| PKI, Public-Key Infrastructure, can widely provide confidentiality, integrity, confidentiality, authentication and non-repudiation service in an insecurity environment. The problem is that after authentication what the users can do and how to do is not involved. PMI, Privilege Management Infrastructure, as an infrastructure, can build an authorization environment in system. Based on PKI, PMI defines the idea of who has resources and who has the right to manage it, which reflects the true-life and is propitious to widely apply. This paper takes a deep research in authorization area and builds a Role-based PMI system. The main contribution as follows: 1) Prompts the series of RBAAA0/1/2/3 models, RBAAA is the first character of Role-Based Authorization, Access-control and Audit; 2) Gives the formal specification of the models and the direction of expanding it. 3) Presents one of the realizations of RBAAA model: using attribute certificate of PMI system. Here introduces the concept of role to the PMI and gets the model of RPMI, Role-Based PMI. The theoretic foundation roots in RBAAA model. 4) Based on the model of RPMI, gives the total framework of PMI and its mechanism of realization based on PKI and the system component of modules. 5) According to the design of RPMI system, gives the key implementation of five sub-systems: Role-processing system, Certificate Service system, Privilege Validation system, Audit system and Manage system. 6) In the Privilege Validation system, the 'validation of certificate'is the most important function. As it is relatively independency and such importance, this paper take it out and make it a system named as MCCVA, Multi-Collaborative Certificate Validation Agent. 7) In the section of system implementation thoroughly describes the system security. From the analysis, this paper concludes that the system's security mainly depends on the PKI.So PKI-based RPMI system's security is fully guaranteed.
|
PDF Full Text Request