CN101964779A - Resource access control method and system based on capability maturity model - Google Patents
Resource access control method and system based on capability maturity model Download PDFInfo
- Publication number
- CN101964779A CN101964779A CN2009101576385A CN200910157638A CN101964779A CN 101964779 A CN101964779 A CN 101964779A CN 2009101576385 A CN2009101576385 A CN 2009101576385A CN 200910157638 A CN200910157638 A CN 200910157638A CN 101964779 A CN101964779 A CN 101964779A
- Authority
- CN
- China
- Prior art keywords
- maturity
- ability
- access control
- authority
- main body
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention provides a resource access control method based on a capability maturity model, comprising a measuring and authorizing step and an access control decision step, wherein the measuring and authorizing step is used for measuring capability and/or maturity, the authority of a host to a guest is authorized according to the capability and/or the maturity, wherein the capability points to the capability of the host aiming at the guest, and the maturity is used for describing the stable degree of the capability of the host aiming at the guest; and in the access control decision step, when the host requests to access the guest, the access control decision is carried out according to the authorized authority of the host and the needed authority of the guest. The invention also provides a resource access control system based on a capability maturity model. Because the capability and the maturity are introduced, the method and the system can sufficiently reflect the capability and the work maturity of the host and dynamically and constantly authorize the host according to the access behavior of the host to the guest, thereby dynamically and constantly controlling the access action of the host for the guest.
Description
Technical field
The present invention relates to computer software and network safety filed, specifically, relate to a kind of resource access control method and system based on Capability Maturity Model.
Background technology
Access control is a kind of method by certain approach explicitly allowance or limiting access ability and scope.Itself relates to subject and object visit, and in other words, access control assurance main body is used object controllably, legally.The main body here refers to visitors such as user, process, service, third party system, and object refers to the interface of system resource, user's operation, task, third party system or the like accessed target, and main body, object and access control relation are as shown in Figure 1.Access control is one of system core module, guarantees system resource controllably, use legally, and generally the visit by the restriction main object reaches and prevents that the disabled user from invading and preventing the validated user purpose that damages of operation accidentally.
International Organization for Standardization has defined five big security service functions in ISO7498-2: authentication service, access control service, data confidentiality service, data integrity sex service and undeniable sex service, wherein, access control service is based on the authentication service, system carries out identification and authentication by the authentication service to main body in advance, judge whether to allow the visit of main object then by access control service, reach the purpose of the visit of control main object.International Organization for Standardization is also classified access control one of as main contents in ISO17799 and ISO27001, therefore, access control is the pith of various modem computer systems, and has irreplaceable effect in network security architecture.
Quoting monitor is a kind of basic access controlling models, and security kernel is exactly a kind of realization of quoting monitor, is generally comprised within the system kernel, the access control that emphasis is responsible for synchronously, Inter-Process Communication, message transmit, and Fig. 2 is the structured flowchart of security kernel.Wherein, quote monitor and be responsible for monitoring and controlling the all-access behavior of main object, audit document is preserved the audit logging of all main object, comprise all access history daily records, the access control database is preserved authority, specifically may use access control matrix or resource access control tabulation (ACL), also may provide certificate to replace authority in some access control frameworks, for example, PMI framework.Security kernel must satisfy following three requirements: security kernel can be managed all visits, and security kernel can be protected and oneself not be subjected to have a mind to or accidental modification, and security kernel can be determined its validity by checking.
Generally speaking, design access control service needs to consider authority, mandate, authority is the permission that main object conducts interviews, mandate is the operation that the manager authorizes the authority of principal access object, relation between main body, object, authority, the mandate is different because of access control policy, introduce main body, object, access control matrix (ACM) from Lampson, the access control policy development divides four-stage:
1, the seventies is applied to access control model in the mainframe system 20th century six, is typically Bell-Lapadula model and HRU model.The Bell-Lapadula model is focused on the confidentiality of system, follow two basic rules: " not reading " and " not writing down ", realize forcing access control with this, prevent that the information with high level of security from flowing into other object of low level security, is mainly used in the military system.
