| Access control is a crucial security technology in information security system. It ensures legal actors to access relative resource, and protect the security computer system from illegal actors' intrusion or legal actors' misuse, which can damage the system. Access control constraints are means settled for security strategy, they can restrict the connection of users and permissions. In the enterprise environment, constraints need consider workflow authorization more than access control model, exclude time constraints and others. Viewing enterprise application as a typical distributed environment, this paper studies constraints access control technology under the support of the projects: AV1DM. Sunflow, etc. The study aims at meeting access control challenges put forward by modern enterprise information system.This paper brings forward an access control model supported by constraints to meet complicated enterprise environment. First, based on the rule of task, a novel TBAC (Task-based access control) model was proposed to deal with the lack of permission administration and mechanism in the conventional TBAC model by the definitions of task-permission set, this paper focused on the permission constraints both on the task and permission, it came up with some formal analyses and some constraints rules for permission set, defines model formally and describes authorization architecture. Second this paper analyzes the constraints in enterprise dynamic environment, sequences from task management and enterprise dynamic strategy, it makes some constraints on timeliness and weight ,then combine the single-handed access control model with enterprise dynamic environment, the constraints enhance the practicability of access control model, ensure permissions minimum and the separateness between duty and right. Finally one application is showed to testify this model's practicability.
|
PDF Full Text Request