检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]北京双洲科技有限公司,北京100101 [2]北京邮电大学网络空间安全学院,北京100876
出 处:《网络空间安全》2017年第8期43-47,共5页Cyberspace Security
基 金:北京市科技计划(D161100003316002);国家重点研发计划(2016YFB0800605)
摘 要:针对现有Web应用访问控制的不足,在基于角色的访问控制模型基础上提出一种基于代理的Web应用安全管控方法。首先,根据用户访问控制的需求,以页面为单位划分Web应用的业务功能,构建角色-功能的访问控制模型,实现用户对Web应用功能的细粒度访问控制;其次,对Web应用安全管控系统的整体架构及各功能模块进行设计,通过代理的方式在Web应用前端部署管控系统,控制用户对Web应用系统的所有访问行为,阻止未授权用户的Web应用访问,并最大程度减少对现有Web应用系统的改动;最后,对系统进行了实现,结果表明系统能有效地实现电子政务等Web应用的安全管控。Aiming at the shortcomings of access control models in current web systems, a web application security control framework based on proxy is proposed on the basic of role-based access control. Firstly,according to the requirements of user access control, the business functions of web application are divided by page, and a role-function access control model is built, which achieves fine-grained access control of web application functions. Secondly, we design the architecture of a web application security control system and its functional module, in which the control proxy is deployed in the front-end of web application, and it makes the access behavior of user to the web application functions is under control and the unauthorized access to the web application is blocked. In this way, it can minimize the changes to existing web applications. Finally, we implement the designed system and the result shows that the system can achieve effective security control of electronic government and other web applications.
分 类 号:TP393.09[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.49