2, U.S. Department of Defense (DoD) has clearly proposed the important function of access control in computer safety system in " the trusted computer safety evaluation standard (TCSEC) " announced in 1985, and points out that general access control mechanisms has two kinds: autonomous access control (DAC) and pressure access control (MAC).Autonomous access control (DAC) model feature is owner's full powers supervisor authority of object, and the grantee can transmit authority.Force access control (MAC) essence to be based on the unidirectional flow of information of lattice, its licensing process is: safety officer's predefine main body level of trust, object level of security, automatically authorize after the systematic comparison subject and object rank, but the safety officer can specially authorize.At present, DAC and MAC are used in various fields such as operating system, database.
3, the earliest the proposition of the access control based on the role (RBAC) model from 1992 to the RBAC Study of model, has successively proposed RBAC96, RBAC97, RBAC99 model to people such as Sandhu, again to the proposition of calendar year 2001 NIST RBAC standard.NIST RBAC reference model has carried out detailed research to the role, has introduced role's notion between user and access rights, for the RBAC model provides reference.Access control (RBAC) model based on the role uses role's isolating main bodies and object, the role is the set of authority, and authority is the operation permission of role to object, and main body and role, role and authority, authority and object, authority and four kinds of relations of operation all are many-to-many relationships.
4, after this, research to access control model expands to more areas, and more representational have: be applied to the access control model based on task (TBAC) in Workflow system or the distributed system, the RBAC model (T-RBAC) and the use control kernel model (UCON of oriented mission
ABC).Based on the access control model (TBAC) of task with access rights and task combination, each task all is the access process of main body rights of using to object, task executes authority and is consumed, can not conduct interviews to object again, authorize not only relevant with main body, object, and relevant with task definition, task status etc., access rights change along with task context.The RBAC of oriented mission has set up task and role's mapping relations, does not have role's defective thereby solve TBAC, and combines initiatively mandate and passive mandate.Use control kernel model (UCON
ABC) by J.Park, R.Sandhu proposed in 2004, this model by authorize, obligation, condition conduct interviews control decision, comprise 8 big assemblies: main body, main body attribute, object, object attribute, authority, mandate, obligation, condition, wherein, authorize to be based on that main body, object attribute and associative operation carry out, obligation is before the principal access object or the mandatory requirement in the principal access object process, condition is the relevant factor of environment or system, UCON
ABCModel is contained autonomous access control (DAC), is forced access control (MAC), digital copyright management (DRM) and credible management (TM).
Find out that from the development of above access control technology access control technology is from rudimentary to senior, from simple to developing gradually than complexity.In any case, every kind of access control model all has shortcoming separately.DAC causes administrative power to be disperseed, and is unfavorable for centralized management, also causes diffusion of information and leakage, has the situation of authority of office abuse.And MAC too emphasizes confidentiality, and system's continuous operation ability and manageability are considered that security leveldefinition is loaded down with trivial details, and is dumb, also is not suitable for the Internet inadequately.RBAC has solved the shortcoming of DAC and MAC, but also be not suitable for the modern system that becomes increasingly complex, especially relate to digital resource, privacy information, credible management, the Internet, workflow, distributed systems, also do not consider the influence of main body attribute and object attribute authorizing.Newer TBAC and T-RBAC revise RBAC, can be used for workflow, distributed system, but various dimensions, variable, connected reference controlled function still are not provided.It is the problem that solves traditional access control models such as RBAC that access control model of future generation proposes motivation, and the present still a kind of conceptual framework of this model is whole large and complete, does not also have concrete application scheme.
Summary of the invention
The technical problem to be solved in the present invention provides a kind of resource access control method and system based on Capability Maturity Model, has solved the main body ability of not considering of RBAC model and the problem that the ability degree of stability influences mandate.
In order to address the above problem, the invention provides a kind of resource access control method based on Capability Maturity Model, comprising:
Tolerance and authorisation step, being used for tolerance can dynamics and/or maturity, according to can dynamics and/or maturity authorize the authority of main object, wherein, can dynamics be meant the ability that main body has at object, maturity is described main body has ability at object degree of stability;
The access control steps in decision-making is when subject requests visit object, according to the control decision that conducts interviews of the authority of main body granted permission and object needs.
Further, said method also can have following characteristics, and in described tolerance and the authorisation step, also according to the behavior of principal access object, updating ability degree and/or maturity according to energy dynamics and/or the maturity after upgrading, are authorized the authority of main object.
