Introduction
1.1. Keyword definition (Definitions)
The definition description is as follows:
Safety management: Computer technology security management is widely scope, including network security, data security, operating system security, and application security. Most of the security management has already had a mature product, we only need to use the choice of selective use to achieve its own purpose. In this paper, the word "safety management" is only limited to the applications in the application of the company.
Main body: You can issue an application requesting any entity like an application system, including a variety of users, other applications with interfaces of the system, illegal intruders. The system must have the ability to identify the subject, and the interface is actually registered by the user. Therefore, the main problem is the legality of the verification user identity, and the system should establish a user authentication body to verify the user identity.
User: The user is a subject that can independently access data in the computer system or other resources represented by data, and we use users to represent a user collection. Users are generally referred to in general.
Permissions: Permissions are licenses for access to data in computer systems or other resources represented by data. We use permission to represent a set of permissions. It can be divided into two types of object access control and data access control.
Object Access Control: Use a binary group to represent: (control object, access type). The control object represents all resources that need access control in the system. We will introduce a complete set of resource representations to define and reference all kinds of resources that appear in the system (see later described later). The access type refers to access control of the corresponding controlled object, such as reading, modification, deletion, and more.
Data Access Control: If you do not control data access, the security of the system is not guaranteed, and data leak events can be easily occurred. Therefore, the data that the object accessible must be accessed in different levels must be encrypted in different levels. We also expressed in a binary group: (control object, predicate).
Permissions can eventually be combined into the following form: (control object, access type, predicate).
Role: The role refers to the work or location in an organization or task, which represents a qualification, rights and responsibility. We use Roles to represent a set of roles.
User delegation: User delegation is a binary relationship between Users and Roles. We use (U, R) to indicate that the user U is assigned a role R.
Permissions Configuration: Permission Configuration is a binary relationship between Roles and Permiss, and we use (r, p) to indicate role R with a permission P.
2. Demand analysis According to our experience in the industry, refer to the successful experience of other peers, we have the ability to develop a set of functional and flexible and convenient safety management systems for our own application system. . The developers are liberated from the burden of privilege management to labor, and concentrate on the functional development of the application. Software engineers engaged in MIS project development experience through collecting companies have made the following summary of the needs of the safety of the corresponding system in various situations.
The system should consider the following aspects in terms of security management.
2.1. Role and User Requirements: Role by User (Users "of this user and the next line" should not be the same definition, "customer" seems to be suitable? Yes, the user is indeed some of the customer who is partial to point to our contract But I think that "user" defined below does not exist in nature, because the customer is ultimately using the system in the system to use this system, the functionality that the user can complete is the customer's needs. Both Subtle differences between readers can define themselves through the contextual segmentation, depending on the business position, can define multiple roles.
The login system, first requiring registration to the system, the same user can only register once in the system. The user is the wedge of the login system, the role is the basis of user rights. Users can play multiple characters.
When a role is granted to a user, the permissions cannot surpass the role permissions, but can be less than the role permissions.
User password and database access password encryption
Analysis
Each user is identified by a unique UserID in the system. The user logs in the system through the system login interface, and the system verifies the user identity and determines whether the user has logged in to the system through the encryption algorithm. If you log in successfully Notify the Application Preference Service and the Security Management System Save User Login Information. The role is added by the user to add settings according to its own organization, providing a special module to set up an organization, and users are functional and implementation of various strategies through organizational organizations (defined. Sector Organism or later "mechanisms Collection ") Conveniently the role management. For example, the user can perform the role of the role through a departmental mechanism, and the department is marked in a hierarchical manner, each two of the numbered is one level. For example, the first-level department number is two, and the secondary department number is pushed down to this class until the whole factory agency is established. Such data is only for the user management role, and there is no meaning in other aspects of the system. Each role is also identified by a unique role number in the system, and must save the organization information set by the user. Generally, each role only needs to save the code of its own institution.
2.2. Menu Control Demand This menu is the system service function menu. The business function module list and the user menu are customized. Each user can have its own menu, or you can use the role default menu (when the user acts as a plurality of roles and the privilege, the repetition is only one effective) Analysis Description In order to facilitate the user to perform permission organization management, you need to be in the system A list of business function modules is established in the user interface as a tree hierarchical structure. The business function module is reflected in the user's custom menu, and is still numbered layered, each two of the numbered is one level. And indicate that a hierarchy is a submenu or a business module, and the submenu has only one permission setting that is accessible, and the service module permissions are set by the system administrator or authorized user. Set its object control for each business module, record the remembering control and recordset control. When the user has a certain permission to the business module, it is necessary to have permissions that can be accessed. When you delete a certain level menu, you will be prompted to be deleted with the function module. When the user acts as a plurality of roles and the permissions are repeated, the repetition privilege is valid, and the user owns the permissions of all the characters of all the characters. The user is displayed with the tree structure of the business function module when the user has the system authority query.
