Role and Object Domain-Based Access Control Model for Graduate Education Information System

Abstract

With the booming of Chinese education informatization 2.0, East China Normal University proposes to design a new generation system of graduate education to provide better services for teachers and students. Within the graduate education system, ensuring system service availability and data security has become the primary challenge, and access control is one of the main strategies for Network security prevention and protection [1]. Hence, we proposed the role and object domain-based access control model (RDBAC) which specifies the object domain category for each role based on prior works. In the new model, when the account is assigned a role, the system specifies a specific object domain instance to achieve more fine-grained access control to student objects. Besides, on the basis of the formulation of RESTful [2] API specification and Trie tree, a matching algorithm is proposed to optimize the matching efficiency between access requests and URL patterns for more efficient system authorization. Furthermore, a comparison experiment with the regular method verifies that the Trie tree method has good performance on graduate education system including URL pattern construction, matching, and scalability. Our research also establishes that future advance of access control is a valuable avenue for education system development and will inspire much more design research for education information systems.