Further, said method also can have following characteristics, in the described access control steps in decision-making, also the visit behavior with main object is recorded in the audit document, in described tolerance and the authorisation step, also updating ability degree and/or maturity after capacity gauge degree and/or the maturity data from described audit document and other necessary daily records automatically.
Further, said method also can have following characteristics, by definition ability rating and ability metric attribute definition energy dynamics, by defining ripe grade and ripe tolerance attribute definition maturity; In the described metrology step, after the capacity gauge metric attribute data, determine ability rating according to the ability rating division rule, collect ripe metric attribute data after, determine ripe grade according to ripe grade classification rule.
Further, said method also can have following characteristics, and described method also comprises, initialization step is used for service body and object, authorizes initial rights, and main body, object and initial rights are kept in the access control database.
The present invention also provides a kind of resource access control system based on Capability Maturity Model, comprises quoting monitor module and backstage measure statistical module, wherein:
Described backstage measure statistical module, being used for tolerance can dynamics and/or maturity, according to can dynamics and/or maturity authorize the authority of main object, wherein, can dynamics be meant the ability that main body has at object, maturity is described main body has ability at object degree of stability;
The described monitor of quoting is used for when subject requests visit object, according to the control decision that conducts interviews of the authority of main body granted permission and object needs.
Further, said system also can have following characteristics, and described backstage measure statistical module also is used for the behavior according to the principal access object, and updating ability degree and/or maturity according to energy dynamics and/or the maturity after upgrading, are authorized the authority of main object.
Further, said system also can have following characteristics, and the described monitor of quoting also is used for the visit behavior of main object is recorded in audit document;
Described backstage measure statistical module also is used for automatically updating ability degree and/or maturity after audit document and other necessary daily record capacity gauge degree and/or the maturity data.
Further, said system also can have following characteristics, described backstage measure statistical module, also be used for measuring as follows ability and/or maturity: after the capacity gauge metric attribute data, determine ability rating according to the ability rating division rule, after collecting ripe metric attribute data, determine ripe grade according to ripe grade classification rule.
Further, said system also can have following characteristics, and described system also comprises the administration authority module, is used for service body and object, authorizes initial rights, and main body, object and initial rights are kept in the access control database.
The present invention is incorporated into the ability maturity in the access control, thereby systems such as solution call center are to the licensing issue of main body ability and degree of stability sensitivity thereof, compare with traditional access control methods such as RBAC, the method of the invention and system, owing to introduced energy dynamics and maturity, can demonstrate fully the ability and the work maturity of main body, visit behavior according to main object, authorize main body on dynamic continuance ground, thereby dynamically control the visit behavior of main object constantly, reach meticulous and accurately control the purpose of the visit behavior of main object.
Description of drawings
Fig. 1 has described the relation between main body object and the access control;
Fig. 2 has described the structure of typical access control module (security kernel);
Fig. 3 has described resource access control schematic diagram of the present invention;
Fig. 4 has described resource access control system structured flowchart of the present invention;
Fig. 5 has described resource access control method flow chart of the present invention.
Embodiment
Further describe the present invention below in conjunction with drawings and Examples.
Main thought of the present invention is, introducing can dynamics and/or maturity, can dynamics and/or the maturity control decision that conducts interviews according to main body, can dynamics and/or the tolerance of maturity finish automatically, thereby reach access control various dimensions, variable, that continue.
The present invention proposes a kind of Capability Maturity Model, introduces energy dynamics and/or maturity, and the energy dynamics is high more, and ability is just high more, and maturity is high more, and ability level rises and falls more little.Energy dynamics and maturity are the variable factor of subjective role in object, in the time-continuing process of principal access control object, energy dynamics and maturity change constantly, access decision is determined by the various dimensions factor, except energy dynamics and maturity, also may comprise role hierarchy, constraint in the RBAC model, also may comprise obligation and condition in the UCON model.Capability Maturity Model and do not conflict such as RBAC, UCON model.
Resource access control method based on Capability Maturity Model of the present invention may further comprise the steps:
Step 110, definition can dynamics and maturity
Ability that main body has at object can dynamics be described (for example, professional ability, service ability), the ability that definition energy dynamics has from main body, complete description main body ability, need to consider the type of service of main body at object, for example, main body is examined the worker who accepts on the foreground in Workflow system single, and the energy dynamics just and main body is examined the speed of worker's list, the error rate of main body audit worker list has substantial connection.
