Role-Based Access Control Technology Research And Improvement Based On Constraint Relations

Nowadays the efficiency and security of the information system are more and more importantwith the development of information communication and Internet technology. Role-based accesscontrol (RBAC) technology is a classic technology which can guarantee system security. However, itsflexibility and security in the system can hardly meet the practical requirements today. Therefore, thisthesis does discussion and research on the flexibility and security problems in role access controlmodel, and the main contributions are as follows.Firstly, the thesis proposes an improved RBAC authorization management model based on theworkspace constraints to solve the complexity problem in RBAC authorization management. The newmodel looses the coupling between the authorization management and role hierarchy through thedefinition and constraints of workspace, which improves the efficiency of the authorizationmanagement greatly. Also, the thesis gives the formal definition, implementation, example analysis,and contrast experiment. The results of the experiment show that the new model improves theefficiency of the authorization, and enhances the flexibility of the information system.Secondly, the thesis does the research and analysis of information flow in the RBAC model tosolve its information leakage problem. The formal definition of legal and illegal information flow isgiven, and the specific algorithms of the constraints are proposed, including the judgment, detection,and control of illegal information flow. Besides, the influence for the change of system elements setsto the information flow security status is discussed. The results of the experiment show that theinformation flow constraints can solve the information leakage problem of RBAC model, and have abetter efficiency than the previous work, which enhances the security of the system.Finally, the thesis researches the information flow in the improved RBAC authorizationmanagement model based on the workspace constraints with a view to the practical needs of theapplication communication across workspaces. The definition, analysis and control mechanism of theinformation flow across workspaces are given, and the security constraints are proposed to control theillegal information flow between workspaces. The results of the experiment show that the controllingof information flow across workspaces can protect the information confidentiality, and make the newmodel having a good adaptive capacity on both flexibility and security.