007,10
[33] 崔仁杰,马明.基于角色访问控制模型实现.西安文理学院学报(自然科学版),2005,8(4):57-60
[34] 周彬,刘连忠.多维授权对象RBAC模型的设计与实现.兰州理工大学学报,2005,31(2):77-80
[35] 杨义先.网络信息安全与保密.北京:北京邮电学院出版社,2001
[36] 卿斯汉,刘文清,刘海峰.操作系统安全导论.北京:科学出版社,2003
[37] 殷国富,成尔京.UC NX2产品设计实例精解.北京:机械工业出版社,2005
[38] 李黎明 有限元分析实用教程.北京:清华大学出版社,2005
[39] Ferraiolo D, Kuhn R. An Introduction to Role Based Access Control. http://csrc.nist.gov/rbac/
[40] Ferraiolo DF, Kuhn DR, Ramaswamy Chandramouli. Role-Based Access Control. Ieee. Artech House. 2003
[41] Ferraiolo DF, Sandhu R, Guirila S, et al. Proposed NIST Standard for Role-Based Access Control. ACM Transactions on Information and System Security, 2001,4(3):224-274
[42] Ravi S Sandhu, Edward J Coyne,Hal L Feinstein, et al. Role-Based Access Control model. IEEE Computer, 1996,29(2):38-47
[43] Venkata B, Ravi S. Push architectures for user role access signment[C]//James C, Ravi S. 23~(rd) National Information System Security Cobference Baltimore, 2000. California:National Institute of Standards and Technology, National Computer Security Center, 1998:89
[44] H.M. Gladney, J. 1. Bennett. What Do We Mean By Authentic Whant' S the Real McCoy, files. D-lib magazine, 2003,9(7)
[45] C. Brendan, S. Traw. Technical Challenges Of Protecting Digital Entertainment Content. IEEE, 2000,36(7):72-77
[46] K. Klemperer. et al. Digital Libraries:A Selected Resource Guide. Information Technology Ang Use, 1997,16(3):126-131
[47].Hwang JJ, Shao BM, Wang Pc. A New Access Control Method Using Prime Factorization. The Computer Joural, 1992, 35(1):16-20
[48] Beresnevichiene Y. A Role And Context Based Security Model. Cambridge:Wolfson College, University of Cambridge, January 2003
[49] Ahn G J, Sandhu R S. Role-based Authorization Constraints Specification. ACM Trans on Information and System Security, 2000,3(4):207-226
[50] Bonatti P, Vimercati S, Samarati P. An Algebra for Composing Access Control Policies. ACM Trams on Information and System Security, 2002,5(1):1-35
[2] 张永忠,张义兰,张敏等.数字图书馆操作与实务.上海:复旦大学出版社,2005
[3] 王忠华,周勇.数字图书馆.北京:北京邮电大学,2000
[4] 郭彦琦.数字图书馆工程中数字产品的版权保护和访问权限控制的研究和实现:(硕士学位论文).上海:上海海事大学,2004
[5] 张荣博,李胜宇,李席广等.基于角色访问控制的研究与应用.沈阳航空工业学院学报,2007,24(1):41-43
[6] http://www.lunwennet.com/thesis/2005/7076.html
[7] http://www.chinafirestone.net/communication.htm
[8] http://www.cbinews.com/solution/news/1717.html
[9] 胡云琴,陆光宇,李卉.网格安全访问控制方案设计.舰船电子工程,2007,27(2):91-94
[10] http://www.ahcit.com/lanmuyd.asp?id=1207
[11] SNDHU S, COYNE E J, FEINSTEIN H L, et al. Role-based access control models[J].IEEE Computer, 1996,29(2):38-47
[12] 杨庚,沈剑刚,容淳铭.基于角色的访问控制理论研究.南京邮电大学学报(自然科学版),2006,26(3):1-8
[13] 陈明忠.基于角色访问控制模型的应用研究.电脑与电信,2007,21(5)
[14] 张路桥,赵军,何林波.基于角色的访问控制综述.计算机与信息技术,2007,10
[15] 石稀林,方勇,张野等.分布式环境下的一种基于角色的访问控制模型.四川大学学报(自然科学版),2007,44(2):303-306
[16] 张野,方勇,吕伟等.一种基于对象组的RBAC权限模型.信息与电子工程,2007,5(2):138-141
[17] 吴春雷,张学辉.一种基于RBAC扩展模型的Web系统权限控制方法.科学技术与工程,2007,7(11):2672-2676