A kind of method of typical definition energy dynamics is definition ability rating and ability metric attribute.At this, we provide the energy dynamics definitions example of the artificial service system of call center, and are as follows: the ability metric attribute typically comprises service number when busy, service times when busy, service duration when busy, on average put in order duration, serve total duration, type of service, subservice type weekly; The typical case of ability rating divides: the new employee, qualified, on duty, skillfully, senior, the expert, the technical capability of " new employee " is lower, do not understand tissue, do not understand professional knowledge, the computer operation ability may be lower, the technical capability of " qualified " gets a promotion, participated in professional training, approval organization value sees, and can and work together to cooperate, and computer operation can be improved with practice, the approval that the technical capability of " on duty " obtains organizing, proved qualification on duty through necessary practice, understood management process and system, the computer operation ability is skilled, the technical capability of " skillfully " is very high, obtain higher prestige in the tissue through long-term endeavour, be familiar with management process and system details, be proficient in the computer operation technology, the technical capability of " expert " arrives professional rank, be proficient in this specialty, have a far reaching influence, even can propose to improve the suggestion of management process and system organizing other staff.
Maturity is described main body has ability at object degree of stability, the definition maturity is from principal access client's the supervision of quoting, degree of stability when complete description main body is operated in certain period in the past, especially whether fundamental errors appears, also can consider the type of service of main body at object, for example, main body is the typing customer information in portal website, maturity just and main body typing customer information mistake bar number substantial connection is arranged.
A kind of method of typical definition maturity is ripe grade of definition and ripe metric attribute.At this, we provide the maturity definitions example of the artificial service system of call center, and are as follows: ripe metric attribute typically comprises customer satisfaction, quality inspection evaluation, is complained number of times.The typical case of ripe grade divides: 1 grade, 2 grades, 3 grades, 4 grades, 5 grades, roughly can distinguish corresponding with qualified, on duty, skilled, senior, the expert of energy dynamics, but the division of ripe grade is according to different, " 1 grade " is less satisfactory, client, quality inspection, leader's evaluation is not high, " 2 grades " are the good this or that of energy Coordination Treatment substantially, become more ripe, " 3 grades " personnel's of each side evaluation is all good, " 4 grades " personnel's of each side evaluation is all outstanding, " 5 grades " make us enjoying a lot, and each side estimates and all reached the best.
Step 120, the definition authority is according to the authority of the corresponding object of type of service extraction main body.
At first, identification main body.Need recognition system to relate to the crowd, find out who, tissue or other system and need visit object, for example, the main body of Workflow system access control may comprise the person of accepting, auditor, processing person, return visit person, filing person, keeper, for streamlining management, also can further consider group, department.
Then, identification object.The resource, the operation that need recognition system to provide, for example, resource generally includes data, object, incident of IT system etc., also comprise CPU, internal memory of server etc., operation generally includes reading and writing, management and the task dispatching to resource, for streamlining management, also can further be divided into type of service, herein, type of service is the set of some related resource and operation.
At last, identification authority.Need to extract the permissions of sign principal access object, and consider the empowerment management and the storage of authority.Can introduce right management method and storage means that traditional access control technology uses, for example, adopt access control matrix to preserve the authority of main body, object, adopt the role that authority is carried out assembled classification.
Step 130, rights management is carried out authority according to authority definition and is authorized.
At first, need the identification keeper, the keeper is responsible for work such as the authorizing of authority, main body maintenance, object maintenance.
Secondly, need provide the rights management instrument to the keeper, the auxiliary keeper of this instrument finishes the authorizing of authority, main body is safeguarded, object is safeguarded, authorizes initial rights, work such as manual granted rights.
Step 140, tolerance can dynamics and maturity
Be meant that specifically according to the definition capacity gauge degree and the maturity data of energy dynamics and maturity, tolerance can dynamics and maturity.Further comprise, according to the behavior of principal access object, updating ability degree and maturity.The method of concrete updating ability degree and maturity is that the behavior record of principal access object is in audit document, according to automatic capacity gauge degree of the relevant daily record with other of audit document and maturity data, updating ability degree and maturity.