2.3. Object Control Demand object refers to a visual object in the application system window, such as menu items, buttons, drop-down list boxes, data editing controls, and data editing controls. Object control is implemented by role and user authorization. Object control includes control of the object attribute to the maintenance permission of data records in the data editing control: Object Properties: Enable / disable, visual / shielded record maintenance: increase, delete, modify a combination
Analysis Description The objects of each business module can be set by the programmer are set by programmers or guided by the after-sales technical support engineer. When a system administrator or an authorized user performs each permission of the business module, set the object properties when the user has the permissions of the service module. Objects without setting attributes are not saved in user permission information when saving object information.
2.4. The control of the recordset control demand record set is implemented by condition settings. Therefore, it is necessary to control the database table for the record set needs to set a special recordset filter field, and the filter criteria is set by the user according to the position of the post, establish a filter table, Unified management. Analysis Description When setting the service module permission to the user, the data filtering condition of the data editing control of this module is set in the filter table, the filter criterion is the WHERE condition clause that makes up the SQL statement forces the module currently accessed to edit the data according to the filter criteria. The SQL statement of the control is restructured and the data is retrieved. When there is a case where multiple items in the database are required, there is a plurality of records in the filter table, each record records a filter criterion of a data editing control. The generation of the WHERE clause of the SQL statement is analyzed by the SQL syntax analysis service that can be passed using the function provided by the object, intercept the WHERE condition clause, check the legality of the newly combined SQL statement. 2.5. Permission distribution management requirements The above mentioned authority management content should be satisfied with the goals that can be centrally managed and decentralized. Analysis Description Permission Management Vaults to the system administrator, the system administrator works too much, it is difficult to comprehensively and specific understanding of the division of labor in all positions, and the permissions are meticulously divided. For large management systems suitable for part of the settings The permissions are handed over to some advanced users, which is conducive to the work of each post. This is the dispersion management of permissions. To achieve the decentralized management of permissions, you must perform some authorization management on the authorization module, which requires authorization security management of the entire system to be meticulous, do not have permission vulnerabilities to make some advanced users have excessive permissions.
3. Scheme design 3.1. Safety Policy From the above-mentioned demand analysis, we need a set of effective and flexible security management solutions. It is necessary to adopt a variety of control mechanisms and password protection techniques. Safety protection strategies are guidelines for designing a secure and reliable system, usually involving the following aspects: distinguishing between security policies and security agencies. The strategy is the advanced guidance of information security, the strategy comes from detailed research on user requirements, equipment environment, institutional rules, legal constraints. The importance of strategies is guided. The agency is a collection of functions that implement and implement various strategies. Perfect institutions are the basis for implementing the correct security strategy. Therefore, the agency requires the institution to achieve different strategies so that there is no need to replace the security mechanism when the policy changes. Safety Strategy: Enterprise Information Management System is a large distributed data resource management system, which includes huge information volume and varying degrees of information sensitivity, users with access to demand, making their security management very complicated. Role-based system security control model is currently an internationally popular advanced security management control method. Our security management system also has selective absorption of some ideas based on its own needs. It is characterized by assigning and canceling the role to complete the grant and cancel of user privileges, and provide role allocation rules and operational inspection rules. Security managers define various roles as needed and set appropriate access rights, and users are assigned to different roles depending on their responsibilities and qualifications. Thus, the entire access control process is divided into two parts, that is, access rights associated with the role, the role is associated with the user, thereby realizing logic separation of the user and access rights, as shown in the following figure, the role can be seen as an expression access Controlling the semantic structure of control policies, it can represent qualifications for specific work. Since the logic separation of users and access rights is achieved, the role-based strategy is greatly convenient for permission management. For example, if a user's position changes, simply remove the user's current role, join the role representing new positions or new tasks. Studies have shown that changes between roles / privileges are much slower than the changes between roles / user relationships, and delegate users to roles without many technologies, they can be executed by administrative personnel, and configuring permission to role work. More complicated, requires certain techniques, can be borne by specialized technicians, but do not give them privileges, this is just consistent with the reality. In addition to facilitating permission management, role-based access control methods can also describe the role hierarchical relationship, implement the principle of minimum authority principles and responsibilities. Safety Protection Agency: The safety protection mechanism of this system is basically adapted to each other, and the overall structure of system protection is as follows: The protection mechanism should be responsible for preventing all physical damage and the user's possible operation, the latter is attributed to the main body. What kind of object can be used to access. Main body, access type, object is the responsibility of the main component security management we have to discuss: Safety management has two types of centralized management and dispersion management. The former means that all rights are mastered by a full-time person or group of system responsible for system security, and he (we) determines the user's access rights and control all aspects of system security. The latter refers to the different parties of different administrators to control the system security, and the management system has different parts, determine the access rights of different users, and even allow the object owner to transfer the rights of the access object, centralized management, safe and reliable but not flexible; dispersion Management should consider avoiding vulnerabilities and coordinated issues. This system is complicated for product authority assignments for large group enterprises, and uses a combination of centralized management and dispersion management. Access control strategy. It provides a basis for determining user access rights. One of the most important principles is "The need-to-know". In other words, only one job needs, is what he should know. It limits the user unnecessary access rights, which blocks many ways to break and leak data information.