[18] http://202.116.65.193/2007jpkc/sztsg/7_1_12.htm
[19] 王晶,马斌荣.基于网络的多用户管理信息系统中访问控制模型的研究.北京生物医学工程,2007,26(2):132-135
[20] http://www.mmit.stc.sh.cn/bitlibrary/
[21] 田丰,孙辉.基于角色的访问控制技术在国防科技信息青年权管理中的应用.现代图书情报技术,2007,2:75-77
[22] 蔡琼,韩洪木,左翠华.RBAC模型的角色层次关系及授权管理研究.计算机工程与科学,2007,29(4):36-37
[23] 叶伟,刘强.IRBAC模型的研究与实现.计算机工程与科学,2006,28(A2)
[24] 胡云琴,陆广宇,李卉.网格安全访问控制方案设计.舰船电子工程,2007,2:91-94
[25] 蒙应杰,张海波,杨西宁等.基于角色授权的Web service访问控制模型.兰州大学学报(自然科学版),2007,43(2):84-88
[26] 覃章荣,王强,欧镔进等.基于角色的权限管理方法的改进与应用.计算机工程与设计,2007,28(6):1282-1284
[27] 刘孝保,杜平安.基于角色的访问控制在多应用层CIMS中的应用.四川大学学报(工程科学版),2007,39(2):140-144
[28] 蔡红霞,俞涛.制造网格中访问控制的研究.计算机集成制造系统,2007,13(4):716-720
[29] 蔡耀华,彭鑫,赵文耘.面向特征的Web服务角色访问控制.计算机工程与科学,2006,28(A2):52-55
[30] 吕锋,苗露,王长亮.基于RBAC策略的网格安全访问控制模型.计算机科学与应用,2007,3:108-110
[31] 刘益和,沈昌祥.基于角色管理的安全模型.计算机应用研究,2007,24(5):119-121
[32] 李学俭,黄晨晖.基于RBAC的访问权限控制的研究.中国科技信息,2007,10
[33] 崔仁杰,马明.基于角色访问控制模型实现.西安文理学院学报(自然科学版),2005,8(4):57-60
[34] 周彬,刘连忠.多维授权对象RBAC模型的设计与实现.兰州理工大学学报,2005,31(2):77-80
[35] 杨义先.网络信息安全与保密.北京:北京邮电学院出版社,2001
[36] 卿斯汉,刘文清,刘海峰.操作系统安全导论.北京:科学出版社,2003
[37] 殷国富,成尔京.UC NX2产品设计实例精解.北京:机械工业出版社,2005
[38] 李黎明 有限元分析实用教程.北京:清华大学出版社,2005
[39] Ferraiolo D, Kuhn R. An Introduction to Role Based Access Control. http://csrc.nist.gov/rbac/
[40] Ferraiolo DF, Kuhn DR, Ramaswamy Chandramouli. Role-Based Access Control. Ieee. Artech House. 2003
[41] Ferraiolo DF, Sandhu R, Guirila S, et al. Proposed NIST Standard for Role-Based Access Control. ACM Transactions on Information and System Security, 2001,4(3):224-274
[42] Ravi S Sandhu, Edward J Coyne,Hal L Feinstein, et al. Role-Based Access Control model. IEEE Computer, 1996,29(2):38-47
[43] Venkata B, Ravi S. Push architectures for user role access signment[C]//James C, Ravi S. 23~(rd) National Information System Security Cobference Baltimore, 2000. California:National Institute of Standards and Technology, National Computer Security Center, 1998:89
[44] H.M. Gladney, J. 1. Bennett. What Do We Mean By Authentic Whant' S the Real McCoy, files. D-lib magazine, 2003,9(7)
[45] C. Brendan, S. Traw. Technical Challenges Of Protecting Digital Entertainment Content. IEEE, 2000,36(7):72-77
[46] K. Klemperer. et al. Digital Libraries:A Selected Resource Guide. Information Technology Ang Use, 1997,16(3):126-131
[47].Hwang JJ, Shao BM, Wang Pc. A New Access Control Method Using Prime Factorization. The Computer Joural, 1992, 35(1):16-20
[48] Beresnevichiene Y. A Role And Context Based Security Model. Cambridge:Wolfson College, University of Cambridge, January 2003
[49] Ahn G J, Sandhu R S. Role-based Authorization Constraints Specification. ACM Trans on Information and System Security, 2000,3(4):207-226
[50] Bonatti P, Vimercati S, Samarati P. An Algebra for Composing Access Control Policies. ACM Trams on Information and System Security, 2002,5(1):1-35