计算机科学 ›› 2021, Vol. 48 ›› Issue (6A): 558-562.doi: 10.11896/jsjkx.200700127
程学林, 杨小虎, 卓崇魁
CHENG Xue-lin, YANG Xiao-hu, ZHUO Chong-kui
摘要: 数据权限控制是软件系统安全性和质量的重要方面,也是SaaS多租户软件系统权限管理和授权访问的重要组成部分。数据权限控制的核心需求是不同角色的用户,访问的数据范围不同,如果能够设计出一套通用的数据权限控制方法,降低授权管理的复杂性,提升软件系统安全具有一定的现实意义。在以RBAC授权模型为理论的基础上,提出了一种基于组织架构的数据权限控制模型(Organization-Based Data Authority Control,ODAC),ODAC模型中SaaS软件系统提供的各类服务统称为资源,资源分为数据受控资源和数据不受控资源,在将数据受控资源分配给角色时,指定该资源可访问的租户组织架构,用户在访问数据时,系统通过用户角色对应资源的租户组织架构,来实现数据访问控制的目的。在此基础上,基于Spring MVC、Spring Security和MyBatis框架对OADC模型进行了实现。多种实际生产系统使用了该模型,验证了其具有较好的通用性和可行性。
中图分类号:
| [1] 赵静,杨蕊,姜滦生.Web信息系统中的资源访问控制[J].计算机工程与设计,2010,31(15):3353-3389. [2] 林伟炬,刘列根,张宇.一个通用的权限管理模型的设计方案[J].微计算机信息,2009,22(15):1-3. [3] NAZERIAN F,MOTAMENI H,NEMATZADEH H.Emer-gency role-based access control (E-RBAC) and analysis of model specifications with alloy[J].Journal of Information Security and Applications,2019,45:131-142. [4] GHAFOORIAN M,ABBASINEZHAD-MOOD D,SHAKERIH.A thorough trust and reputation based RBAC model for secure data storage in the cloud[J].IEEE Transactions on Parallel and Distributed Systems,2018,30(4):778-788. [5] JIN X,KRISHNAN R,SANDHUR.A unified attribute-basedaccess control model covering DAC,MAC and RBAC[C]//IFIP Annual Conference on Data and Applications Security and Privacy.Springer,Berlin,Heidelberg,2012:41-55. [6] MUDDIN M,ISLAM S,AL-NEMRAT A.A dynamic accesscontrol model using authorising workflow and task-role-based access control[J].IEEE Access,2019,7:166676-166689. [7] QIANG Z,DONG C.Enhance the user data privacy for SAAS by separation of data[C]//2009 International Conference on Information Management,Innovation Management and Industrial Engineering.IEEE,2009,3:130-132. [8] TIWARI P K,JOSHI S.Data security for software as a service[M]//Web-based services:Concepts,methodologies,tools,and applications.IGI Global,2016:864-880. [9] JOHA A,JANSSEN M.Design choices underlying the software as a service (SaaS) business model from the user perspective:Exploring the fourth wave of outsourcing[J].Journal of Universal Computer Science,2012,18(11). [10] TSAI W T,ZHONG P.Multi-tenancy and sub-tenancy architecture in software-as-a-service (SaaS)[C]//2014 IEEE 8th International Symposium on Service Oriented System Engineering.IEEE,2014:128-139. [11] LOMOTEY R K,DETERS R.SaaS authentication middlewarefor mobile consumers of iaas cloud[C]//2013 IEEE Ninth World Congress on Services.IEEE,2013:448-455. [12] BELIM S V,BOGACHENKO N F,KABANOV A N.Severity Level of Permissions in Role-Based Access Control[C]//2018 Dynamics of Systems,Mechanisms and Machines (Dynamics).IEEE,2018:1-5. [13] PERMANA R I,SUROSO J S.Data Governance Maturity Assessment at PT.XYZ.Case Study:Data Management Division[C]//2018 International Conference on Information Management and Technology (ICIMTech).IEEE,2018:15-20. [14] FERRISJ M.Providing access control to user-controlled re-sources in a cloud computing environment:U.S.Patent 8,984,505[P].2015-3-17. [15] THOMPSON W J J,VAN DER WALT J S.Business intelligence in the cloud[J].South African Journal of Information Management,2010,12(1):1-15. | 
