电子军务系统中T-RBAC访问控制组件的设计与应用

电子军务信息系统虽然运行于相对安全的军队内联网中，但仍面临多种不安全因素。 针对其中破坏认证、破坏访问控制两种主要的威胁，提出结合部队编制、人员职务、角色分 工和业务工作流，以任务为中心进行认证与访问控制，从而保护业务系统操作和数据安全的 思想。利用公开密钥基础设施(PKI)和轻量级目录访问协议(LADP)设施实现了基于数字证书 的统一认证以及任务与角色结合的T-RBAC 访问控制组件。在司政后多种业务系统中的实际应用结果显示，该安全组件能够对用户访问 和操作权限进行严格、规范和灵活地控制，有效保证系统、工作流和数据的安全。

Design of T-RBAC component and its application in electronic military system

Although running on a relatively safe environment of military Intranet,electronic military systems still face various security threats.To relieve two main typical security threats,i.e.,broken authentication and broken access control,this paper proposes an idea of conducting task-centered authentication and access control to ensure operation and data safety in mission-critical systems by combining department organization order,army man’s position,duty and role with workflow management.An authorization component based on PKI(Public Key Infrastructure) and LDAP(Lightweight Directory Access Protocol) and an access control component based on T-RBAC(Task-Role Based Access Control) are designed.The implemented security components are embedded in practical military,political and logistics applications,and results show they can effectively guarantee the security and reliability of the system,workflow and business data.