Research On The Key Issues Of Role Based Access Control Under Distributed Environments

Access control is a crucial technology for system security. It can ensure the legal users to access sensitive resources and protect the resource from unauthorized access effectively. With the information technological innovations and the proliferation of the new network environment, the organizational structure of information system develops from centralized to distributed. As the traditional research content, access control technology also faces many new challenges brought by the. distributed, heterogeneous, autonomic and dynamic characteristics of distributed applications.Role-Based Access Control (RBAC) is a proven technology for access control received considerable attention. With the flexibility and extensibility, RBAC applies widely in all fields. In recent years, great achievements have been made both in RBAC theoretical research and RBAC products. At the meantime, there has been a growing interest in how to apply RBAC model to distributed environment; however, there are some defects, such as limitations of extended RBAC models, insufficiency of the application of RBAC characteristics, inefficiency in RBAC administration and coarse granularity of permission in RBAC. A further discussion and practice for the key issues of role based access control under distributed environments has been done. The research results in this dissertation have academic significance and promising application.1) Classify the conflicts according to the feature of RBAC interoperation; bring out a directed acyclic graph based detection method of security violation for role based interoperation access control. Therefore corresponding detection method can be applied to different types of conflicts according to the actual application environment.2) Bring out a semantic and trust based user-role assignment framework, which is based on the division of work and responsibility in the enterprise, and takes the feature of RBAC model into consider. The framework automatically assigns users to roles based on a finite set of assignment rules defined by authorized people in the enterprise, enhancing the RBAC administration efficiency.3) Bring out an adaptive policy management framework for role based access control in distributed environment. According to the security requirement of RBAC in distributed environment, unified security policies has been established with semantic technology. Policy ontology and speech acts ontology have been defined. With this specification, accuracy of understanding of security policies has been improved.4) Bring out a context based semantic-aware access control model. Ontology for context information has been established based on the RBAC ontology. With the utilization of context information and semantic specification of RBAC elements, the administration for the applicability of users'role memberships to particular permissions is much more easy and precise. The main contributions are described as follows:the directed acyclic graph based detection method of security violation, the semantic and trust based user-role assignment framework, the adaptive policy management framework and the context based semantic-aware access control model. We have conducted a further discussion and practice for the key issues of role based access control under distributed environments, which has some reference value and benefit for the conflict detection, augment of administration efficient and fine-grain permission control under the distributed environment.