Capacity gauge degree and maturity data can periodically be carried out, and perhaps, carry out when the behavior of principal access object arrives in advance given threshold value, perhaps, reach other and carry out when pre-conditioned, and the present invention does not limit this.
Among the present invention, can increase backstage measure statistical module and finish automatic collection function, if using, system quotes monitor, then measure statistical module in backstage is being quoted the auxiliary automatic analysis review file down of monitor, extractability degree and maturity data, tolerance energy dynamics and maturity are used for the access control decision-making.Among the present invention, according to automatic updating ability degree of the visit behavior of main object and maturity, authorize according to energy dynamics and the maturity upgraded, thereby can follow the tracks of the ability of main body and the maturity of working, the meticulous visit behavior of controlling main object accurately.
We provide the energy dynamics of the artificial service system of call center to collect example automatically, backstage measure statistical module is extracted the service duration, arrangement duration, type of service, subservice type of each calling etc. from Audit data, service number when then by date, type of service, subservice type statistics are busy, service times when busy, service duration when busy, on average put in order duration, serve total duration etc. weekly, and, divide the operator and belong to which ability rating according to the ability rating division rule.
Step 150, dynamic authorization constantly
In step 140, according to the behavior of principal access object, automatically updating ability degree and maturity, in this step, the authority of authorizing main object according to the energy dynamics of upgrading and maturity, thus reach the authority of dynamically authorizing main object constantly.
We provide the dynamic authorization example of the artificial service system of call center, resource access control tabulation (ACL) comprises resource number, manual service personnel's job number, ability rating scope, ripe rate range, type of service, operation License Number, backstage measure statistical module collect every day can dynamics and the maturity data after, automatically be written among the ACL, define fields such as corresponding ability rating scope, ripe rate range, type of service according to manual service personnel job number updating ability degree and maturity.
Step 160, control decision conducts interviews
When subject requests visit object, according to the control decision that conducts interviews of the authority of main body granted permission and object needs, decision process is as follows: the authority of at first obtaining the object correspondence, judge then whether main body has these authorities, if main body has the desired authority of object, then permit the visit behavior of main object.
We provide the access control decision-making example of the artificial service system of call center, resource access control tabulation (ACL) comprises resource number, manual service personnel's job number, ability rating scope, ripe rate range, type of service, operation License Number, from ACL, obtain the operation License Number, allow the main body of manual service personnel job number correspondence the object of resource number correspondence to be operated the operation of License Number correspondence then according to resource number, manual service personnel's job number, ability rating scope, ripe rate range, type of service.
Fig. 3 is a resource control schematic diagram of the present invention, comprise tolerance energy dynamics maturity, decision-making access permission, granted rights and quote supervision, tolerance can the use of dynamics maturity be quoted the result of supervision, the decision-making access permission uses the result of tolerance ability degree maturity (to use indirectly, granted rights is used the result of tolerance ability degree and maturity, and the decision-making access control is based on the result of granted rights).
Fig. 4 is the resource access control system based on Capability Maturity Model that the present invention proposes, and comprising: quote monitor module, backstage measure statistical module and administration authority module, wherein:
The described monitor module of quoting is responsible for monitoring and controlling the all-access behavior of main object, and it is write in the audit document, and wherein, audit document is preserved the audit logging of all main object, comprises all access history; Main body is such as visitors such as user, process, service, third party systems; Object is the accessed targets such as interface such as system resource, user's operation, task, third party system;
Described backstage measure statistical module, be used for tolerance energy dynamics and/or maturity, according to can dynamics and/or maturity authorize the authority of main object, specifically comprise, behavior according to the principal access object, updating ability degree and/or maturity according to energy dynamics and/or the maturity after upgrading, are authorized the authority of main object; Wherein, updating ability degree and/or maturity are meant, according to audit document and other necessary daily record extractability degree and maturity data, updating ability degree and maturity; Wherein, can dynamics be meant the ability that main body has at object, maturity is described main body has ability at object degree of stability;
Described administration authority module is responsible for service body, object, authorizes initial rights, during main body, object and initial rights write-access are controlled database; Also be used for the manual authority of safeguarding, change authority as required such as the keeper, the authority after the change is deposited in the access control database, wherein, by the keeper administration authority module is operated, the keeper is a system operator of being responsible for work such as the authorizing of authority, main body maintenance, object maintenance.The access control database is preserved authority.