The right to grant the user according to this principle is that the user can complete the minimum set of rights, so it is also called "minimum privilege strategy." Information flow control. It is extremely dangerous to limit users' access rights without considering data flow. For example, the supervisor of each department can only be attendance for the staff of our department, and all the data can be extracted, so it must be restricted when extracting data. Control data flow to prevent unauthorized users from accessing rights after data flow. Password transformation. For very confidential data, it can be converted to password storage, so that the intruder who does not know the password cannot decipher the resulting data password. Password transform can prevent leaks, but cannot protect data information is not damaged. Soft hard combination protection. This is the basic strategy of security protection. Many hard protection functions are difficult to implement, and some can be achieved even if they can be realized. Responsive response to security. Various protective institutions may be destroyed, so the system must formulate measures and disposal measures. 3.2. Safety Management Institutions Analysis 3.2.1. Schematic Function Framework Schematic of the Master Function Framework Interior Overall Function Frame
3.2.2. Responsibilities of the main function components 3.2.2.1. Object definition tool and permission definition tool object definition tool. Objects refer to various functional modules, data, interface elements, including menus, buttons, and other interfaces, etc., which are subject accessible to various objects that can be accessed. Since the degree of confidentiality of the object is not equal, there is also a difference. Objects in the system are defined in advance by programmers to define the objects to be controlled in advance by the object definition tool provided by the system. The system can only control these prior defined objects, so object definitions are the core steps of the entire system directly affect the respective security control sections behind. It is recommended to initialize the development programmer. Object definitions include the following steps: Function Module Definition: In addition to partially public interfaces, outside the public function module, other business function modules are the main considerational way for users to complete their different business functions, and we are also safe to protect The key object, so we must define the business function module. Well-defined function module objects We have possible organizational permissions to configure the user business feature menu according to the user needs to be completed, which is also in line with the "Minimum Privilege Policy". Interface element control: In addition to the function menu, if you want to control the interface element of the function module, its function module interface element also needs to be defined, most interface elements contain related business function operation, so the interface element for the corresponding operation is It is necessary to perform definitions. Data Information Control: Most interface elements of the business function module are the basis of displaying and operationing data content, and is also the main way for users to read data and operational data. For the security of data information, it is necessary to take the operation data of this interface element. Safety confidentiality measures. This requires related data constraints for these interface elements. Object Definition (Flow) Flowcharts are as follows
Permissions definition tool. Under the premise of defining the system object, define the access type of the object in different situations, you want the object to have different access types in different situations, which requires the authority of the object. Defining permissions is to define object access control and data access control. For the expression, we will express P (O, T, P) to the permissions, where o represents the access object; T represents the type of access; P represents the predicate. Indicates that Types of Types can be performed for the object O for the predicate P to be true. One of the permissions definition system security management infrastructure, only gives various objects to define permissions for access to role configuration rights, role-based management can be possible. The system provides the definition authority tool, and the programmer defines the permissions of the object according to the actual needs. The flowchart of defined permissions is as follows:
3.2.2.2. Role Definition and Permissions Configuration Role Definition. The idea of role-based access control methods is to divide the authorization of the user into two parts, with a role to act as an intermediary for user driving privileges. In this way, two more-to-many relationships are formed between the user and the role and between the roles and the permissions. The system provides role definition tools allow users to define the corresponding roles based on their own needs (authority, position, and sharing rights and responsibilities). There is a corresponding inheritance between the characters. When a role R1 inherits another role R2, R1 automatically has access to R2 (R1-> R2). Role inheritance has naturally reflected the relationship between the internal rights and responsibilities of the organization, providing help for convenient authority management. The role inheritance provides means for the expansion and classification of an existing role, so that the new role can be performed on an existing role, and the expansion is to define the sub-role by adding the permissions of the parent role, and the classification is inherited by different sub-character The same parent role is reflected. There is also a multi-inheritance, that is, a role inherits a plurality of parent characters, and inherits more than the integrated ability to role. Role definition flow charts are as follows: Permissions Configuration. The role is a set of access rights, one user can be a member of a lot of characters, one role can also have many permissions, and one permissions can be repeated in multiple roles. Permission configuration work is one of the work steps of the permissions of the organizational role. Only when the role has the corresponding permissions, the user delegate can have practical meaning. Permission configuration flowcharts are as follows: 3.2.2.3. User, user group defines user-defined. The end user of the system is the user, so the user's authentication mechanism must be established to register the identity information of the user. Defining a logged in user operating system in the system is the system security management must step, and it is also an interface between people and systems. User group definition. In order to apply to the decentralized permission management, the concept of the user group is to refer to a collection of a group of users. Convenient authority management user groups can also delegate roles that automatically delegate the roles of the user's user groups when the user is accessed. In order to facilitate the decentralized privilege management system, it also supports the process of issuing the permission of the partial group, and the authorization specific user is managed by user privileges for user groups.
