计算机工程

• 安全技术 • 上一篇    下一篇

基于岗位映射的应急组织间跨域访问控制研究

彭 友1,宋 艳1,鞠 航1,王延章2   

  1. (1. 哈尔滨工程大学经济管理学院,哈尔滨 150001;2. 大连理工大学信息技术与决策支持研究所,辽宁 大连 116024)
  • 收稿日期:2014-02-13 出版日期:2014-06-15 发布日期:2014-06-13
  • 作者简介:彭 友(1981-),男,博士,主研方向:复杂信息系统,信息安全;宋 艳,教授、博士生导师;鞠 航,副教授;王延章,教授、博士、博士生导师。
  • 基金项目:
    国家自然科学基金资助重点项目(91024029);中国博士后基金资助面上项目(2013M540273)。

Study of Cross-domain Access Control Among Emergency Organizations Based on Position-mapping

PENG You 1, SONG Yan 1, JU Hang 1, WANG Yan-zhang 2   

  1. (1. School of Economics and Management, Harbin Engineering University, Harbin 150001, China; 2. Institute of Information Technology and Decision Support, Dalian University of Technology, Dalian 116024, China)
  • Received:2014-02-13 Online:2014-06-15 Published:2014-06-13

摘要: 突发事件由于其自身特点,需要多组织、多部门来完成相应的应对、协调、善后等应急管理活动,但当前基于RBAC模型的应急组织间跨域访问控制,存在权限循环继承冲突、职责分离冲突和异构冲突等安全问题。通过总结应急管理系统的实际开发经验,从组织管理的岗位出发,提出基于岗位映射的应急组织间跨域访问控制机制。在分析应急组织间跨域访问控制机制具体实现流程的基础上,讨论其如何有效解决上述安全冲突问题,并结合某市应急管理平台的实际处理流程,验证了该机制的正确性和可行性。

关键词: 应急管理, 跨域访问控制, 岗位映射, 多域, 权限管理, 信息安全

Abstract: Due to its characteristics, the emergency management needs a great deal of inter-operation and coordination in a multi-domain environment. But the current solution that based on the Role-based Access Control(RBAC) induces the following security conflicts, which are cyclic inheritance, separation of duties and modality conflicts. Through a large number of experiences in developing emergency management information systems, this paper uses the method of organizational management and proposes a multi-domain access control mechanism based on the position. Via the analysis of the specific implementation process, it focuses on the resolution to deal with the security conflict problems, and combining with the practical application case to test and verify its correctness and feasibility.

Key words: emergency management, cross-domain access control, position-mapping, multi-domain, authorization management, information security

中图分类号: