| As the network technology develops very rapidly, the network security becomes a more and more important issue. The developement of e-business and e-government affair system not only requires the protection of system's resources but also needs to provide the proper visitor with the best service. So the syetem are required to determine who can get access to the system's resources , what information the visitor want, what privilege the vistior have on the data he is visiting. All these problems have something to do with the important contents of network security: privilege management and access control.This paper puts forword and realizes the privilege management system PMI based on RBAC, ie. JIT PMS. This system is used to provide the users and applications with authorization management service and authorization and access control mechanism which is corresponding to the practically used handling mode and has nothing to do with the development management specific application system. This simplizes the development and maintenance of specific application system effectively and upgrades the overall secrurity level greatly.In the privilege management system an important concept is introduced- RBAC. In order to solve the problem of complicatedness and security in the privilege management in a large system, the Role-based Access Control is advanced. Its characteristic is to give the role a group jof privileges and distribute different roles to different users. It reacts to the user's access through the user's role and the system's access control strategy. To a large application system, the control mode on the basis of role can effectively reduce the complicatedness in authorization management and the management cost. It can support different security strategies and react to the enterprise's change flexibly. Privilege management form is close to the real world. The separation of authorization from specific application suits the decentralization system of division of labour with cooperation.Another important concept-attribute certificate is introduced in the privilege management system. Attribute certificate is a digital certificate . This kind of digital certificate doesn't include public key information. It only includes the information about the ID of the person who owns the certificate and the ID of issuance certificate, signiture algorithm, period of validity and attribute. Gernerally speaking the attribute certificate's period of validity is short. When the period of validity expires, the certificate automatically loses its validity. In this way many problems are avoided when public key is withdrawed. Attribute certificate is a set of a series of data which indicates the entity attribute information. It supports the role's access control in a very simple way. The usual process is the following. Some X.509 attribute certificates that define the roles are preissued, thus the role's privilege is defined. Then a attribute certificate is confered to the ultimate user. This attribute certificate defines one or more roles for the user. On the basis of the privileges,roles and restrictions which are indicated by the proprery, attribute certificate can not only assign and validate the privileges safely but also control the access based on the roles and procuration authorization easily. As a result the management and distribution of privileges become efficient and flexible.Privilege management infrasrtucture is a comprehensive system composed of attribute certificate, Attribute Authority, attribute certificate bank. It is used to produce, manage, store, distribute and withdraw attribute certificate. PMI uses attribute certificate to store privilege information. This realizes the access control easily and clerarly. The management of the attribute certificate's lifecylce realizes the management of privilege's lifecylce.JIT PMS privilege management system is composed of four sub-systems: AC signing and issuing system; administation system of AC signing and issuing business; AC registering system; Administation system of...
|
PDF Full Text Request