摘要： 根据监狱信息系统功能模块多、用户数量大、人员调动频繁、信息机密性高的特点，提出了一种综合访问控制模型，给出了模型的形式化描述。该模型把MAC, RBAC, TRBAC有机地结合在一起，有可控性强和授权管理方便的特点。利用该模型，设计了权限管理子系统，给出了系统中权限管理的具体实现，解决了监狱系统中复杂的访问控制问题。

关键词: 访问控制, 权限管理, RBAC, MAC

Abstract: The prison information system is characterized by many modules, large number of users, frequent staff changes and information confidential. According to these characteristics, this paper proposes one kind of synthesis access control model and provides the model formalized description. This model organically unifies the MAC, RBAC and TRBAC, with the characteristics of strong controllability, easy authorization management. Using this model, it designs the authority management subsystem, and some implementation of authority management in the system are provided to solve the complex access control problem in the prison system.

Key words: access control, authority management, RBAC, MAC

中图分类号: 

• TP309