| Access Control is an important field in network security research. There're two traditional access control machanism, Discretionary Access Control, and Mandatory Access Control, which both cannot meet the demands in nowadays system security any more, as for the increasing complicated application. Role-Based Access Control, RBAC , introduces the concept of Role in the system, by which the direct relations between user and resource has been decoupled, and abstraction is emphasized in RBAC. So, the policy decision and administration to some extent in system become more flexible than ever.However, in the conventional Role-based access control, how to assign the proper roles to users and revoke them isnot clearly demonstrated. Many applications implement this manully by the static machanism, which increases the cost of enterprise. In order to solve the problem above, Rule-Based RBAC model introduces the concept of rule in RBAC model. In this model, roles are implicitly assigned to users based on the rules defined by the system administrator, so, some works of the system administrator can be completed automaticly. But, an important promblem still remains in the above models, that the definition of role in these RBAC models is more broader and unclear in semantics. The role doesnot only conclude the logic structure of enterprise, but also the security policy of system. However, these two parts in enterprise will change with a different degree, the logic structure of enterprise will not change within a long time, because it concerns about the deploy of enterprise business functions; on another hand, as the changing in application environment of enterprise, such as the introduction of new users and new resources, there will need new security policy in enterprise. It's still necessary to improve and extend the model to counter this contradiction in... |
PDF Full Text Request