Fig. 5 is the concrete implementation step of resource access control method of the present invention, comprising:
Step 503, the keeper authorizes by the administration authority module is manual, comprises the initial rights that some must be authorized;
Initial rights is convenient to user's (main body) visit for the first time, for example, the new employee enters company, maturity and maturity are minimum, initial rights can only be authorized the search access right that the landline telephone obstacle is subjected to the science and engineering list, treat that the new employee grows up after, system promotes authority automatically or gives other authorities, whether maturity and maturity tolerance are used in growth, in fact analyze from audit document.Also can the manual modification mandate, for example, system authorizes the search access right of certain employee big customer information automatically according to maturity and maturity, and the keeper can authorize the modification authority of this employee big customer information by hand.
Step 505 is quoted monitor and is obtained main body, object, visit behavior by supervision;
Step 506 is quoted monitor obtains corresponding main body, object, visit behavior from the access control database information;
Step 507 is quoted monitor according to the information that obtains in the step 506 control decision that conducts interviews;
The access control decision-making is judged according to the authority of main body granted permission and object needs, decision process is as follows: the authority of at first obtaining the object correspondence, judge then whether main body has these authorities,, then permit the visit behavior of main object if main body has the desired authority of object.
Step 508 is quoted monitor the visit behavior of main object is write audit document;
In the various embodiments described above, used maturity and can dynamics simultaneously, also can only use can dynamics and maturity, concrete grammar with use maturity and similar can dynamics the time, repeat no more herein.
The method of the invention and system, owing to introduced energy dynamics and maturity, demonstrate fully the ability and the work maturity of main body, authorize main body on dynamic continuance ground, thereby dynamically control the visit behavior of main object constantly, reach meticulous and accurately control the purpose of the visit behavior of main object.
Claims (10)
1. the resource access control method based on Capability Maturity Model is characterized in that, comprising:
Tolerance and authorisation step, being used for tolerance can dynamics and/or maturity, according to can dynamics and/or maturity authorize the authority of main object, wherein, can dynamics be meant the ability that main body has at object, maturity is described main body has ability at object degree of stability;
The access control steps in decision-making is when subject requests visit object, according to the control decision that conducts interviews of the authority of main body granted permission and object needs.
2. the method for claim 1 is characterized in that, in described tolerance and the authorisation step, also according to the behavior of principal access object, updating ability degree and/or maturity according to energy dynamics and/or the maturity after upgrading, are authorized the authority of main object.
3. method as claimed in claim 2, it is characterized in that, in the described access control steps in decision-making, also the visit behavior with main object is recorded in the audit document, in described tolerance and the authorisation step, also updating ability degree and/or maturity after capacity gauge degree and/or the maturity data from described audit document and other necessary daily records automatically.
4. the method for claim 1 is characterized in that, by definition ability rating and ability metric attribute definition energy dynamics, by defining ripe grade and ripe tolerance attribute definition maturity; In the described metrology step, after the capacity gauge metric attribute data, determine ability rating according to the ability rating division rule, collect ripe metric attribute data after, determine ripe grade according to ripe grade classification rule.
5. the method for claim 1 is characterized in that, described method also comprises, initialization step is used for service body and object, authorizes initial rights, and main body, object and initial rights are kept in the access control database.
6. the resource access control system based on Capability Maturity Model is characterized in that, comprise quoting monitor module and backstage measure statistical module, wherein:
Described backstage measure statistical module, being used for tolerance can dynamics and/or maturity, according to can dynamics and/or maturity authorize the authority of main object, wherein, can dynamics be meant the ability that main body has at object, maturity is described main body has ability at object degree of stability;
The described monitor of quoting is used for when subject requests visit object, according to the control decision that conducts interviews of the authority of main body granted permission and object needs.
7. system as claimed in claim 6 is characterized in that, described backstage measure statistical module also is used for the behavior according to the principal access object, and updating ability degree and/or maturity according to energy dynamics and/or the maturity after upgrading, are authorized the authority of main object.
