Design and Implementation of a Role-Based Access Control for Categorized Resource in Smart Community Systems

摘要

With the progressive development of smart communities, security of smart community systems becomes an important issue. Role-Based Access control is a way to solve this problem. However, existing implementations of role-based access control are not fine-grained, and it takes no account of category information of the resources. As every resource in the model was authorized in the same way, such a model cannot meet the security requirement of smart community systems. In this paper, we proposed an improved role-based access control model for categorized resources, in combination with special requirements of smart community systems. We designed a role-based access control model for categorized resources, which integrates the community category information in the definition of roles so as to limit the number of roles. The new model was fully implemented in a community management system with 14500 users from 14 communities. We compared our system to Spring Security, an existing security open source framework and demonstrated the advantages of our access control model.