XML论文：XML数据库的扩展RBAC模型构建

1、xml论文：xml数据库的扩展rbac模型构建【中文摘要】随着internet突飞猛进地发展，基于互联网的应用 越來越深入，而xml无论是作为标记语言还是被作为存储结构的数据 库都随着internet上的各种应用增多而被越来越广泛的应用。为了 解决xml作为信息载体的广泛应用带来的安全问题的安全服务模型 安全访问控制模型，已成为现在人们研究的焦点。本课题将以传 统的基于xml文档rbac（基于角色的访问控制）模型作为文章研究的 出发点，从而提出了基于xml文档数据库的扩展rbac模型。该模型使 用了 schema语言来定义了 xml数据库文档结构，针对xml文档的特性, 在分析基于xml的rb

2、ac模型存在角色授权过于庞大和约束机制不完 善的问题棊础上，对其进行有效的改造和扩展,提出了一种新的基于 xml文档的扩展rbac模型。文章分析了传统的rbac模型存在的问题， 并在此基础上针对这些问题提出了解决方案基于xml文档的扩 展rbac模型,并对新的扩展rbac模型进行完整的定义和详细的说明。 论文中还结合了实例模型集中从基于xml文档的扩展rbac模型的系 统实现及其系统实现所需的主要技术支持进行考虑，针对基于xml文 档的扩展rbac模型的设计，结合一个简化的企业内部人员管理信息 系统为访问控制模型的应用环境,进行更为直观和深入的描述并具体 展示了在基于xml文档的数据库中，实现

3、扩展的rbac系统所使用的关 键性技术。本论文首先对访问控制模型中的客体按照其属性进行抽象 归类，再将权限配置给一类客体，模型屮的主体对客体的访问权限，是 由主体对应的角色和访问域共同来确定,这样极大地减少了角色和权 限的定义数量。其次文章采用的是职责关系隔离(separation of duties)规则来解决系统中角色间存在的利益冲突，以避免用户权限 过大或者用户越位越权等现象出现，而影响系统的安全性能。文章还 将使用schematron(基于规则的xml模式语言)来对约束规则进行形 式化描述。基于xml文档的扩展rbac模型能够符合xml文档细粒度 的访问控制需求，该模型结构简洁灵活且比

4、较容易实现。【英文摘要】with the rapid development of internet, more and more in-depth internet-based applications, and xml is either as a markup language, or it is used as the stored structure of the databases on a variety of applications as the in ternet has bee n growing more and more widely used xml as an i

5、nformation carrier in order to solve the security problems caused by widely used security services model - secure access control model, has become the focus of research is now this paper takes the traditional role-based access control (rbac) model as the starting point of the study, and puts forward

6、 the extended rbac model that based on the xml document database.this model uses the schema language to define the document structure of the xml database, according to the characteristics of the xml document, on the problem that the role model authorized redundantly and the constraint mechanismperfo

7、rmed imperfectly of the rbac model that based on xml, we put forward a new extended rbac model that based on xml documents which is effective and expansive this paper analyzes existing problems of the traditional rbac model, and on this basis puts forward the solution of these problems-the extended

8、rbac model that based on the xml documents, and completely defines and details to the new extended rbac mode 1. the paper combincs instance model and focus from the implementation of system and needed technical supports for the extended rbac model that based on the xml documents to consider, and dir

9、ects at the design of the extended rbac model that based on the xml documents, combines the technical support for the main consideration for the extension of rbac-bascd xml document model design, and combined with a simplified internal staff management information system as the application environme

10、nt to access control model to describe which more intuitive and in-depth, and definite shows that achieved the key technologies for the extended rbac system on the database that based on the xml documents. firstly, in this paper, we classify the object of the access control model abstractly accordin

11、g to their attributes,then assign the permissions to a class of objects.the access permission of the subject to the object inthe model is decided by the corresponding roles and access domain of the subject,this way can greatly reduce the number of the roles and permissions definitions secondly, this

12、 paper adopts the rules of separation of duties to solve the roles' interest conflict in the system, in order to avoid the phenomenon that the users have excessive permissions or the users beyond their authorities which affects the security performance of the system in addition, this paper also

13、uses the schematron(the xml schema language based on rules) to describe the constraint rules formal1y. the extended rbac model that based on xml document can satisfy the fine-grained access control requirements of the xml document .this model? s structure is simple and flexible, and it' s easy t

14、o be realized【关键词】xml rbac公共访问域 特定访问域 约束规则【英文关键词】xmlrbacpadsadconstrained rules【目录】xml数据库的扩展rbac模型构建摘要8-9 abstract 910 第 1 章 绪论 11t71 1 课题提出的背景及研究意义11t21.2国内外研究现状12-151.2. 1国外研究现状12-141.2.2国内研究现状14-1513论文研究内容1514论文结构15-16本章小结16-17 第2章xml数据库结构特点17-282. 1 xml 简介 17-192. 2 xml 与 html 比较19-212. 3 xml数据库

15、与关系数据库比较21-222. 4 xml文档定义规则 22-252. 5 xml存在的隐患 25-262. 6 xml安全问题的解决方案26-27本章小结27-28 第3章访问控制模型概述28-363.1访问控制定义28-293.2访问控制技术29-323.2. 1自主访问控制dac 293. 2.2强制访问控制mac 29-303.2.3基于角色的访问控制rbac 30-323. 3 rbac96 模型 32-353. 3. 1 rbac0 模型333. 3. 2 rbac1 模型 33-343. 3. 3 rbac2 模型34-353. 3. 4 rbac3 模型 35本章小结 35-36 第 4章 基于xml文档的扩展rbac模型36-474. 1基于xml文档的rbac模型36-384. 2基于xml文档的rbac模型屮存在的问题38- 394. 2. 1角色授权过于庞大38-394. 2. 2约束策略不完善394. 3基于xml文档的扩展rbac模型39- 464. 3. 1约束条件定义 43-444. 3. 2实例44-46 木章小结46-47 第5章 模型框架及设计47- 615.1模型框架47-485. 2模型系统实现48- 495. 3模型的模式定义49-535. 4模型中xml数据的描述53-565. 5访问模型的具体实现56-5