| [1] | 郭鹏军, 张泾周, 杨远帆, 阳申湘. 飞机机内无线通信网络架构与接入控制算法研究 Study on Wireless Communication Network Architecture and Access Control Algorithm in Aircraft 计算机科学, 2022, 49(9): 268-274. https://doi.org/10.11896/jsjkx.210700220 | 
| [2] | 阳真, 黄松, 郑长友. 基于区块链与改进CP-ABE的众测知识产权保护技术研究 Study on Crowdsourced Testing Intellectual Property Protection Technology Based on Blockchain and Improved CP-ABE 计算机科学, 2022, 49(5): 325-332. https://doi.org/10.11896/jsjkx.210900075 | 
| [3] | 郭显, 王雨悦, 冯涛, 曹来成, 蒋泳波, 张迪. 基于区块链的工业控制系统角色委派访问控制机制 Blockchain-based Role-Delegation Access Control for Industrial Control System 计算机科学, 2021, 48(9): 306-316. https://doi.org/10.11896/jsjkx.210300235 | 
| [4] | 潘瑞杰, 王高才, 黄珩逸. 云计算下基于动态用户信任度的属性访问控制 Attribute Access Control Based on Dynamic User Trust in Cloud Computing 计算机科学, 2021, 48(5): 313-319. https://doi.org/10.11896/jsjkx.200400013 | 
| [5] | 曹萌, 于洋, 梁英, 史红周. 基于区块链的大数据交易关键技术与发展趋势 Key Technologies and Development Trends of Big Data Trade Based on Blockchain 计算机科学, 2021, 48(11A): 184-190. https://doi.org/10.11896/jsjkx.210100163 | 
| [6] | 赵曼, 赵加坤, 刘金诺. 基于自我中心网络结构特征和网络表示学习的链路预测算法 Link Prediction Algorithm Based on Ego Networks Structure and Network Representation Learning 计算机科学, 2021, 48(11A): 211-217. https://doi.org/10.11896/jsjkx.201200231 | 
| [7] | 何亨, 蒋俊君, 冯可, 李鹏, 徐芳芳. 多云环境中基于属性加密的高效多关键词检索方案 Efficient Multi-keyword Retrieval Scheme Based on Attribute Encryption in Multi-cloud Environment 计算机科学, 2021, 48(11A): 576-584. https://doi.org/10.11896/jsjkx.201000026 | 
| [8] | 徐堃, 付印金, 陈卫卫, 张亚男. 基于区块链的云存储安全研究进展 Research Progress on Blockchain-based Cloud Storage Security Mechanism 计算机科学, 2021, 48(11): 102-115. https://doi.org/10.11896/jsjkx.210600015 | 
| [9] | 王静宇, 刘思睿. 大数据风险访问控制研究进展 Research Progress on Risk Access Control 计算机科学, 2020, 47(7): 56-65. https://doi.org/10.11896/jsjkx.190700157 | 
| [10] | 顾荣杰, 吴治平, 石焕. 基于TFR 模型的公安云平台数据分级分类安全访问控制模型研究 New Approach for Graded and Classified Cloud Data Access Control for Public Security Based on TFR Model 计算机科学, 2020, 47(6A): 400-403. https://doi.org/10.11896/JsJkx.191000066 | 
| [11] | 潘恒, 李景峰, 马君虎. 可抵御内部威胁的角色动态调整算法 Role Dynamic Adjustment Algorithm for Resisting Insider Threat 计算机科学, 2020, 47(5): 313-318. https://doi.org/10.11896/jsjkx.190800051 | 
| [12] | 王辉, 刘玉祥, 曹顺湘, 周明明. 融入区块链技术的医疗数据存储机制 Medical Data Storage Mechanism Integrating Blockchain Technology 计算机科学, 2020, 47(4): 285-291. https://doi.org/10.11896/jsjkx.190400001 | 
| [13] | 屠袁飞,张成真. 面向云端的安全高效的电子健康记录 Secure and Efficient Electronic Health Records for Cloud 计算机科学, 2020, 47(2): 294-299. https://doi.org/10.11896/jsjkx.181202256 | 
| [14] | 乔博文,李军辉. 融合语义角色的神经机器翻译 Neural Machine Translation Combining Source Semantic Roles 计算机科学, 2020, 47(2): 163-168. https://doi.org/10.11896/jsjkx.190100048 | 
| [15] | 王鑫, 孟浩浩, 姜小涛, 陈胜勇, 孙凌云. 基于神经网络的角色运动合成研究进展 Survey on Character Motion Synthesis Based on Neural Network 计算机科学, 2019, 46(9): 22-27. https://doi.org/10.11896/j.issn.1002-137X.2019.09.003 | 
| 
 | ||