| Since Role-Based Access Control (RBAC) shows great advantage in meeting the security need in large-scale, enterprise-wide system, RBAC becomes the hot topic in access control research area. Researchers have proposed several RBAC models, which include the famous RBAC96 model. However, these frameworks were sometimes hard for system developers to understand because the models defined are too abstract or focus on application-oriented solutions. In this paper, a new model (OSRBAC model) is discussed, which is the improved model to RBAC3 model in RBAC96 model family. Compared with RBAC3 model, OSRBAC model is more concrete and easilier to understand.We also describe the implementation of OSRBAC model in Red Flag Secure Operating System (RFSOS). RFSOS was the first secure operating system that used the secure operating system architecture of generalized framework for access control in Mainland China. In RFSOS, security attribute database, secision enforcement module and security decision module are separate from each other. This architecture flexibly supports multiple access control mechanisms. There are three parts in material implementation: access control information, access control enforcement facility and access control decision facility. Practical experience shows that the implementation of OSRBAC model in RFSOS has little inflence on system performance and also proves the validity of OSRBAC model.At the end, we analyzes and compares RBAC features supported in the most recent versions of three secure operating systems: Trusted Solaris 8 Operating Environment, Security-Enhanced Linux and RFSOS. Our finding is that these products provide a sound basis for implementing the basic features of RBAC, although there are significant differences. In particular, RFSOS is the only one to directly support the definitations of RBAC model.
|
PDF Full Text Request