| Access control is a crucial security technology in distributed computing environment. It can effectively control actors' access to sensitive resources in information system, and ensure legal actors (include users and agents) to access relative resource. It can protect the security computer system from illegal actors' intrusion or legal actors' misuse, which can damage the system.Viewing enterprise application environment as a typical distributed environment, this paper studies constraint access control technology under the support of the following projects: AVIMD, ZD-PDM, DocMan, EMES, Networked Manufacturing Integrated Service and System Based on ASP, etc. The study aims at meeting access control challenges put forward by modern enterprise information system.In the 1st chapter, the paper introduces access control technology and informally defines access control. Based on the investigation of the status quo of access control technology and the analysis of the current challenges confronting access control technology (include validity, easy to use, dynamic, real time, compatibility, etc.), it points out the insufficiency of the current study of access control.In the 2nd chapter, the paper establishes the ontology-based enterprise information model for access control (OBEIMAC) in an ontology description language - ontolingua. The model consists of five sub-sets: basic classes model, context model, organization model, resource model, and process model. It provides a definite and extensible sensitive information model processed by access control model. This can improve the pertinence of the study of flexible access control model.In the 3rd chapter, the paper establishes the ontology-based enterprise information model for access control in an ontology description language - Ontolingua and a knowledge description language - KIF. Firstly, it defines a formal constraint access control model, which can make up for insufficiency of the current study. Secondly, it respectively defines the constraint types of operation set, extensive permission set, and role set in Ontolingua, and describes the transitive rules of constraint in and between these sets. These transitive rules can make constraints management easy. Finally, it puts forward some core arithmetics of model.In the 4th chapter, the paper puts forward the view that the system detects, avoids, and resolves inconsistency in constraint access control model through the defining of the rules and logical reason. Firstly, it analyzes the causes of constraint inconsistency, and describes them in KIF. Secondly, it carries out inconsistency detection through rule-based reason. After introducing the detection arithmetic of every type of constraint, it introduces two arithmetics for constraint inconsistency detection in system: a comprehensive scan arithmetic and a scan arithmetic under the guide of constraint definition. Then the paper further introduces a configurable extensive frame for constraint inconsistency detection. Thirdly, it discusses avoidance and solution of constraint inconsistency, and some resolving rules.In the 5th chapter, the paper discusses access control technology in partially-open distributed environment. Firstly, it describes the partially-open distributed environment, which consists ofclosed distributed environment and open distributed environment, and then it introduces trust management in open distributed environment. Secondly, it discusses the authorization in partially-open distributed environment supported by constraints. To ensure the implementation of system security policy and provide offline authorization, the paper puts forward a two-phase authorization model. Finally, it introduces a typical partially-open distributed environment -networked manufacturing. It discusses the problems and the corresponding solutions in our study of networked manufacturing based on ASP (Application Service Provider).In the 6th chapter, the paper discusses the implementation of access control model. Firstly, it puts forward the OMAM frame of OBC...
|
PDF Full Text Request