| Among the three policies of access control, Role based access control policy (RBAC96) was often researched last few years. Comparatively to the other two policies of the access control (Discretionary access control policy and Mandatory access control policy), RBAC is more flexible and more scalable, moreover it showed great advantages in satisfaction of the demands for the security in informational system.Delegation is one of the important access control mechanisms in distributed system. Delegation is referred to as some active entity in system assign its permission to other active entity to carry out some functions on behalf of the former. Currently main delegation authority models are based on role, but they are not perfect, the aspects of the security constraint of delegation authority and other aspects were not discussed in detail.Chinese Wall Security Policy (CWSP) is a access control policy, which is very important and widely used in the sphere of commercial information. CWSP combined characteristics of DAC and MAC, can prevent user from visiting data set of different companies in a same conflict of interest(COI). Now there are many researches about the constraint of delegation authority, but almost all of them didn't consider the operation and realization of the delegation in terms of Chinese Wall Security Policy. These traditional delegation models mainly aimed at the common environment, the peculiarities of CWSP are not enough considered, and can't be applied in sphere of consulting and commerce.The contributions are as following:1. First of all, the three existing role-based delegation authority models are analyzed systematically using the criteria of delegation depth, delegation granularity, delegation authority and delegation revocation. The differences, advantages and disadvantages of the three models are elucidated; the deficiency of the three models in the delegation constraint area is pointed out also.2. Security constraints in the process of delegation authority is researched mainly and a constraint-based delegation authorization model(CDAM) is proposed. This model fully considered the constraint of Chinese wall security strategy to the delegation authority. Except adding several common constraint conditions to the delegation constraint, the model also added CWSP constraint. Delegation constraint conditions in the model are introduced in detail, including prerequisite condition, separation of duty constraint, time constraint, delegation depth constraint, CWSP constraint; and two important algorithm in the process of CWSP judgement are proposed .3. Delegation authority and revocation in CDAM model are researched mainly. Conflict detection algorithm of delegation authority is proposed and the process of delegation authority in CDAM model is discussed in detail. Finally,two policies of delegation revocation are proposed.4. CDAM model is applied into a consulting company which is a simulation environment; the delegation authority and revocation from one employee to another in this company is simulated. |
PDF Full Text Request