3.2.2.4. Permission Review After the authorization is completed, you can check the ability to log in to the user, and the permissions to the user are appropriate, such as uncomfortable can re-perform the processing of the user delegate and retract part of the permissions. At present, the system can only perform partial permission recovery processing on users managed to user group management. 3.2.2.5. The primary issue of security protection for user authentication institutions is to identify user identity. There are currently three ways available: First, use the user's physical characteristics (sound waves, fingerprints, appearance, signature). This is the most reliable in theory, but because physical characteristics may change over time and record is not mature, etc., this method has not widely used. Second, use the user's unique documents, such as ID cards, machine readable cards, and the disadvantage is that the documents may be replicated or raised by others. Third, the user knows that the user can prove the agreement of its identity (such as password). This is the currently common method. The system adopts the third method.
User name identifies other cases chendagood ... ... ... ... ...... ... ... as shown above is a list of registered registries saved by the user authentication agency. The username, the username in the table is usually disclosed. The logo is confidential. When the user wants to access the system, you must first register your own name and identifier into the system (ie the documents). At this time, the user authentication system mechanism checks if the user's identity is consistent with the identity in the table, it is considered that the user's identity is confirmed, otherwise it is considered to be counterfeit, the system will reject the operation of the user's request. The password is the most commonly used identification, usually in combination with several letters and numbers. The system only allows users to register two consecutive or three times. If they are not pair, wait for a longer time to be registered, this extension method can effectively prevent the possibility of campologists. 3.2.2.6. Access control mechanism Du absorbing system illegally accessing the main method is to access control. The access rule of the user system can be represented by access rules to authorize 0 users according to the security policy. Access control is to handle how to express and check access rules. In terms of form, an access rule can be written into the form of a quad group (U, O, T, P) prior to presence, represented by (u, p). The access control of the system is divided into modular level control and interface element control. Storage and check access rules are issues that access control agencies must be resolved. This system is for considering operational speed according to the role, permission configuration, user delegate and other relationships. One user capacity is saved in the system according to the configuration information changes by the system dynamically generated and saved. Capacity table (also known as C-table) is an effective form of storage and checking access rules. The capability table is the main body, which means that the body can perform what operations do to the access object. The basic form of the capabilities is as follows:
Sij (Oi1, Ti1, Pi1) .......... (Oij, Tij, Pij) where Si represents the number of data objects that j is accessible for Si; (OI1, TI1, PI1) for access rights . The collection of all the subjects of all the subjects is all all access rules of the system. When an access request is required to take effect, the subject matter is found itemial to determine whether it is valid by the main body of access request. Safety Management Control Core Security Management Core is the core control section of system security management. It controls the security control of the entire system in the system. It determines whether the system starts safety management. In what circumstances, invigo the access control organization, write according to the situation Access rules, how to apply existing access rules to control, storage access rules. 4. Systematic evaluation 4.1. System Features (self-evaluation) Safety management system core thinking is to extract improvements based on role control ideas, the above functional model can better have the system access control requirements proposed by product developers. The analysis is as follows: Realize the separation of responsibilities during system development, the safety management part of the system is used as the core control section of the entire system, separately separated to form all of the entire system universal security guidelines. Programmers do not have too much considerations when developing, only need to follow the security criteria of the system, but take the main energy to the system's business function. Effective use of systems have reduced system redundancy, making the system's condition more clearly. Simply set different feature parameters and implement different access type controls for various interface elements, different control effects can be generated without programmers. Based on the role to access the user group: Access control over a group of users is more reasonable, the user group represents a collection of users with similar working nature, and can delegate the role of the user group to control the user group. Permission range (of course, we can also see the role as a specific user group in our system). At the same time, the inheritance of the role is supported and inherited. By changing the user's current role set, you can change the user's permissions, and change the permissions of a certain role to change the permissions of a group of users, based on this role in this access control: (1) Simplified Permission management avoids authorization and cancel directly between users and data. Research shows that the permissions of the user are easy to change, and the permissions corresponding to some roles are more stable; (2) facilitating reasonable division of responsibilities, users only have their own permissions, so that the user group The relationship description is support for this; (c) Preventing power abuse, sensitive work assigned to several different users, the sequence of operations that require cooperation cannot be done by a single user. Support dynamically change the user's permissions: Safety management considers that access rights are not static, but dynamic. All subjects are used to represent a ternary group indicating that the access rules of the P (O, T, P) in the system are represented by the quadritical group (S, O, T, P). When the product system uses a workflow, the main body capability table can be dynamically modified by the product platform and the security management control of the core interface. Dynamically assign users to complete the privileges required for the current workflow link. Permissions Interrelation: Various permissions are not independent of each other but interconnect, and permissions can have some other user operations, which can describe related co-authority. The function is, for example, when authorizing read-only permissions to the data editing control, the user reclaims the user's data insertion and delete permissions, which allows the operation of other users, such as a user changes data, and the like. Provide a convenient authorization / cancel mechanism and inspection mechanism: You can complete the authorization as long as you make a simple assignment operation, and simultaneously manipulate the model of the model, and the main access rule control.
