Integration Of Access Control Policies Based On RBAC Approach

Access control whose objective is to ensure the security of accessing to resources in software systems is an essential part for most software systems. Compared with other traditional access control policies, Role-Based Access Control is considered as an effective way to solve the resource control of software systems, and utilizing RBAC may lower the cost of operating and oversight. Nowadays, RBAC is widely applied in most software of various fields, but it may not be used in legacy systems. Different legacy systems may make organize access control policies in different forms. Along with the actual requirements of organization, single legacy system needs maintenance and evolution. Besides, a variety of legacy systems required to be integrated. Therefore, it is significant to study integration of access control based on RBAC approach for the integration of legacy systems.Because access control policies in legacy systems seldom bases on roles and are accomplished in various ways, an RBAC-based approach is proposed to integrate access control policies in legacy systems. In the approach, permission is mapped to tasks, then tasks are extracted from each legacy system and a global task tree is generated for the whole integrated system. Based on the global tree and transformation rules of access control policy, various kinds of access control policies are reorganized in a unified form. Moreover, a set of management rules is provided to achieve further authorization. During the process of implementation, AOP is introduced to separate and re-implement the access control module after integration. Furthermore, access control module may be released as Web services for the purpose of distributed legacy systems.Finally, a case study is demonstrated to depict the integrated approach and implementation method are feasible, and using them can integrate access control policies of legacy systems and introduce RBAC into legacy systems. By releasing access control module of integrated systems as Web services into services provider, the users can enter multiple legacy systems at the same time, and the administrator can easily accomplish further authorizations and maintenance.