8. system as claimed in claim 7 is characterized in that,
The described monitor of quoting also is used for the visit behavior of main object is recorded in audit document;
Described backstage measure statistical module also is used for automatically updating ability degree and/or maturity after audit document and other necessary daily record capacity gauge degree and/or the maturity data.
9. system as claimed in claim 6, it is characterized in that, described backstage measure statistical module, also be used for measuring as follows ability and/or maturity: after the capacity gauge metric attribute data, determine ability rating according to the ability rating division rule, after collecting ripe metric attribute data, determine ripe grade according to ripe grade classification rule.
10. system as claimed in claim 6 is characterized in that described system also comprises the administration authority module, is used for service body and object, authorizes initial rights, and main body, object and initial rights are kept in the access control database.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009101576385A CN101964779A (en) | 2009-07-21 | 2009-07-21 | Resource access control method and system based on capability maturity model |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009101576385A CN101964779A (en) | 2009-07-21 | 2009-07-21 | Resource access control method and system based on capability maturity model |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101964779A true CN101964779A (en) | 2011-02-02 |
Family
ID=43517515
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009101576385A Pending CN101964779A (en) | 2009-07-21 | 2009-07-21 | Resource access control method and system based on capability maturity model |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101964779A (en) |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102222186A (en) * | 2011-05-31 | 2011-10-19 | 华南师范大学 | Real-time-control-oriented client-side system for protecting digital copyright of electronic book and implementation method thereof |
| CN103077426A (en) * | 2013-01-17 | 2013-05-01 | 深圳市易聆科信息技术有限公司 | Method and system for assisted assessment of information security capacity maturity |
| CN103793220A (en) * | 2012-10-26 | 2014-05-14 | 国际商业机器公司 | Method and apparatus for modeling software license using metamodel |
| WO2015024447A1 (en) * | 2013-08-22 | 2015-02-26 | Tencent Technology (Shenzhen) Company Limited | Methods and systems for secure internet access and services |
| CN106936629A (en) * | 2017-02-20 | 2017-07-07 | 武汉烽火技术服务有限公司 | A kind of gate inhibition's authorization management method and system based on credit system |
| CN108092945A (en) * | 2016-11-22 | 2018-05-29 | 中兴通讯股份有限公司 | Definite method and apparatus, the terminal of access rights |
| CN111027093A (en) * | 2019-11-22 | 2020-04-17 | 贝壳技术有限公司 | Access right control method and device, electronic equipment and storage medium |
| CN111625842A (en) * | 2019-02-28 | 2020-09-04 | 武汉朗立创科技有限公司 | Permission control system based on RBAC |
| CN112989429A (en) * | 2021-05-18 | 2021-06-18 | 长扬科技(北京)有限公司 | Method and device for controlling forced access |
| CN113721897A (en) * | 2021-08-03 | 2021-11-30 | 中国航空工业集团公司沈阳飞机设计研究所 | Modeling method based on OPM |
| CN115310876A (en) * | 2022-10-11 | 2022-11-08 | 南京国睿信维软件有限公司 | Maturity management method based on configurable business rule |
| CN112836237B (en) * | 2021-02-05 | 2023-08-15 | 广州海量数据库技术有限公司 | Method and system for performing forced access control in content database |
-
2009
- 2009-07-21 CN CN2009101576385A patent/CN101964779A/en active Pending
Cited By (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102222186A (en) * | 2011-05-31 | 2011-10-19 | 华南师范大学 | Real-time-control-oriented client-side system for protecting digital copyright of electronic book and implementation method thereof |
| CN103793220A (en) * | 2012-10-26 | 2014-05-14 | 国际商业机器公司 | Method and apparatus for modeling software license using metamodel |
| CN103077426A (en) * | 2013-01-17 | 2013-05-01 | 深圳市易聆科信息技术有限公司 | Method and system for assisted assessment of information security capacity maturity |
| WO2015024447A1 (en) * | 2013-08-22 | 2015-02-26 | Tencent Technology (Shenzhen) Company Limited | Methods and systems for secure internet access and services |
| US9491182B2 (en) | 2013-08-22 | 2016-11-08 | Tencent Technology (Shenzhen) Company Limited | Methods and systems for secure internet access and services |