The authorization relationship between users: According to the role assignment relationship, the user in the running system itself can manage the role, which provides another means of dynamically changing user rights. Typically, the role assignment power is in the system of manageable responsibility in the system. Introduction
1.1. Keyword definition (definitions) Confinition Description: Safety management: Computer technology security management is wide, including network security, data security, operating system security, and application security. Most of the security management has already had a mature product, we only need to use the choice of selective use to achieve its own purpose. In this paper, the word "safety management" is only limited to the applications in the application of the company. Main body: You can issue an application requesting any entity like an application system, including a variety of users, other applications with interfaces of the system, illegal intruders. The system must have the ability to identify the subject, and the interface is actually registered by the user. Therefore, the main problem is the legality of the verification user identity, and the system should establish a user authentication body to verify the user identity. User: The user is a subject that can independently access data in the computer system or other resources represented by data, and we use users to represent a user collection. Users are generally referred to in general. Permissions: Permissions are licenses for access to data in computer systems or other resources represented by data. We use permission to represent a set of permissions. It can be divided into two types of object access control and data access control. Object Access Control: Use a binary group to represent: (control object, access type). The control object represents all resources that need access control in the system. We will introduce a complete set of resource representations to define and reference all kinds of resources that appear in the system (see later described later). The access type refers to access control of the corresponding controlled object, such as reading, modification, deletion, and more. Data Access Control: If you do not control data access, the security of the system is not guaranteed, and data leak events can be easily occurred. Therefore, the data that the object accessible must be accessed in different levels must be encrypted in different levels. We also expressed in a binary group: (control object, predicate). Permissions can eventually be combined into the following form: (control object, access type, predicate). Role: The role refers to the work or location in an organization or task, which represents a qualification, rights and responsibility. We use Roles to represent a set of roles. User delegation: User delegation is a binary relationship between Users and Roles. We use (U, R) to indicate that the user U is assigned a role R. Permissions Configuration: Permission Configuration is a binary relationship between Roles and Permiss, and we use (r, p) to indicate role R with a permission P. 2. Demand analysis According to our experience in the industry, refer to the successful experience of other peers, we have the ability to develop a set of functional and flexible and convenient safety management systems for our own application system. . The developers are liberated from the burden of privilege management to labor, and concentrate on the functional development of the application. Software engineers engaged in MIS project development experience through collecting companies have made the following summary of the needs of the safety of the corresponding system in various situations. The system should consider the following aspects in terms of security management. 2.1. Role and User Requirements: Role by User (Users "of this user and the next line" should not be the same definition, "customer" seems to be suitable? Yes, the user is indeed some of the customer who is partial to point to our contract But I think that "user" defined below does not exist in nature, because the customer is ultimately using the system in the system to use this system, the functionality that the user can complete is the customer's needs. Both Subtle differences between readers can define themselves through the contextual segmentation, depending on the business position, can define multiple roles. The login system, first requiring registration to the system, the same user can only register once in the system. The user is the wedge of the login system, the role is the basis of user rights.
Users can play multiple characters. When a role is granted to a user, the permissions cannot surpass the role permissions, but can be less than the role permissions. User Password and Database Access Password Encryption Analysis Description Each user is identified by a unique userid in the system. The user logs in the system through the system login interface, and the system verifies the user identity and determines whether the user has logged in to the system through the encryption algorithm. If you log in successfully Notify the Application Preference Service and the Security Management System Save User Login Information. The role is added by the user to add settings according to its own organization, providing a special module to set up an organization, and users are functional and implementation of various strategies through organizational organizations (defined. Sector Organism or later "mechanisms Collection ") Conveniently the role management. For example, the user can perform the role of the role through a departmental mechanism, and the department is marked in a hierarchical manner, each two of the numbered is one level. For example, the first-level department number is two, and the secondary department number is pushed down to this class until the whole factory agency is established. Such data is only for the user management role, and there is no meaning in other aspects of the system. Each role is also identified by a unique role number in the system, and must save the organization information set by the user. Generally, each role only needs to save the code of its own institution. 2.2. Menu Control Demand This menu is the system service function menu. The business function module list and the user menu are customized. Each user can have its own menu, or you can use the role default menu (when the user acts as a plurality of roles and the privilege, the repetition is only one effective) Analysis Description In order to facilitate the user to perform permission organization management, you need to be in the system A list of business function modules is established in the user interface as a tree hierarchical structure. The business function module is reflected in the user's custom menu, and is still numbered layered, each two of the numbered is one level. And indicate that a hierarchy is a submenu or a business module, and the submenu has only one permission setting that is accessible, and the service module permissions are set by the system administrator or authorized user. Set its object control for each business module, record the remembering control and recordset control. When the user has a certain permission to the business module, it is necessary to have permissions that can be accessed. When you delete a certain level menu, you will be prompted to be deleted with the function module. When the user acts as a plurality of roles and the permissions are repeated, the repetition privilege is valid, and the user owns the permissions of all the characters of all the characters. The user is displayed with the tree structure of the business function module when the user has the system authority query.
