Research On Authorization Management Model In Multi-domain Environments

In the information era, resource access and protection is one of the crucial factors in system's security. Access control is an important approach to address the problem. Authorization management is the core of access control. Many researchers do much work on authorization management, and obtain great achievement. However, with the development of computer network and application, some issues on authorization management are not resolved effectively. It is necessary to do further research on these issues.In single administrative domain, role-based access control is widely used. However, in the RBAC model, a user can not obtain partial privileges of role, and a senior role can not inherit partial privileges of junior role. A fine-grained role-based access control model, called FGRBAC model, is presented through extending the RBAC model. The algorithms to search for the privileges of a user or a role are presented. The FGRBAC model adds an element, called privilege's importance, in the RBAC model and provides a way to set the range of privilege's importance during privilege-role, user-role and role-role assignment. So RGRBAC model supports fine-grained role-based authorization management. The RBAC model can be viewed as special case of the FGRBAC model. So, compared with the RBAC model, the FGRBAC model is more flexible and practicable.The IRBAC 2000 model is used to establish a flexible policy for dynamic inter-domain role translations between two administrative domains. The RBAC Model directly supports three well-known security principles: separation of duties, least privilege, and data abstraction. In the IRBAC 2000 model, each administrative domain utilizes the RBAC model, so dynamic inter-domain role translations should support three well-known security principles. This paper analyzes all kinds of cases where dynamic inter-domain role translations will violate separation of duties or least privilege, and provides the algorithms to determine whether dynamic inter-domain role translations violate separation of duties or least privilege, and proposes a protective mechanism to prevent dynamic inter-domain role translations from violating separation of duties or least privilege through prerequisite conditions. Because dynamic inter-domain role translations are accomplished by the associations in the IRBAC 2000 model, it is very important to manage and optimize the associations. This paper analyzes all kinds of cases where redundant associations emerge in the IRBAC 2000 model, and provides the algorithm for determining redundant associations and prerequisite conditions to prevent redundant associations. By doing so, the security of the IRBAC 2000 model is enhanced, and the efficiency of dynamic inter-domain role translations is improved, and the administration of the security officers is alleviated.The dRBAC model utilizes delegation to provide an authorization mechanism for the systems that span multiple administrative domains. However, there exist some limitations in the dRBAC model, such as no control on the depth of delegation, covert promotion of role, violation of separation of duties, circulation of delegation chain. The depth of delegation can be controlled by setting valued attributes in assignment delegation of the dRBAC model. The algorithms are presented, which judge covert promotion role, violation of separation of duties, and circulation of delegation chain. This work can improve the security and practicability of the dRBAC model.The existing trust management systems can not describe quantificationally the trust relation between entities, and not control the transitivity of trust effectively, so they can not satisfy the requirements in the real world. To address these problems, a trustworthiness-based authorization delegation model, called TBAD model, is presented. This paper introduces the elements of the TBAD model, and analyses the principles of the calculation of trustworthiness during the transfer of delegation, and controls the transfer of delegation in terms of the trustworthiness of the entities, and discusses the forward, backward and bi-direction for certificate chain discovery. In the TBAD model, certificate revocation is made by the issuers of certificate, or certificate is invalid when it is expired. In the TBAD model, the trust relation between entities is quantificationally described by trust level, and the transitivity of trust can be effectively control by a simple way.In recent year, the protection of privacy becomes a major concern. In open and distributed environments, authorization management is mostly based on credential. Because there is sensitive information in credential, how to protect privacy is hot in research. Automatic trust negotiation provides an approach to protect privacy. However, in automatic trust negotiation, credential is used as a whole, and the holder of credential can not selectively disclose part or all sensitive information in credential. So, a new scheme, called SDSA, is proposed to protect sensitive information in credential. The process of SDSA is described, and the security of SDSA is proved. In the SDSA scheme, the sensitive information in credential can be selectively disclosed, and the administration of key is simple, and the trusted third party is not in need. So, the SDSA scheme has some merits as follows: flexibility, security and practicability.