| CN108092945B (en) * | 2016-11-22 | 2022-02-22 | 中兴通讯股份有限公司 | Method and device for determining access authority and terminal |
| CN108092945A (en) * | 2016-11-22 | 2018-05-29 | 中兴通讯股份有限公司 | Definite method and apparatus, the terminal of access rights |
| CN106936629A (en) * | 2017-02-20 | 2017-07-07 | 武汉烽火技术服务有限公司 | A kind of gate inhibition's authorization management method and system based on credit system |
| CN106936629B (en) * | 2017-02-20 | 2019-07-09 | 武汉烽火技术服务有限公司 | A kind of gate inhibition's authorization management method and system based on credit system |
| CN111625842A (en) * | 2019-02-28 | 2020-09-04 | 武汉朗立创科技有限公司 | Permission control system based on RBAC |
| CN111027093A (en) * | 2019-11-22 | 2020-04-17 | 贝壳技术有限公司 | Access right control method and device, electronic equipment and storage medium |
| CN112836237B (en) * | 2021-02-05 | 2023-08-15 | 广州海量数据库技术有限公司 | Method and system for performing forced access control in content database |
| CN112989429B (en) * | 2021-05-18 | 2021-08-17 | 长扬科技(北京)有限公司 | Method and device for controlling forced access |
| CN112989429A (en) * | 2021-05-18 | 2021-06-18 | 长扬科技(北京)有限公司 | Method and device for controlling forced access |
| WO2022242034A1 (en) * | 2021-05-18 | 2022-11-24 | 长扬科技(北京)有限公司 | Mandatory access control method and apparatus |
| CN113721897A (en) * | 2021-08-03 | 2021-11-30 | 中国航空工业集团公司沈阳飞机设计研究所 | Modeling method based on OPM |
| CN115310876A (en) * | 2022-10-11 | 2022-11-08 | 南京国睿信维软件有限公司 | Maturity management method based on configurable business rule |
| CN115310876B (en) * | 2022-10-11 | 2023-04-14 | 中国航空工业集团公司成都飞机设计研究所 | Maturity management method based on configurable business rule |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101964779A (en) | Resource access control method and system based on capability maturity model | |
| US9602515B2 (en) | Enforcing alignment of approved changes and deployed changes in the software change life-cycle | |
| Lewis et al. | DIGITAL AUDITING: Modernizing the Government Financial Statement Audit Approach. | |
| CN114372098A (en) | Platform and method for protecting and mining power data middling station private data based on privileged account management | |
| CN118114301A (en) | File processing method and system based on digital information security | |
| CN114205118A (en) | Data access control analysis method based on data security method category | |
| Kurniawati | Red Flags to Detect Fraudulent Financial Reporting in Indonesian Banking Sector | |
| Lutui et al. | The relevance of a good internal control system in a computerised accounting information system | |
| Anderson et al. | An enterprise level security requirements specification model | |
| CN118051477B (en) | Archives integrated management system for archives room | |
| CN117633766B (en) | Service data authority granting method based on tree structure | |
| CN117726435B (en) | Image data management method and system | |
| CN118229032B (en) | Self-adaptive enterprise data management method and system based on business dynamic change | |
| CN115471304A (en) | Method for organizing data asset confirmation | |
| CN118821093A (en) | Role data management method and device based on three members of system | |
| Rudowski et al. | Decision support system for information systems security audit (WABSI) as a component of IT infrastructure management | |
| Illiashenko | Accounting and analytical system of the enterprise in the aspect of information security | |
| Zhezhnych et al. | On restricted set of DML operations in an ERP System’s database | |
| Galang et al. | Philippine Social Security System: An Evaluation Of Strategic Approach To Digital Services | |
| Merscheid | Practical Combination of IT Security, Risk Management, and EU Data Protection (GDPR) | |
| Yunisa et al. | Analysis Of Internal Control Of The Cash Management System In Medan Mayor's Office | |
| Constantin et al. | Increasing Performance By Flexibile Management Of The Database | |
| Kakwani et al. | Enhancing Audit and Compliance in Branch Banking: The Impact of Digitization and Artificial Intelligence at ICICI Bank, Vidarbha | |
| Tărchilă | Protection of Personal Data for Individuals on the Territory of the Union of Europe | |
| Song et al. | Enterprise internal controlling risks and prevention within ERP system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20110202 |