2.3. Object Control Demand object refers to a visual object in the application system window, such as menu items, buttons, drop-down list boxes, data editing controls, and data editing controls. Object control is implemented by role and user authorization. Object control includes control of the object attribute to the maintenance permission of data records in the data editing control: Object Properties: Enable / disable, visual / shielded record maintenance: increase, delete, modify a combination
Analysis Description The objects of each business module can be set by the programmer are set by programmers or guided by the after-sales technical support engineer. When a system administrator or an authorized user performs each permission of the business module, set the object properties when the user has the permissions of the service module. Objects without setting attributes are not saved in user permission information when saving object information.
2.4. The control of the recordset control demand record set is implemented by condition settings. Therefore, it is necessary to control the database table for the record set needs to set a special recordset filter field, and the filter criteria is set by the user according to the position of the post, establish a filter table, Unified management. Analysis Description When setting the service module permission to the user, the data filtering condition of the data editing control of this module is set in the filter table, the filter criterion is the WHERE condition clause that makes up the SQL statement forces the module currently accessed to edit the data according to the filter criteria. The SQL statement of the control is restructured and the data is retrieved. When there is a case where multiple items in the database are required, there is a plurality of records in the filter table, each record records a filter criterion of a data editing control. The generation of the WHERE clause of the SQL statement is analyzed by the SQL syntax analysis service that can be passed using the function provided by the object, intercept the WHERE condition clause, check the legality of the newly combined SQL statement. 2.5. Permission distribution management requirements The above mentioned authority management content should be satisfied with the goals that can be centrally managed and decentralized. Analysis Description Permission Management Vaults to the system administrator, the system administrator works too much, it is difficult to comprehensively and specific understanding of the division of labor in all positions, and the permissions are meticulously divided. For large management systems suitable for part of the settings The permissions are handed over to some advanced users, which is conducive to the work of each post. This is the dispersion management of permissions. To achieve the decentralized management of permissions, you must perform some authorization management on the authorization module, which requires authorization security management of the entire system to be meticulous, do not have permission vulnerabilities to make some advanced users have excessive permissions.
3. Scheme design 3.1. Safety Policy From the above-mentioned demand analysis, we need a set of effective and flexible security management solutions. It is necessary to adopt a variety of control mechanisms and password protection techniques. Safety protection strategies are guidelines for designing a secure and reliable system, usually involving the following aspects: distinguishing between security policies and security agencies. The strategy is the advanced guidance of information security, the strategy comes from detailed research on user requirements, equipment environment, institutional rules, legal constraints. The importance of strategies is guided. The agency is a collection of functions that implement and implement various strategies. Perfect institutions are the basis for implementing the correct security strategy. Therefore, the agency requires the institution to achieve different strategies so that there is no need to replace the security mechanism when the policy changes. Safety Strategy: Enterprise Information Management System is a large distributed data resource management system, which includes huge information volume and varying degrees of information sensitivity, users with access to demand, making their security management very complicated. Role-based system security control model is currently an internationally popular advanced security management control method. Our security management system also has selective absorption of some ideas based on its own needs. It is characterized by assigning and canceling the role to complete the grant and cancel of user privileges, and provide role allocation rules and operational inspection rules. Security managers define various roles as needed and set appropriate access rights, and users are assigned to different roles depending on their responsibilities and qualifications. Thus, the entire access control process is divided into two parts, that is, access rights associated with the role, the role is associated with the user, thereby realizing logic separation of the user and access rights, as shown in the following figure, the role can be seen as an expression access Controlling the semantic structure of control policies, it can represent qualifications for specific work. Since the logic separation of users and access rights is achieved, the role-based strategy is greatly convenient for permission management. For example, if a user's position changes, simply remove the user's current role, join the role representing new positions or new tasks. Studies have shown that changes between roles / privileges are much slower than the changes between roles / user relationships, and delegate users to roles without many technologies, they can be executed by administrative personnel, and configuring permission to role work. More complicated, requires certain techniques, can be borne by specialized technicians, but do not give them privileges, this is just consistent with the reality. In addition to facilitating permission management, role-based access control methods can also describe the role hierarchical relationship, implement the principle of minimum authority principles and responsibilities. Safety Protection Agency: The safety protection mechanism of this system is basically adapted to each other, and the overall structure of system protection is as follows: The protection mechanism should be responsible for preventing all physical damage and the user's possible operation, the latter is attributed to the main body. What kind of object can be used to access. Main body, access type, object is the responsibility of the main component security management we have to discuss: Safety management has two types of centralized management and dispersion management. The former means that all rights are mastered by a full-time person or group of system responsible for system security, and he (we) determines the user's access rights and control all aspects of system security. The latter refers to the different parties of different administrators to control the system security, and the management system has different parts, determine the access rights of different users, and even allow the object owner to transfer the rights of the access object, centralized management, safe and reliable but not flexible; dispersion Management should consider avoiding vulnerabilities and coordinated issues. This system is complicated for product authority assignments for large group enterprises, and uses a combination of centralized management and dispersion management. Access control strategy. It provides a basis for determining user access rights. One of the most important principles is "The need-to-know". In other words, only one job needs, is what he should know. It limits the user unnecessary access rights, which blocks many ways to break and leak data information.
