| The development of access control, which is an important information security technology, can be dividing into many phases. In recent years, many researches are focus on role based access control-RBAC, especially the most used RBAC96 model which was proposed by Sandhu. RBAC mainly focus on the management of role, permission, user-role assignment and permission-role assignment. With the separating of user and permission, RBAC can make a convenient and flexible permission management. And with the user-role assignment and permission-role assignment, RBAC can meet the needs of security. RBAC can be seen as a neutral security policy model which can be used in many situations.Delegation means that an active entity (can be an user, a program or course representing an user) in a system can delegate its privileges to other active entity, which thus can perform these privileges on behalf of the delegating entity. There are many types of different delegation, and the role based user to user delegation has gain the most widely research. In a role based delegation model, delegation is seen as a special URA course. The main difference between URA and it's revocation in delegation and RBAC is that the former is mainly performed by delegator and the latter by system administrator or security administrator. Delegation enhances the flexibility of authorization in access control and can be seen as a implement of DAC security policy in some degrees.This dissertation is supported by the Research Fund for the Doctoral Program of Higher Education titled"study on the access control based on user and role attribute"(RFDP20040611002) under the sponsorship of the Minister of Education of China. In this dissertation, user attribute is used as a part of delegation constraint in the delegation in order to enhance the security of delegation, which is heavily relies on delegator or system administrator in existing delegation models. We propose an Attribute Restricted Delegation Model-ARDM consisting of three sub models: ARDM0, ARDM1 and ARDM2. ARDM0 and ARDM1 are mainly focus on user to user delegation, and ARDM2 on role to role delegation. The main contributions of this dissertation are summarized as follows:1. Because attribute and attribute expression are the basic of attribute restricted delegation model, the dissertation elaborates the definitions of them in the first. And we...
|
PDF Full Text Request