Authorization Policy Research Based On Audit And Access Control

There is an increasing conflict between the opened network and information security. So it is great urgency to protect the communical security of network, which depends on trust and authorization. For soluting the trust problem of network comnunical, PKI (Public Key Infrastructure) is builded. Audit and access control is an important appliced region of network security based on PKI. , which has some problems on the theory and application. Therefore, it is necessary to build a pretty model of the authorization service controlling.PMI (Priviledge Management Infrastrcture) is put forward in X.509 protocol Version 4, which is based on RBAC (Role Based Access Control). This.theis is belonging to data security project of BOSS (Business Operation Support System) of Sichuan mobile communication. According to X.509 standard, this paper designs the audit and access control policy based on the port of host. The conflict is worked out between permanent identity and controallable priveleges.At the begining of this paper, the bascial library of security is designed, and the interface of algorithms such as encryption, decode and digest is realized. The operational protocol and CA of certificate is realized by the USB token.And then. On the base of RBAC, it offers the basical mathetical definitions, rules and detail design of policy file and application. It describes simply on mathetical definitions and rules. Through analysing the problems in the total process of policy application and extending the design of policy, the data of switch is filtrated by ACL (Access Control List) policy. Meanwhile, the algorithm of policy control is deeply researched, and the efficiency of policy is improved by taking advantage of radix sorting and binary search. In this paper, on the base of Clark-Wilson policy model, abnormity is defined by focus thing. It is prettily realized the content audit of session layer protocol. By taking advantage of multi-level fuzzy definition, the data structure of audit is optimised. At last, the author not only finishes authority policy model, but also designs UI based on audit model of policy. In fact, friendly and beautiful UI is the important part of project.The theis investigates the correlative technology of audit and access control. The result is valuable for the huge operation of data. For further research of PMI and the policy standard have significant meaning, especially in mobile communication.