Research and Implementation of Data Authority Control Model Based on Organization
Computer Science

Computer Science ›› 2021, Vol. 48 ›› Issue (6A): 558-562.doi: 10.11896/jsjkx.200700127

• Interdiscipline & Application • Previous Articles     Next Articles

Research and Implementation of Data Authority Control Model Based on Organization

CHENG Xue-lin, YANG Xiao-hu, ZHUO Chong-kui   

  1. School of Software Technology,Zhejiang University,Ningbo,Zhejiang 315103,China
  • Online:2021-06-10 Published:2021-06-17
  • About author:CHENG Xue-lin,born in 1976,Ph.D,senior engineer,master supervisor,is a member of China Computer Federation.His main research interests include data mining and analysis,software engineering.
    ZHUO Chong-kui,born in 1996,postgraduate.His main research intersts include software engineering and data analysis.

PDF (PC)

1661

Abstract: Data permission control is an important aspect of software system security and quality,and is also an important part of permission management and authorized access of SaaS multi-tenant software system.The core requirements of data permission management are users set into different roles,which has corresponding data access scopes.If a general set of data permission control methods can be designed to reduce the complexity of authorization management and improve software system security,it has certain practical significance.The common SaaS basically uses the RBAC-based permission control component to meet the needs of user data permission control.However,RBAC is still relatively complicated in configuring of permissions,and the form of ODAC to control data permissions can simplify the configuration of permissions.Based on the theory of the RBAC authorization model,an organization-based data authority control model (Organization-Based Data Authority Control,ODAC) is proposed.In the ODAC model,various services provided by the SaaS multi-tenant software system are collectively called resources.Resources are divided into data-controlled resources and data-uncontrolled resources.When data-controlled resources are assigned to roles,the organizational structure that can access the resources is specified.When users under the SaaS service tenant organization access data,the system usesthe organizationcorresponding to the user role in the resource tenant,to achieve data access control.On this basis,the OADC model is implemented based on Spring MVC,Spring Security and MyBatis framework.Implemented with these mature frameworks,the data authority management system based on the OADC model shows good performance,guarantee for the realization of the data permission system,and reduces the difficulty of logic implementation.The model has been used in a variety of actual production systems,which has been verified to have good versatility and feasibility.

Key words: Access control, Controlled resources, Data permission, Organization structure, Role, SaaS

CLC Number: 

