| RBAC model is a kind of important technology to storage and access control that received extensive accentuation in the recent years. Experts like Ravi Sandhu, David Ferraiolo, Richard Kuhn, Axel Kern had made many research on the RBAC model, which is also very popular in the c/s or B/s structure based information system that used by the enterprise and government.The old RBAC based on the centralize system, which only abstracted by a single attribute of the subject, is lagged off given the exuberance of the distributed system. The old RBAC forget that possibility which abstracted by the attribute of the object and is only effective to the fixed subject, all of which lead to the waste of roles and rights. Furthermore, the old RBAC can only make access to the distributed system( which contains alien object from other enterprise) in the identity of equal role, that shortcoming leads to security problems. The waste of roles and rights doubtlessly increased the complexity of role management, and equal role is inconvenient in achieve least privilege, those legacy of the old RBAC is not suitable to the character of the distributed access control.he author supplied several advices to achieve RBAC's adaption into the distributed access control environment given the shortcomings of the old RBAC model:First: Reduce the waste of roles by introducing the attribute parameter(domain) and virtual right of the object and the subject according to the thinking in DTE.Second: Through the definition of extended permission, we can differentiate the condition of subject and object (to be accessed) when they belonged to a same enterprise or not, which could reduce the waste of rights.The third: The subject can be assigned a temporary role when making access to the object in the different enterprise, which is helpful to achieve least privilege.The RBAC model in the new distributed environment greatly reduced the number of roles and the complexity in the role management through those improvements, which also set a direction for future development in reducing the role conflict.The idea of this article is already utilized upon the access control in the project of the service plat of electric business.
|
PDF Full Text Request