The right to grant the user according to this principle is that the user can complete the minimum set of rights, so it is also called "minimum privilege strategy." Information flow control. It is extremely dangerous to limit users' access rights without considering data flow. For example, the supervisor of each department can only be attendance for the staff of our department, and all the data can be extracted, so it must be restricted when extracting data. Control data flow to prevent unauthorized users from accessing rights after data flow. Password transformation. For very confidential data, it can be converted to password storage, so that the intruder who does not know the password cannot decipher the resulting data password. Password transform can prevent leaks, but cannot protect data information is not damaged. Soft hard combination protection. This is the basic strategy of security protection. Many hard protection functions are difficult to implement, and some can be achieved even if they can be realized. Responsive response to security. Various protective institutions may be destroyed, so the system must formulate measures and disposal measures. 3.2. Safety Management Institutions Analysis 3.2.1. Schematic Function Framework Schematic of the Master Function Framework Interior Overall Function Frame
3.2.2. Responsibilities of the main function components 3.2.2.1. Object definition tool and permission definition tool object definition tool. Objects refer to various functional modules, data, interface elements, including menus, buttons, and other interfaces, etc., which are subject accessible to various objects that can be accessed. Since the degree of confidentiality of the object is not equal, there is also a difference. Objects in the system are defined in advance by programmers to define the objects to be controlled in advance by the object definition tool provided by the system. The system can only control these prior defined objects, so object definitions are the core steps of the entire system directly affect the respective security control sections behind. It is recommended to initialize the development programmer. Object definitions include the following steps: Function Module Definition: In addition to partially public interfaces, outside the public function module, other business function modules are the main considerational way for users to complete their different business functions, and we are also safe to protect The key object, so we must define the business function module. Well-defined function module objects We have possible organizational permissions to configure the user business feature menu according to the user needs to be completed, which is also in line with the "Minimum Privilege Policy". Interface element control: In addition to the function menu, if you want to control the interface element of the function module, its function module interface element also needs to be defined, most interface elements contain related business function operation, so the interface element for the corresponding operation is It is necessary to perform definitions. Data Information Control: Most interface elements of the business function module are the basis of displaying and operationing data content, and is also the main way for users to read data and operational data. For the security of data information, it is necessary to take the operation data of this interface element. Safety confidentiality measures. This requires related data constraints for these interface elements. Object Definition (Flow) Flowcharts are as follows
Permissions definition tool. Under the premise of defining the system object, define the access type of the object in different situations, you want the object to have different access types in different situations, which requires the authority of the object. Defining permissions is to define object access control and data access control. For the expression, we will express P (O, T, P) to the permissions, where o represents the access object; T represents the type of access; P represents the predicate. Indicates that Types of Types can be performed for the object O for the predicate P to be true. One of the permissions definition system security management infrastructure, only gives various objects to define permissions for access to role configuration rights, role-based management can be possible. The system provides the definition authority tool, and the programmer defines the permissions of the object according to the actual needs. The flowchart of defined permissions is as follows:
3.2.2.2. Role Definition and Permissions Configuration Role Definition. The idea of role-based access control methods is to divide the authorization of the user into two parts, with a role to act as an intermediary for user driving privileges. In this way, two more-to-many relationships are formed between the user and the role and between the roles and the permissions. The system provides role definition tools allow users to define the corresponding roles based on their own needs (authority, position, and sharing rights and responsibilities). There is a corresponding inheritance between the characters. When a role R1 inherits another role R2, R1 automatically has access to R2 (R1-> R2). Role inheritance has naturally reflected the relationship between the internal rights and responsibilities of the organization, providing help for convenient authority management. The role inheritance provides means for the expansion and classification of an existing role, so that the new role can be performed on an existing role, and the expansion is to define the sub-role by adding the permissions of the parent role, and the classification is inherited by different sub-character The same parent role is reflected. There is also a multi-inheritance, that is, a role inherits a plurality of parent characters, and inherits more than the integrated ability to role. Role definition flow charts are as follows: Permissions Configuration. The role is a set of access rights, one user can be a member of a lot of characters, one role can also have many permissions, and one permissions can be repeated in multiple roles. Permission configuration work is one of the work steps of the permissions of the organizational role. Only when the role has the corresponding permissions, the user delegate can have practical meaning. Permission configuration flowcharts are as follows: 3.2.2.3. User, user group defines user-defined. The end user of the system is the user, so the user's authentication mechanism must be established to register the identity information of the user. Defining a logged in user operating system in the system is the system security management must step, and it is also an interface between people and systems. User group definition. In order to apply to the decentralized permission management, the concept of the user group is to refer to a collection of a group of users. Convenient authority management user groups can also delegate roles that automatically delegate the roles of the user's user groups when the user is accessed. In order to facilitate the decentralized privilege management system, it also supports the process of issuing the permission of the partial group, and the authorization specific user is managed by user privileges for user groups.
