| Along with the computer and Internet technology was developed rapidly, the form of the application of information technology from centralized to distributed gradually. This lead to that a large of cooperative works and information sharing need to be finished within the internet. As a result, to congregating distributed resources in the internet is becoming more and more important. In distributed environment, the number of users and resouces is so great, and they are dynamic and variational, access control policies are heterogeneous. In this type of circumstance, to congregating multi-domain resources and to making cooperative works in span security domains will need to cooperate with every domains and to construct a consistent access control policy. But the traditional access control mechanisms were designed for the applications in static environment, so they will difficult to adapt in the large-scale and dynamic network applications . So they are faced with a great challenge.The traditional access control models including Mandatory Access Control(MAC), Discretionary Access Control(DAC), Role-Based Access Control(RBAC). They are static access control models that need to redefine security policies or restart to assign roles to users and permits in every security domains before composing security policies, that greatly increase the complexity in managing the system. In large-scale distributed environment, the number of users and resources is very great, and they are dynamic and variational, access control policies are heterogeneous. To composing security policies refer to redefine users'roles and assign them to users and permits, it is a very complex work which is too difficult to complete.Attributed-Based Access Control(ABAC) has been developed in distributed environment, it could resolved access control problems in distributed environment better than traditional access control models. In this paper, we have discussed the limitations of traditional access control models in solves the problems of distributed access control models, and an enhanced access control policy composing algebra for attributed-based access control was proposed to composing access control policies. In this paper, access control policy is a tetrad that consist of subject, object, environment and action, and it was been described with formalization algebra methods. In order to implement policies composition, a more efficiency and flexible algebra operator was proposed to composing access control policies. Increased element of composing access control policy and improved the power of semantic expression and fine-grain expression on policy composing. The method has a excellent scalability that made a base for research and improving methods of composing access control policies in future.In addition, In this paper, environmental attribute has been considered as an independent tuple in the method, that reflect the crucial influences of environment condition for access control. The ABAC supports RBAC, so the methods can be used to composing access control policies in RBAC.This paper is supported by the project Research of Base on The Ontology Access Control in Grid which funded by National Nature Science Foundation of China and the project Research of Composing Base on Attribute Access Control Policies in Grid that funded by Chongqing University Postgraduates'Science and Innovation Fund. |
PDF Full Text Request