Research On Key Technologies Of Multi- Domain And Multi-Level Authorization Management Model Supporting Resource Management

Network trust architecture plays a crucial role for information construction,in which authorization management is a key technology. In information system of multi-domain environment, a huge number of authorized management objects and flexible access control requirements bring new challenges for theoretical research of authorization management.Existing authorization management models often raise only particular aspects of the given problems.They can’t come up with solutions to the dynamic, cross-domain and multi-level authorization management. There is no complete multi-domain and multi-level authorization management model supporting resource management. Therefore, existing researches are unable to meet application requirements.This dissertation aims at the challenges of authorized management under the multi-domain environment and pays attention to authorization management in a single domain, cross-domain authorization management, multi-level authorization management, fine-grained resource management and multi-level resource management. A complete multi-domain and multi-level authorization management model supporting resource management is put forward, with the features of good practicability and scalability. The work will make the foundation for multi-domain and multi-level authorization management. Security of the authorization management model,and the consistency of separation of duties policy are researched, supporting the application of authorization management model.Main researches are as follows:(1)A Multi-domain and multi-level authorization management model supporting resource management (MDLAM) is proposed. Aiming at the problems of single role setting lacking adaptability,redundant roles or privileges in the multi-domain environment, without the general model including dynamic,cross-domain and multi-level authorization management and paying little attention to resource management in the existing Role-Based Access Control (RBAC) researches, it proposes a multi-domain and multi-level authorization management model supporting resource management. By combing the attributes of Attribute-Based Access Control (ABAC) and RBAC, it achieves fine-grained, dynamic authorization management. A double role architecture of function role and task role is proposed, making the model realistic and adaptable. The concept of organization is introduced and combined with the double role architecture, resolving the authorization management in multi-domain environment. Through extending privilege to an operation and resource type pair, the model pays attention to the authorization management and resource management at the same time, making it an integrated authorization model.The model can provide dynamic authorization, finer-grained authorization, multi-level authorization,cross-domain authorization and multi-level resource management. The discussion indicates that the model retains all the characteristics and advantages of RBAC,and can effectively reduce the administration complexity with better scalability and universality.(2) The basic part of the model working in a single domain is put forward. By combining the attributes and roles,dynamic role assignment and role activation are achieved. Double-tier role architecture is present to cover the requirement of both organizational level and application level at the same time.Different inheritance modes of function role and task role are defined, resulting that the model can protect the subordinate role’s private privileges.The resources are classified according to the properties and allowable operations based on the object oriented concept. The resource type relationship tree is introduced for management of resource types, and various types and granularities of resources are organized as tree structure. The resource type is extensible and the granularity of resource is controllable through dynamic management of resource type relationship tree and resource organization structure.The deduction relationship between privileges is derived to improve the efficiency of authorization.The model can support management of any types and granularities of resources,with the properties of extensible resource type, adjusted granularities and deductibility privileges.The basic aspect of the model is defined formally with dynamic description logic.(3)The extended aspect of the model for multi-domain and multi-level environment is present. Through the division of management scope in a rational way and management privilege divided into domination permission and management one, the model resolves the problems of management division diffusion in RBAC.In the aspect of cross-domain authorization, the concept of unidirectional role mapping is put forward, ensuring the unidirectional transmitting of privileges and resolving the problems of covert role promotion and privilege penetration in the existing methods.The concept of virtual and actual nodes combined resources organization structure and resource management branch is introduced to make reasonable division of resources, and the dynamic distribution and delegation of resources administration privileges. The extended model can support the autonomous management of resources,dynamic allocation and reclaim of administration privileges with the extensible and flexible management structure. It is defined formally with dynamic description logic ad well.(4) Security principles for RBAC-based authorization model.Security principles are greatly significant to security analysis of authorization management model, but they are paid little attention to and remain open problem. This paper proposes many security principles for RBAC-based authorization model aiming at the security of authorization model.The security properties of RBAC are present, including simple safety, simple availability, bounded safety, liveness and containment.Based on deep anatomy of security requirement in authorization management, the problems including correct privilege assignment, satisfaction of separation of duty and least privilege, privilege covert promotion, controllable privilege diffusing, controllable management privilege delegating, data consistency, authorization without redundancy and so on.The proposed security principles include authorization correctness,authorization security and authorization integrality principles.Analysis result indicates that the security principles are consistent with the security properties of RBAC, can support the security requirements of authorization management efficiently and provide criterions for evaluating the security of RBAC-based authorization model.(5)Security analysis and proof of the authorization management model.Based on the authorization management principles,several security violation formulas are given to describe the unsecure state of the system accurately. Dynamic description logic is used to analyze and prove the security of the authorization model, indicating that all the operations won’t result in the state satisfying the security violation formulas.The results demonstrate that the authorization management model can meet the authorization correctness, authorization security and authorization integrality principles.We can conclude that the authorization management model is secure.(6) An approach for consistency analysis and decision of SSoD policy is proposed. Due to the potential redundancy and conflict of SoD (Separation of Duty) policy which may influence its consistency in RBAC model, a consistency analysis and decision approach for SoD is proposed. The consistency of SoD is analyzed and discussed from two aspects:the consistency between multiple SSoD (Static Separation of Duty) policies and that between each SSoD policy and the privilege derivation relation existing in RBAC.Based on the definition and decision theorem of the consistency, an efficient consistency decision algorithm is designed accordingly,with correctness, validity and complexity discussed. The application example shows that the method is useful to eliminate the redundancies between multiple SSoD policies and conflicts between SSoD policy and the implicit authorization caused by privilege derivation, serving the realization of the SSoD policy’s consistency.