【正文】 角色溝通用戶(hù)與權(quán)限，提供了靈活的授權(quán)管理。通信經(jīng)營(yíng)信息系統(tǒng)由多個(gè)業(yè)務(wù)子系統(tǒng)組成，訪問(wèn)控制子系統(tǒng)以模塊化設(shè)計(jì)，通過(guò)接口靈活地為各個(gè)業(yè)務(wù)子系統(tǒng)提供訪問(wèn)控制管理。關(guān)鍵詞：通信經(jīng)營(yíng)信息系統(tǒng)，訪問(wèn)控制，角色，安全策略II / 76AbstractThe Market Management Information System (STMMIS, for short), which is used to manage the tele market management information by China Net Corporation LTD. ShanTou Branch, is a distributed management information system. With many departments and many users are involved, and much more sensitive data should be protected, STMMIS needs more security measures to keep the data from destroy, or be used in safety mode. Access control is an important part of security mechanisms used in management information system. Using access control, we can grant or deny a user to visit STMMIS according to the policy, whether he is legal or illegal for the system. Nevertheless, some traditional approaches, such as Discretionary Access Control and Mandatory Access Control, are not suitable for STMMIS where more sophisticated access control is needed. As a result, RBAC is adopted in the development of the access control system of STMMIS.The departments and the users that STMMIS involved spreading around in Chaosan, and the users who need to visit STMMIS are managed in the departments he worked in, so much more safety policy is used in STMMIS access control. Using the basic idea of RBAC, we can offer more flexible security measures in STMMIS access control by roles relationship. For the same user, the access permission is different when the operation he involved is in different status. Apart from an introduction to STMMIS, much of the efforts have been directed to postanalysis of the system access control. Having thoroughly studied existing RBAC models and the requirements of STMMIS access control, a few ideas are given to realize the access control policy, such as the separation of duties, leastprivilege assignment, permissions managed as dynamic objects, mutually exclusive relationship in role and others.STMMIS is consisted of several sub management information systems to fit the tele operations needed. The access control system is developed as a single module, municating with other operations module by the interface to provide safety access control management. Owing to much safety policy and the multiplicity of these policies which have been involved in STMMIS, formulas are introduced to describe the policies. III / 76By this means the access control system can provide a single framework to give much more safeguard by executing safety policies for STMMIS. Key Words: Market Management Information System, Access Control, Role, Safety policyIV / 76目 錄摘要 ...................................................................................................................IAbstract............................................................................................................II1 緒論 課題的來(lái)源和背景 ..............................................................................(1) 訪問(wèn)控制國(guó)內(nèi)外研究現(xiàn)狀 ..................................................................(2) 論文主要研究工作和組織結(jié)構(gòu) ..........................................................(6)2 通信經(jīng)營(yíng)信息系統(tǒng) 通信經(jīng)營(yíng)的業(yè)務(wù)特點(diǎn) ..........................................................................(8) 通信經(jīng)營(yíng)的管理特點(diǎn) ..........................................................................