  • TP311
[1] 赵静,杨蕊,姜滦生.Web信息系统中的资源访问控制[J].计算机工程与设计,2010,31(15):3353-3389.
[2] 林伟炬,刘列根,张宇.一个通用的权限管理模型的设计方案[J].微计算机信息,2009,22(15):1-3.
[3] NAZERIAN F,MOTAMENI H,NEMATZADEH H.Emer-gency role-based access control (E-RBAC) and analysis of model specifications with alloy[J].Journal of Information Security and Applications,2019,45:131-142.
[4] GHAFOORIAN M,ABBASINEZHAD-MOOD D,SHAKERIH.A thorough trust and reputation based RBAC model for secure data storage in the cloud[J].IEEE Transactions on Parallel and Distributed Systems,2018,30(4):778-788.
[5] JIN X,KRISHNAN R,SANDHUR.A unified attribute-basedaccess control model covering DAC,MAC and RBAC[C]//IFIP Annual Conference on Data and Applications Security and Privacy.Springer,Berlin,Heidelberg,2012:41-55.
[6] MUDDIN M,ISLAM S,AL-NEMRAT A.A dynamic accesscontrol model using authorising workflow and task-role-based access control[J].IEEE Access,2019,7:166676-166689.
[7] QIANG Z,DONG C.Enhance the user data privacy for SAAS by separation of data[C]//2009 International Conference on Information Management,Innovation Management and Industrial Engineering.IEEE,2009,3:130-132.
[8] TIWARI P K,JOSHI S.Data security for software as a service[M]//Web-based services:Concepts,methodologies,tools,and applications.IGI Global,2016:864-880.
[9] JOHA A,JANSSEN M.Design choices underlying the software as a service (SaaS) business model from the user perspective:Exploring the fourth wave of outsourcing[J].Journal of Universal Computer Science,2012,18(11).
[10] TSAI W T,ZHONG P.Multi-tenancy and sub-tenancy architecture in software-as-a-service (SaaS)[C]//2014 IEEE 8th International Symposium on Service Oriented System Engineering.IEEE,2014:128-139.
[11] LOMOTEY R K,DETERS R.SaaS authentication middlewarefor mobile consumers of iaas cloud[C]//2013 IEEE Ninth World Congress on Services.IEEE,2013:448-455.
[12] BELIM S V,BOGACHENKO N F,KABANOV A N.Severity Level of Permissions in Role-Based Access Control[C]//2018 Dynamics of Systems,Mechanisms and Machines (Dynamics).IEEE,2018:1-5.
[13] PERMANA R I,SUROSO J S.Data Governance Maturity Assessment at PT.XYZ.Case Study:Data Management Division[C]//2018 International Conference on Information Management and Technology (ICIMTech).IEEE,2018:15-20.
[14] FERRISJ M.Providing access control to user-controlled re-sources in a cloud computing environment:U.S.Patent 8,984,505[P].2015-3-17.
[15] THOMPSON W J J,VAN DER WALT J S.Business intelligence in the cloud[J].South African Journal of Information Management,2010,12(1):1-15.
[1] GUO Peng-jun, ZHANG Jing-zhou, YANG Yuan-fan, YANG Shen-xiang. Study on Wireless Communication Network Architecture and Access Control Algorithm in Aircraft [J]. Computer Science, 2022, 49(9): 268-274.
[2] YANG Zhen, HUANG Song, ZHENG Chang-you. Study on Crowdsourced Testing Intellectual Property Protection Technology Based on Blockchain and Improved CP-ABE [J]. Computer Science, 2022, 49(5): 325-332.
[3] GUO Xian, WANG Yu-yue, FENG Tao, CAO Lai-cheng, JIANG Yong-bo, ZHANG Di. Blockchain-based Role-Delegation Access Control for Industrial Control System [J]. Computer Science, 2021, 48(9): 306-316.
[4] PAN Rui-jie, WANG Gao-cai, HUANG Heng-yi. Attribute Access Control Based on Dynamic User Trust in Cloud Computing [J]. Computer Science, 2021, 48(5): 313-319.
[5] HE Heng, JIANG Jun-jun, FENG Ke, LI Peng, XU Fang-fang. Efficient Multi-keyword Retrieval Scheme Based on Attribute Encryption in Multi-cloud Environment [J]. Computer Science, 2021, 48(11A): 576-584.
[6] CAO Meng, YU Yang, LIANG Ying, SHI Hong-zhou. Key Technologies and Development Trends of Big Data Trade Based on Blockchain [J]. Computer Science, 2021, 48(11A): 184-190.
[7] XU Kun, FU Yin-jin, CHEN Wei-wei, ZHANG Ya-nan. Research Progress on Blockchain-based Cloud Storage Security Mechanism [J]. Computer Science, 2021, 48(11): 102-115.
[8] WANG Jing-yu, LIU Si-rui. Research Progress on Risk Access Control [J]. Computer Science, 2020, 47(7): 56-65.
[9] GU Rong-Jie, WU Zhi-ping and SHI Huan. New Approach for Graded and Classified Cloud Data Access Control for Public Security Based on TFR Model [J]. Computer Science, 2020, 47(6A): 400-403.
[10] PAN Heng, LI Jing feng, MA Jun hu. Role Dynamic Adjustment Algorithm for Resisting Insider Threat [J]. Computer Science, 2020, 47(5): 313-318.
[11] WANG Hui, LIU Yu-xiang, CAO Shun-xiang, ZHOU Ming-ming. Medical Data Storage Mechanism Integrating Blockchain Technology [J]. Computer Science, 2020, 47(4): 285-291.
[12] QIAO Bo-wen,LI Jun-hui. Neural Machine Translation Combining Source Semantic Roles [J]. Computer Science, 2020, 47(2): 163-168.
[13] TU Yuan-fei,ZHANG Cheng-zhen. Secure and Efficient Electronic Health Records for Cloud [J]. Computer Science, 2020, 47(2): 294-299.
[14] QIAO Mao,QIN Ling. AB-ACCS Scheme for Revocation of Efficient Attributes in Cloud Storage Services [J]. Computer Science, 2019, 46(7): 96-101.
[15] WU Dai-yue, LI Qiang, YU Xiang, HUANG Hai-jun. Client Puzzle Based Access Control Model in Public Blockchain [J]. Computer Science, 2019, 46(4): 129-136.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.