| Due to the popularity of the Internet and electronic commerce, information security becomes more and more important. Generally speaking, information security includes Intrusion Detection, encryption, authentication, access control, and auditing. We will study the access control mechanism in this thesis.Access controls are developed to prevent information stored in computers from illegal or unauthorized accesses. It is extremely important to verify whether a user has privilege to access a data ohject stored in a computer system. Conventionally, access control in an information system is solved by the following three approaches. Access Control Matrix, access Control List or Capability, Key Lock Pair. Traditional access control methods, such as mandatory access control (MAC) and discretionary access control (DAC), cannot satisfy the needs of today's enterprises' applications. The role-based access control (KBAC), suggested by National Institute of Standards and Technology (NIST), is a right solution. In RBAC, permissions are associated with roles, and users are made members of appropriate roles thereby acquiring the roles' permissions.Role-Based Access Control (RBAC) is an efficient, flexible and policy-neutral access control technology. Specifically for a large and complex systems, it is even more efficient and secure. But, Existed RBAC models were simple and partial. In this paper we introduce an Object-Oriented and a novel role administrative model of RBAC. In this way ,we simplify the administration and implementation of systems. These models are suitable for distributed and interactive applications, and improve control efficiency.The main contributions of the paper are listed as follows:(1 )Propose methods of key-locks, such as equations set, Newton's interpolation formula, and the prime factor decomposition theorem, to implement access control.(2) Present a cryptographic key assignment scheme based on Both the Chinese remainder theorem and quadratic remainder theorem, in order to solve dynamic access control problems in user hierarchies. The user in a higher security class can read and store information items that belong to users in a lower security class, but the opposite direction of this operation is infeasible.(3) Present the RBAC model with this well-known modeling language UML , and specify the RBAC model with three views: static view, functional view, and dynamic view.Several frameworks for the development of role-based systems have been introduced.(4) Propose a formal specifications for RBAC by RDL(Role Describing Language), especially for the Constraints of Duty Separation. The description of RDL is very simple and unique, easy to implement, and provides the security of large systems.( 5 ) Propose an object-oriented and formal access control model for developers to design security mechanism of systems and for users to perform their duties securely and efficiently. To represent the activated roles, Role-Playing is introduced. Every object of Role-Playing runs in particular context, which restrict users' rights dynamically and control users' interaction actively. The model is suitable for distributed and interactive applications, and improves control efficiency.(6) Introduce a novel role administrative model of RBAC, design the roles into regular roles and administrative roles, and define new and old membership of roles. The administration and implementation of systems has been simplified to realize easily.
|
PDF Full Text Request