• 论文 •    

企业级信息系统中基于策略的访问控制

谢东文,刘  民,吴  澄   

  1. 清华大学 自动化系国家CIMS工程技术研究中心,北京  100084
  • 出版日期:2005-04-15 发布日期:2005-04-25

Policy-based access control in enterprise information system

XIE Dong-wen, LIU Min,WU Cheng   

  1. Dep. of Automation, Tsinghua Univ., Beijing  100084, China
  • Online:2005-04-15 Published:2005-04-25

摘要: 为了保障企业在获取和处理信息时的信息安全性,需要建立一套信息访问控制机制。提出了基于策略的访问控制模型,介绍了该模型的概念和组成,给出了企业级信息系统访问控制应遵循的9类规则,提出了一种具有通用性和良好可扩展性的实现方案。该方案已成功应用于某大型项目管理软件中,实践证明,可大大缩短软件开发时间,提高可维护性。

关键词: 访问控制, 角色, 策略, 规则

Abstract: To guarantee the information security in information acquisition and management in enterprises, an Policy-Based Access Control (PBAC) model was proposed. Definition and compositions of PBAC model were introduced. 9 kinds of rules of PBAC in enterprise information system were provided for enterprises to follow. In addition, a universal and extensible solution was advanced. The solution has been successfully applied in some large project management software. Application has indicated that the proposed solution can greatly lessen software development cycle and improve maintainability.

Key words: access control, rule, policy, project management

中图分类号: