| Privilege management is the core of system security, which can prevent computer system and resource from being unauthorized accessed and make sure that different people can get different services and data. Privilege management is always an important problem of computer system security researches and applications.Under the modern application circumstances, such as enterprise information portal, copyright protection, distributed digital library, etc, the variety and complexity of information make the security mechanism specification more and more complex and difficult. At present, privilege management is faced with many problems, for example, too many types of resources, more and more finer access to application resources, multiple security policies coexisting in one system, across-application security polices, use of application-specific security polices, and consistency of authorization policies across enterprise applications. Nowadays ,application developers resort to embedding access control functionality in application system. This coupling of access control functionality with application logic causes significant problems including tremendously difficult, costly and error prone development, integration, and overall ownership of application software.Our dissertation aims at the research of a new generalized privilege management model, mainly to resolve the problem of controlling activities with semantic information within enterprises and specifying and implementing across-application complex security policies. In the background of enterprise information portal, in this dissertation, we propose a privilege management model which is subject and object mingled, fine-grained, parameter used, and with partial-order structured parametric fields. The main points of our work are described as follows:Introducing and using of ontology in privilege management In order to describe generalized activities with semantic information within enterprises, we introduce ontology into enterprise application level which can build up concept model for activity-relevant information of application level. Based on ontology, we propose a suitable framework and management mechanism for generalized activities with application connotation and build up corresponding formalized model. And on the other hand, ontology helps to extend traditional access control objects to services with parameters and with application semantic information, which enlarges ranges of access control objects and enriches access control mechanismes.Multiple authorization specification language We design a language which supports user defined predicates and complex authorization...
|
PDF Full Text Request