共查询到18条相似文献,搜索用时 62 毫秒
1.
软件系统建模一般不包括安全建模,系统安全策略和安全机制往往作为开发人员在系统开发后期对系统的补充和完善的措施。这种不规范的安全需求处理为系统后期安全维护及系统之间的集成带来莫大隐患。该文阐述RBAC的安全建模与系统通常UML建模。 相似文献
2.
基于RBAC模型的安全访问机制建模研究 总被引:7,自引:0,他引:7
基于角色访问控制(RBAC)是一种方便、安全、高效的访问控制机制。介绍了软件系统安全控制策略,分析了RBAC的基本思想和用户角色分配的基本方法,提出了基于面向对象的RBAC建模思想,并用标准建模语言UML的交互图描述RBAC的授权流程,从而使系统开发人员有效理解RBAC模型并建立基于角色的系统。文中还给出了在数据备份系统中运用RBAC实现用户权限管理应用模型的实例。 相似文献
3.
4.
文章提出了用基于角色的访问控制方案实现多级关系中向下读和向上写的安全策略,并且解决了修改操作的隐通道问题。 相似文献
5.
为缩短网络安全访问控制系统的响应时间,设计了一种基于角色的访问控制(Role-BasedAccess Control,RBAC)模型的网络安全访问控制系统。通过网关设备采用树莓派,外网设备采用路由器完成系统硬件设计。通过设计RBAC模型的知识库、基于RBAC模型的身份认证功能、用户信任值评估功能完成系统软件设计。仿真实验结果表明,当并发用户数量为10 000时,本文设计的网络安全访问控制系统的平均响应时间为1.38 s,工作效率较好,具有一定的应用价值。 相似文献
6.
访问控制是一种重要的信息安全机制。文中系统地分析了访问控制技术、基于角色的访问控制模型和RBAC管理模型定义,总结了它们的特性。设计了RBAC管理系统,该系统试图解决现有RBAC管理之中存在的问题,具有很强的通用性。 相似文献
7.
8.
9.
针对传统基于角色的访问控制系统在面向中小企业应用中的不足,设计了一个面向中小企业的基于WebServices的轻量级RBAC系统。利用动态AOP技术将权限验证实现为方面,通过对WebServices动态织入方面实现RBAC核心的重用,提高了RBAC系统的通用性。 相似文献
10.
一种域增强的RBAC模型及其管理模型 总被引:3,自引:0,他引:3
在NISTRBAC模型的基础上扩展了域和客体类的概念,提出DE_RBAC模型,使其更适合在大型分层管理的系统中应用,减少了角色的定义和权限的分配。在此基础上提出一种新的管理模型,通过层层授权、分布式管理的方式建立分层的RBAC管理框架,并在系统运行中进行动态角色和权限管理。 相似文献
11.
Francisco J. Lucas Fernando Molina Ambrosio Toval 《Information and Software Technology》2009,51(12):1631-1645
Information System (IS) development has been beset by consistency problems since its infancy. These problems are greater still in UML software development, and are principally caused by the existence of multiple views (models) for the same system, and may involve potentially contradictory system specifications. Since a considerable amount of work takes place within the scope of model consistency management, this paper presents a systematic literature review (SLR) which was carried out to discover the various current model consistency conceptions, proposals, problems and solutions provided. To do this, a total of 907 papers related to UML model consistency published in literature and extracted from the most relevant scientific sources (IEEE Computer Society, ACM Digital Library, Google Scholar, ScienceDirect, and the SCOPUS Database) were considered, of which 42 papers were eventually analyzed. This systematic literature review resulted in the identification of the current state-of-the-art with regard to UML model consistency management research along with open issues, trends and future research within this scope. A formal approach for the handling of inconsistency problems which fulfils the identified limitations is also briefly presented. 相似文献
12.
就如何评价访问控制模型,用基于N维安全熵的方法进行量化分析研究。首先,根据信息论中对信息熵的定义和描述,介绍了自主访问控制模型的N维安全熵定义。然后以N维安全熵的方法对RBAC模型的安全性进行量化分析。为了解决管理信息系统中的多类别、多层次角色访问的安全性度量问题,提出了扩展的RBAC访问控制(EXRBAC)模型,并用N维安全熵的方法进行了量化分析。最后对这三种访问控制模型的安全性进行分析和比较,结果显示,在多类别、多层次角色访问前提下,扩展的RBAC模型其安全性有明显提升。 相似文献
13.
