The Research On Access Control Model And Certificates Chain Discovery Algorithms In SPKI/SDSI

As the rapid development of the technologies of networks, the security of networks has been becoming more and more important. Public Key Infrastures is the technology surport measures to solve networks security. The traditional PKI based on X.509 standards has solved identity authentication, data confidentiality, data integrity, no-repudiation problems of networks security, but not access control efficiently. The existing access control mechanisms based on SPKI/SDSI certificates presents problems ranging from the model being unreasonable, algorithms being not efficient, system implementation schemes being complecated.The previous access control models based on SPKI/SDSI certificates put the certificates database into the resource server or the client. If the certificates database was put into the resource server, it will enforce the load of the resource server. If the certificates database was put into the client, it will be not convenient for the management of the certificates database. This paper proposes an access control model based on SPKI/SDSI certificates using the idea of computers memeory structure cache and introducing certificates server and client certificates database, and gives out its authorization and working process. The management of certificates database and certificates chain discovery of this model are covinient. The whole system is efficient, easy to construct and also possesses high security intensity.The flexibility of SPKI/SDSI has its cost, and its cost is the complexity of the discovery of certificates chain. The efficient implementation of certificates chain discovery algorithm is the key to a realization of the system based on SPKI/SDSI. The certificates chain discovery algorithm includes two parts: SPKI/SDSI name certificates reduction closure calculation and authorization certificates chain discovery based on graph. This paper studies the name certificates reduction closure in detail. It designes 2 kinds of implementions based on containers according to the algorithm frame. It improves the previous algorithm based on 3 hash tables, and adopted an algorithm based on 2 hash tables. It decreases the calculation times and improves the time efficiency of the alogorithm. It compares these algorithms through experimentations. The results shows that the time efficiency of the algorithm based on 2 hash tables is higher than those obtained based on 3 hash tables. It also gives out the method of reconstruction of certificates chain and the ways of improving thetime efficiency of authorization certificates chain discovery algorithm.The previous implementation scheme of access control system based on SPKI/SDSI certificate was to add an access control module to Apache Web server and to add a plugin for Netscape browser. This scheme is not only complicated to realize, but also short of transportability. Since Java-based technologies have advantages on web applications, this paper uses varies of them such as Applets, Servlet, etc. Furthe more, the paper designes and implements a web-based file access control system, basing on the general access control model of SPKI/SDSI certificates and the algorithm of certificates chain discovery. The new implemenataion scheme is not only simple, but also possesses good transportability.