摘要: |
电子军务信息系统虽然运行于相对安全的军队内联网中,但仍面临多种不安全因素。
针对其中破坏认证、破坏访问控制两种主要的威胁,提出结合部队编制、人员职务、角色分
工和业务工作流,以任务为中心进行认证与访问控制,从而保护业务系统操作和数据安全的
思想。利用公开密钥基础设施(PKI)和轻量级目录访问协议(LADP)设施实现了基于数字证书
的统一认证以及任务与角色结合的T-RBAC
访问控制组件。在司政后多种业务系统中的实际应用结果显示,该安全组件能够对用户访问
和操作权限进行严格、规范和灵活地控制,有效保证系统、工作流和数据的安全。 |
关键词: 电子军务系统 网络安全 信息化建设 工作流管理 访问控制 T-RBAC |
DOI: |
|
基金项目:武警工程大学基础研究基金资助项目(WJY-201107) |
|
Design of T-RBAC component and its application in electronic military system |
WANG Wei,DU Jing,ZHOU Zi-chen |
() |
Abstract: |
Although running on a relatively safe environment of military Intranet
, electronic military systems still face various security threats. To relieve tw
o main typical security threats, i.e., broken authentication and broken access c
ontrol, this paper proposes an idea of conducting task-centered authentication a
nd access control to ensure operation and data safety in mission-critical system
s by combining department organization order, army man′s position, duty and rol
e
with workflow management. An authorization component
based on PKI(Public Key Infrastructure) and LDAP(Lightweight Directory Access Pr
otocol) and an access contr
ol component based on T-RBAC(Task-Role Based Access Control) are designed. The i
mplemented s
ecurity components are embedded in practical military, political and logistics a
pplications, and results show they can effectively guarantee the security and re
liability of the system, workflow and business data. |
Key words: electronic military system network security informatization workflow management access control T-RBAC |