Context
Business processes are an important source for the engineering of customized software systems and are constantly gaining attention in the area of software engineering as well as in the area of information and system security. While the need to integrate processes and role-based access control (RBAC) models has been repeatedly identified in research and practice, standard process modeling languages do not provide corresponding language elements.Objective
In this paper, we are concerned with the definition of an integrated approach for modeling processes and process-related RBAC models - including roles, role hierarchies, statically and dynamically mutual exclusive tasks, as well as binding of duty constraints on tasks.Method
We specify a formal metamodel for process-related RBAC models. Based on this formal model, we define a domain-specific extension for a standard modeling language.Results
Our formal metamodel is generic and can be used to extend arbitrary process modeling languages. To demonstrate our approach, we present a corresponding extension for UML2 activity models. The name of our extension is Business Activities. Moreover, we implemented a library and runtime engine that can manage Business Activity runtime models and enforce the different policies and constraints in a software system.Conclusion
The definition of process-related RBAC models at the modeling-level is an important prerequisite for the thorough implementation and enforcement of corresponding policies and constraints in a software system. We identified the need for modeling support of process-related RBAC models from our experience in real-world role engineering projects and case studies. The Business Activities approach presented in this paper is successfully applied in role engineering projects. 相似文献14.
《Information and Software Technology》2014,56(7):763-792
ContextRole-Based Access Control (RBAC) and Mandatory Access Control (MAC) are widely used access control models. They are often used together in domains where both data integrity and information flow are concerned. However, there is little work on techniques for building hybrid access control of RBAC and MAC.ObjectiveIn this work, we present a systematic approach for developing a hybrid access control model using feature modeling with the aim of reducing development complexity and error-proneness.MethodIn the approach, RBAC and MAC are defined in terms of features based on partial inheritance. Features are then configured for specific access control requirements of an application. Configured features are composed homogeneously and heterogeneously to produce a hybrid access model for the application. The resulting hybrid model is then instantiated in the context of the application to produce an initial design model supporting both RBAC and MAC. We evaluate the approach using a hospital system and present its tool support.ResultsRBAC and MAC features that are specifically configured for the application are systematically incorporated into a design model. The heterogeneous features of RBAC and MAC are not only present in the resulting model, but also semantically composed for seamless integration of RBAC and MAC. Discharging the proof obligations of composition rules to the resulting model proves its correctness. The successful development of the prototype demonstrates its practicality.ConclusionFeatures in the access control domain are relatively small in size and are suitable to be defined as design building blocks. The formal definition of partial inheritance and composition methods in the presented approach enables precisely specifying access control features and feature configuration, which paves the way for systematic development of a hybrid access control model in an early development phase. 相似文献
15.
A design pattern is realized in various forms depending on the context of the applications. There has been intensive research
on detecting pattern instances in models and in implementations. However, little work addresses variations of pattern realization.
This paper describes an approach for evaluating conformance of pattern variations. This approach uses a divide-and-conquer
strategy to evaluate the structural conformance of a UML class diagram to the solution of a design pattern. A design pattern
is specified in an extension of the UML that defines the pattern in terms of roles. To demonstrate the approach, we use the
Visitor pattern and two case studies of a price calculator and a word processor. We also present a prototype tool that supports
the approach.
相似文献
| Wuwei ShenEmail: |
16.
基于分层对象化RBAC的设计与实现 总被引:1,自引:0,他引:1
安全内核的功能是维护系统内部信息的安全.通常是根据不同的安全需求,在安全内核中实施不同的安全策略.RBAC是一种能够满足系统多方面安全需求的访问控制机制.传统RBAC在改变角色的操作集合时,易与外部应用程序发生冲突.通过把访问系统内部信息的操作对象化,并作为角色分派给应用程序,在对象化的操作和应用程序之间派生出一个角色权限检查对象,灵活地实施分层对象技术,能够克服传统RBAC的不足,使RBAC的安全策略能够任意改变. 相似文献
17.
UML主要采用静态图、用例图、行为图和交互图等图形表示方式,是系统分析中实现可视化、详述和构造、文档化的一种标准通用建模语言。除软件系统模型之外,还可用来描述非软件领域,比如企业机构、业务过程、机械系统,以及用于复杂数据处理的信息系统,应用空间十分广泛。本文将讨论UML在网络安全系统领域中的建模分析方法。 相似文献
18.
中国墙安全模型是商业信息安全领域中的一个重要的安全策略模型,但是它缺少有效的实施模型和机制。研究了侵略型中国墙安全模型的利益冲突关系、数据组织等,分析了基于角色的访问控制(RBAC)模型的控制机制,利用RBAC的“策略中性”原理,配置RBAC实施侵略型中国墙安全模型,并举例配置了拥有5个有利益冲突公司的RBAC模型。通过对RBAC的配置,使得侵略型中国墙安全模型可以更加方便有效地实施。 相似文献