Nowadays the access control in a security office automation (OA) system focus on three layers of the International Standards Organization (ISO) sevenlayer architecture, namely the physical layer, the network layer and the application layer. Here new methods are adopted in a model where the system architecture is composed of Client/Server (C/S) and Browser/Server (B/S), such as the improved rolebased access control (RBAC) method with a correlation between the subjects and objects of the access course, the subdivision and restriction of administrator users, an integrated audit to database, as well as the distributed storage of the audit logs. Discriminating between the objects in the access control process in this way affords gradational security protection to national standards, and offers operational benefits.
{{custom_sec.title}}
{{custom_sec.title}}
{{custom_sec.content}}
References
[1]刘玉林, 王建新, 谢永志. 涉密信息系统风险评估与安全测评实施[J]. 信息安全与通信保密, 2007(1): 142-144.
Liu Y L, Wang J X, Xie Y Z. A study about secretinvolved information system ri
sk evaluation and security testing evaluation[J]. China Information Security,
2007(1): 142-144. (in Chinese)
[2]Ferraiolo D F, Cugini J A, Kuhn D R. Rolebased access control: Features and motivation[C]∥Proc of the 11th annual computer security application conf. Washington: IEEE Computer Society Press, 1995: 241-248.
[3]国家保密局. BMB17—2006涉及国家秘密的信息系统分级保护技术要求[S]. 北京: 中国标准出版社, 2006.
Administration for the Protection of State Secret. BMB17—2006 Gradational security protection technology requirements for classified information system[S]. Beijing: Standards Press of China, 2006. (in Chinese)
[4]于泠, 陈波, 肖军模. 多策略的工作流管理系统访问控制模型[J].系统过程理论与实践, 2009, 29(2): 1-158.
Yu L, Chen B, Xiao J M. Multipolicy access control model for workflow management system[J]. Systems EngineeringTheory & Practice, 2009, 29(2): 151-158. (in Chinese)
[5]马亮, 顾明. 基于角色的工作流系统访问控制模型[J]. 小型微型计算机系统, 2006, 27(1): 136-140.
Ma L, Gu M. Rolebased access control model for workflow systems[J]. MiniMicro Systems, 2006, 27(1): 136-140. (in Chinese)
{{custom_fnGroup.title_en}}
Footnotes
{{custom_fn.content}}