(8) 通信經(jīng)營(yíng)信息系統(tǒng)的需求 ..................................................................(9) 通信經(jīng)營(yíng)信息系統(tǒng)的硬件結(jié)構(gòu) ........................................................(11) 通信經(jīng)營(yíng)信息系統(tǒng)的軟件結(jié)構(gòu) ........................................................(13) 小結(jié) ....................................................................................................(19)3 基于角色訪問(wèn)控制技術(shù) 傳統(tǒng)的訪問(wèn)控制技術(shù) ........................................................................(20) 基于角色 的訪問(wèn)控制 ........................................................................(23) 小結(jié) ....................................................................................................(28)4 通信經(jīng)營(yíng)信息系統(tǒng)基于角色的訪問(wèn)控制策略 ...................................(29) 通信經(jīng)營(yíng)信息系統(tǒng)的安全需求 ........................................................(29) 通信經(jīng)營(yíng)信息系統(tǒng)的安全策略 ........................................................(31)V / 76 通信經(jīng)營(yíng)信息系統(tǒng)安全策略的管理 ................................................(33) 小結(jié) ....................................................................................................(38)5 通信經(jīng)營(yíng)信息系統(tǒng)安全策略的實(shí)施 通信經(jīng)營(yíng)信息系統(tǒng)的授權(quán) ................................................................(39) 訪問(wèn)控制系統(tǒng)的設(shè)計(jì) ........................................................................(46) 訪問(wèn)控制過(guò)程的管理 ........................................................................(58) 小結(jié) ....................................................................................................(61)6 全文總結(jié) 研究工作總結(jié) ....................................................................................(62) 有待解決問(wèn)題 ....................................................................................(63)致謝 .............................................................................................................(64)參考文獻(xiàn) .....................................................................................................(65)1 / 761 緒 論 課題的來(lái)源 和背景本文以中國(guó)網(wǎng)通汕頭分公司通信經(jīng)營(yíng)信息系統(tǒng)安全管理的研發(fā)為背景，對(duì)基于角色訪問(wèn)控制技術(shù)的應(yīng)用進(jìn)行研究。廣東分公司于 2022 年成立，是廣東電信市場(chǎng)的后入者。業(yè)務(wù)支撐系統(tǒng)包括營(yíng)業(yè)系統(tǒng)和收費(fèi)系統(tǒng)，是基于統(tǒng)一平臺(tái)的集業(yè)務(wù)受理、訂單調(diào)度、計(jì)費(fèi)、賬務(wù)、結(jié)算、統(tǒng)計(jì)為一體的綜合系統(tǒng)，是處理公司電信業(yè)務(wù)的信息平臺(tái)；內(nèi)部辦公系統(tǒng)包括 OA 系統(tǒng)和電子郵件系統(tǒng)，是公司內(nèi)部辦公和信息溝通的平臺(tái)。專(zhuān)業(yè)部門(mén)集中在公司總部，有市場(chǎng)、技術(shù)、財(cái)務(wù)、綜合，分別負(fù)責(zé)對(duì)口專(zhuān)業(yè)工作的管理。在業(yè)務(wù)支撐系統(tǒng)和內(nèi)部辦公系統(tǒng)投入使用后，汕頭公司營(yíng)業(yè)管理和內(nèi)部辦公信息都通過(guò)信息管理系統(tǒng)進(jìn)行處理，較大程度地改善公司內(nèi)部的工作效率。通信經(jīng)營(yíng)資料處理分散、格式缺乏統(tǒng)一、統(tǒng)計(jì)標(biāo)準(zhǔn)不同、可重用性差，難以形成有效的決策信息，給公司經(jīng)營(yíng)決策帶來(lái)較大影響。通信經(jīng)管信息系統(tǒng)主要對(duì)公司的通信經(jīng)營(yíng)業(yè)務(wù)信息進(jìn)行組織、管理，以完成公司銷(xiāo)售計(jì)劃為目的，按部門(mén)職責(zé)落實(shí)經(jīng)營(yíng)職責(zé)，對(duì)涉及經(jīng)營(yíng)管理的市場(chǎng)調(diào)查、市場(chǎng)2 / 76規(guī)劃、工程建設(shè)、資源管理、銷(xiāo)售管理等信息進(jìn)行處理、跟蹤、分析，及時(shí)對(duì)各個(gè)經(jīng)營(yíng)項(xiàng)目的實(shí)施情況進(jìn)行監(jiān)督。系統(tǒng)由多個(gè)業(yè)務(wù)模塊組成，各個(gè)業(yè)務(wù)模塊以獨(dú)立的組件形式開(kāi)發(fā)，通過(guò)統(tǒng)一的接口實(shí)現(xiàn)信息的交互。由于經(jīng)營(yíng)信息涉及面廣，數(shù)據(jù)量大，信息敏感程度各不相同，人員分散，部門(mén)眾多，決定了通信經(jīng)營(yíng)信息系統(tǒng)是一個(gè)大型分布式數(shù)據(jù)資源管理系統(tǒng)，其安全管理非常復(fù)雜。另一方面，由于市場(chǎng)競(jìng)爭(zhēng)的需要，業(yè)務(wù)流程和產(chǎn)品結(jié)構(gòu)的必要調(diào)整，要求通信經(jīng)營(yíng)信息系統(tǒng)有較好的可擴(kuò)