Role-based access control model constructing system

Abstract

The invention provides a role-based access control model constructing system, which comprises a database, a weight module, a role module, a restriction module, a result display module, a user right distribution and management module and an audit management module, wherein the weight module comprises a similarity module and a weight calculation module; the role module comprises a role generation module and a role hierarchy generation module; the restriction module comprises a role restriction module, a right restriction module, a user restriction module and a mutual exclusion restriction module; and the result display module comprises a role display module, a restriction display module and a result adjustment module. In the invention, the importance of the user right is measured, the restriction to a role-based access control model is generated, and therefore the accuracy of the role and the safety of the system are improved. When the system is adopted, the construction of the role-based access control model can be realized, and the automatic and semi-automatic construction of the role-based access control model is ensured; moreover, the system has the characteristics of high safety, high interpretability and easy extendibility.

Description

technical field [0001] The invention belongs to the technical field of computer security, and in particular relates to a role-based access control model building system. The system can automatically or semi-automatically build a role-based access control model that meets certain requirements by using the distribution relationship between users and permissions. Background technique [0002] With the development of communication, computer and information technology, in the relevant departments such as party and government agencies, enterprises and institutions, finance, national defense and military industry, the amount of information retention and exchange has reached an unprecedented order of magnitude. How to ensure these information and resources security has become an urgent need. At the same time, more and more commercial organizations and institutions are using role-based access control models to build security products suitable for their own departments, and using rol...

AI Technical Summary

Problems solved by technology

[0010] First of all, the traditional role-based access control model construction method regards the permissions owned by users as equally important, and lacks standards to measure the importance of permissions, resulting in some important roles that cannot be found or lost

However, this is not the case. For example, in the hospital information management system, the importance of the authority to "read" patient information is higher than the importance of the authority to "write" patient information, because the authority of "reading" patient information is relatively The right to "write" patient information will cause more leakage of user private information; secondly, the traditional role-based access control model construction method lacks a constraint generation mechanism

The constraint mechanism is an essential part of the role-based access control model, and it is also a precondition for the reasonable implementation and guarantee of the role-based access control mechanism, such as mutual exclusion constraints, separation of duties constraints, and potential-based constraints. If A role-based access control system lacks the necessary constraint mechanism, so this role-based access control model will not be able to implement a series of security requirements specified by the system, and it will also be impossible to ensure that resources in the system can be accessed safely and effectively ; In addition, constraints are also a powerful means for management personnel to delegate enterprise security policies in distributed or large enterprises. It allows security system master policy managers to formulate a series of mandatory requirements to ensure system security and security when the management authority is lowered. Integrity, so as to ensure that the local managers after decentralization can manage and specify security policies according to the rules specified by the main managers; finally, although the role-based access control model obtained by using the top-down method can be better It reflects the functional requirements of the system, but it is time-consuming and labor-intensive, requiring a large amount of domain knowledge and domain experts to participate; and using the bottom-up method can better realize the automatic or semi-automatic construction of role-based access control model, saving A lot of manpower and material resources, however, the system role generated by this method lacks semantic information, so it cannot reflect the functional requirements of the system well, how to integrate the top-down method and the bottom-up method, so that users and permissions Information such as the allocation relationship among them is included in the role-based access control model constructed automatically or semi-automatically to ensure faster and better reflection of system security and functional requirements. It will also be an arduous task

Images