Research On Role-Based Access Control And Its Application In Court System

The dissertation is dedicated to Role-Based Access Control (RBAC) technology and its application in court case management information system. Access control, as one of 5 standard security services defined by the international standard organization, is an important mechanism for the security of information systems. Nevertheless, some traditional approaches, such as Discretionary Access Control and Mandatory Access Control, are not suitable for systems where more sophisticated access control is needed. As a result, RBAC has become a hotspot in research community in recent years.The basic idea of RBAC is adopted in the development of Yuxi Court Case Management Information System (YX-CCMIS, for short), in which the author has been involved; and the system thus developed has satisfied basic requirements of practical application and been operational since. However, as a prototype system constrained by the time schedule and user's requirements, there is a need for further refinement, especially in RBAC.Apart from an introduction to the YX-CCMIS in this dissertation, much of effort has been directed to post-analysis of the system access control. Having thoroughly studied existing RBAC models and application approaches, in conjunction with author's experience gained in the development of YX-CCMIS, the author made a few contributions to RBAC techniques:1. Refinement and clarification to the core concept of "role" with regard to RBAC2. Introduction of a "2-stage Assignment" approach in access permission control, based on a refinement of concept of "role" into "role class" and "role sub-class", which enables a generic and flexible access control approach in workflow-oriented applications (e.g. court system)3. Refinement to the RBAC96 model, which has resulted in an improvement to ex-design of YX-CCMIS, which includes:(1) Introduction of two types of "mutually exclusive relationship" in role set: static and dynamic, which can be used in role assignment operation and role control.(2) Introduction of context constraints, which remedies the incapability of reflecting the restricted characteristics of roles in some conditions forthe RBAC96 model.4. Provision with a RBAC schema, more suitable for a nation-wide court -specific network environment related to digital certificate, based on analysis of limitation in related schema.