Research On Key Technologies Of Role Based Joint Authorization Administration

Authorization and access control mechanism faces new challenges due to the increasing requirements of information security. It is urgent to solve the issue of joint authorization administration, implementing the disjunction of administrative privilege, reducing the risk of abusing important privileges, and providing appropriate access protection for the security requirement of key resources in important information systems of government, military or multi-domain coalition in distributed network.The joint authorization administration technology is researched deeply, and the paper proposes a joint authorization administration model and framework, and investigates key technologies of the framework, such as the joint authorization administration policy. The main work shows as follows.1. The research actuality of joint authorization administration is introduced deeply, summarizing the insufficiency of the existing authorization and access control models and privilege management infrastructure PMI in supporting joint authorization administration, and pointing out the significance of research on joint authorization administration.2. A role-based joint authorization administration model is proposed. The model introduces the elements of joint role, joint privilege, threshold and so on to support flexible joitn authorization administration policy, gives the joint administration operations and rules, and analyzes the joint authorization contstraints using RCL2000 language. Analysis implies that the model can satify least privilege, separation of duty principles and joint authorization constraints, improving the security of authorization management effectively.3. A joint authorization administration framework based on the RBJAA model is designed. The paper introduces the components and working process of the framework, and makes deep research on the key technologies, including joint authorization negotiation protocol, threshold arbitrate algorithm, joint authorization attribute certificate and so on, resolving the consistency and validity of the joint authorization decision.4. Investigates XACML based joint authorization administration policy. Based on the XACML specification, the paper defines the elements, type and format of the policy, and gives the XACML based joint authorization administration policy, including joint administration policy and joint access policy. Finally, the policy matching process is described.5. Designs and implements joint administration policy setting module, joint authorization processing module and so on.