3.2.2.4. Permission Review After the authorization is completed, you can check the ability to log in to the user, and the permissions to the user are appropriate, such as uncomfortable can re-perform the processing of the user delegate and retract part of the permissions. At present, the system can only perform partial permission recovery processing on users managed to user group management. 3.2.2.5. The primary issue of security protection for user authentication institutions is to identify user identity. There are currently three ways available: First, use the user's physical characteristics (sound waves, fingerprints, appearance, signature). This is the most reliable in theory, but because physical characteristics may change over time and record is not mature, etc., this method has not widely used. Second, use the user's unique documents, such as ID cards, machine readable cards, and the disadvantage is that the documents may be replicated or raised by others. Third, the user knows that the user can prove the agreement of its identity (such as password). This is the currently common method. The system adopts the third method.
User name identifies other cases chendagood ... ... ... ... ...... ... ... as shown above is a list of registered registries saved by the user authentication agency. The username, the username in the table is usually disclosed. The logo is confidential. When the user wants to access the system, you must first register your own name and identifier into the system (ie the documents). At this time, the user authentication system mechanism checks if the user's identity is consistent with the identity in the table, it is considered that the user's identity is confirmed, otherwise it is considered to be counterfeit, the system will reject the operation of the user's request. The password is the most commonly used identification, usually in combination with several letters and numbers. The system only allows users to register two consecutive or three times. If they are not pair, wait for a longer time to be registered, this extension method can effectively prevent the possibility of campologists. 3.2.2.6. Access control mechanism Du absorbing system illegally accessing the main method is to access control. The access rule of the user system can be represented by access rules to authorize 0 users according to the security policy. Access control is to handle how to express and check access rules. In terms of form, an access rule can be written into the form of a quad group (U, O, T, P) prior to presence, represented by (u, p). The access control of the system is divided into modular level control and interface element control. Storage and check access rules are issues that access control agencies must be resolved. This system is for considering operational speed according to the role, permission configuration, user delegate and other relationships. One user capacity is saved in the system according to the configuration information changes by the system dynamically generated and saved. Capacity table (also known as C-table) is an effective form of storage and checking access rules. The capability table is the main body, which means that the body can perform what operations do to the access object. The basic form of the capabilities is as follows:
Sij (Oi1, Ti1, Pi1) .......... (Oij, Tij, Pij) where Si represents the number of data objects that j is accessible for Si; (OI1, TI1, PI1) for access rights . The collection of all the subjects of all the subjects is all all access rules of the system. When an access request is required to take effect, the subject matter is found itemial to determine whether it is valid by the main body of access request. Safety Management Control Core Security Management Core is the core control section of system security management. It controls the security control of the entire system in the system. It determines whether the system starts safety management. In what circumstances, invigo the access control organization, write according to the situation Access rules, how to apply existing access rules to control, storage access rules. 4. Systematic evaluation 4.1. System Features (self-evaluation) Safety management system core thinking is to extract improvements based on role control ideas, the above functional model can better have the system access control requirements proposed by product developers. The analysis is as follows: Realize the separation of responsibilities during system development, the safety management part of the system is used as the core control section of the entire system, separately separated to form all of the entire system universal security guidelines. Programmers do not have too much considerations when developing, only need to follow the security criteria of the system, but take the main energy to the system's business function. Effective use of systems have reduced system redundancy, making the system's condition more clearly. Simply set different feature parameters and implement different access type controls for various interface elements, different control effects can be generated without programmers. Based on the role to access the user group: Access control over a group of users is more reasonable, the user group represents a collection of users with similar working nature, and can delegate the role of the user group to control the user group. Permission range (of course, we can also see the role as a specific user group in our system). At the same time, the inheritance of the role is supported and inherited. By changing the user's current role set, you can change the user's permissions, and change the permissions of a certain role to change the permissions of a group of users, based on this role in this access control: (1) Simplified Permission management avoids authorization and cancel directly between users and data. Research shows that the permissions of the user are easy to change, and the permissions corresponding to some roles are more stable; (2) facilitating reasonable division of responsibilities, users only have their own permissions, so that the user group The relationship description is support for this; (c) Preventing power abuse, sensitive work assigned to several different users, the sequence of operations that require cooperation cannot be done by a single user. Support dynamically change the user's permissions: Safety management considers that access rights are not static, but dynamic. All subjects are used to represent a ternary group indicating that the access rules of the P (O, T, P) in the system are represented by the quadritical group (S, O, T, P). When the product system uses a workflow, the main body capability table can be dynamically modified by the product platform and the security management control of the core interface. Dynamically assign users to complete the privileges required for the current workflow link. Permissions Interrelation: Various permissions are not independent of each other but interconnect, and permissions can have some other user operations, which can describe related co-authority. The function is, for example, when authorizing read-only permissions to the data editing control, the user reclaims the user's data insertion and delete permissions, which allows the operation of other users, such as a user changes data, and the like. Provide a convenient authorization / cancel mechanism and inspection mechanism: You can complete the authorization as long as you make a simple assignment operation, and simultaneously manipulate the model of the model, and the main access rule control.
