Research On Key Technologies Of Role-based Secure Interoperation In Multi-domain Environments

Dynamic, distributed, heterogeneous and autonomous multi-domain environment brings many challenges for inter-domain secure interoperation technology. Traditional access control models can not satisfy security requirements of such interoperation due to their central management. Therefore, research on how to ensure local domain's security and autonomy while conducting cross-domain authorization and access control is a critical issue and urgently needed, which has great significance.Based on the widely used RBAC policy, this thesis explores deeply into key technologies of role-based secure interoperation. The main works are as follows:1. Proposes an Extended Role-based Interoperable Access Control Model called EIRBAC. Focused on the main problems of current researches on role-based security interoperation, this paper proposes an EIRBAC model by introducing three types of association relations between roles in different domains: transitive mapping, non-transitive mapping and restricted access, proposes and proves the security theorem of interoperation based on EIRBAC model. Compared with related works, EIRBAC supports security constraints such as separation of duty in muti-domain environments, improves the security as well as agility during cross-domain authorization management, which lays a solid foundation for secure interoperation between domains adopting RBAC model.2. Explores the key technologies of conflict detection and conflict resolution in conducting interoperation under EIRBAC model. Focused on the ubiquitous problem of policy conflicts in role-based security interoperation researches, this thesis studies the types and reasons for conflicts during implementing secure interoperation under EIRBAC model, proposes the strategy and flow for conflict dealing, designs high-powered conflict detection algorithms with it's computation complexity analysis and simulation validation, brings forward a conflict resolution method called inter-domain sharing-maximizing oriented Integer Programming. These explorations provide security guarantees for implementing role-base interoperation.3. Explores the implementation framework as well as its key technologies for security interoperation based on EIRBAC. This thesis proposes an implementation framework for security interoperation based on EIRBAC model, gives the hiberarchy and function description of its key groupwares. This thesis explores the key technologies for the given framework, proposes an administrative role-based cross-domain authorization management method, investigates the role access path constructing problem, and proposes the idea and method of constructing shortest role access path. This paper also devises an interactive protocol for setting up interoperation sessions, proposes a policy specification method based on X-RBAC. These works set up a technical foundation for role-base interoperation implementation.4.Designs a security interoperation prototype based on EIRBAC model and realized its key modules, which validates the main work presented in this thesis.