电子政务基于属性证书的访问控制模型

随着我国电子政务的发展,如何保障电子政务中的资源信息不被非法访问已成为当务之急。如何进行用户对资源和服务使用的限制,决定主体是否对客体有权限进行某种操作,即对用户进行访问控制的问题信息安全研究中的重要方面。授权来源于访问控制,即先对用户进行授权,然后根据用户具有的权限来进行访问控制。属性证书包含了一系列用户的权限信息,所以属性证书可以看作是权限信息的载体。根据属性证书中用户的权限信息可以对用户访问资源进行控制,基干角色的访问控制(RBAC)是一种新兴的访问控制技术和理念,是将用户划分成与其职能和职位相符合的角色,根据角色赋予相应操作权限,以减少授权管理的复杂性,降低管理开销和为管理员提供一个比较好的实现复杂安全政策的环境,是传统的自主访问控制和强制访问控制的升级和替代。RBAC的建模和实现技术是目前RBAC技术研究的热点和难点。NRBAC模型是一种更接近现实情况的模型。基于属性证书和电子政务中存在的特殊要求和特点,结合RBAC96、ARBAC97模型以及NRBAC模型,构造了一个适合电子政务系统使用的基于角色的安全访问控制模型eGA-NRBAC;利用该访问控制模型解决了电子政务工程中授权管理系统和授权服务系统的工程化实现问题。测试和实际使用都证明了此访问控制模型的正确性、可行性和可靠性。

Access Control Model of Electronic Government Based on Attribute Certificate

Information developing strategy has strongly promoted the development of electronic government in our country.How secure information resource to avoid lawless-access is important.How make control on the usage of resource and how make decision what opera-tion can be make on resource are the important issues in information security research.Authorization comes from access-control.We can authorate on the user firstly,then make access-control on him.AC includes a set of information on the user,AC is the carrier of privilege.We can make access-control on the the usage of resource based on AC.Role-based access control(RBAC) can reduce the complexi-ty and cost of authorization managements compared with traditional access control method,and the roles can be consistent with the person-nel structure in a organization or corporation.RBAC is the best schema to enforce authorization policy on large net.NRBAC is an access-control model which is closer to realism.We construct a role_based access control model--eGA-NRBAC which is based on the particularity of electronic government,AC and combination of RBAC96,ARBAC97 and NRBAC.We resolve the problem that how to realize the privilege management system and the privilege services system.The testing and the running of the system also prove the correctness,feasibility and reliability of the model.