Role-based Fuzzy Access Control Model

Access control is one of the kernel policies of information system security, and it constitutes the security infrastructure in information system with cryptography, authentication, auditing and intrusion detection together. Access control model is used to express the access control policies of information system security, to verify the consistence among them, and to provide the effective mechanism for enforcing the access control policies.The studies on Role-Based Access Control have been a popular project in the area of access control, and RBAC has been widely applied to computer information systems. With the widely useage of computer technique and the information resources that it administes and dominates becomes more and more bulkiness and complex. The initiator of fuzzy mathematic L.AZadeh summarizes "incompatibility principle"[2] which for precision and complexity from long-range practise. It means that with the system is more complex, it's signification precise ability will be reduced and the system's fuzziness will be builded up[3], that is to say, current complex systems themselves have the property of fuzzy and uncertainty. Because the in being access control models ate based on precision, they can't deal with the security problem of complex systems that have fuzziness. In order to deal with the security of complex systems more, we must introduce fuzziness to access control model.The kernel of access control policies is authorization that is based on truth, so authorization takes on large subjectivity and fuzziness, fuzziness is inherent component of security policy and model and we can fuzzy the access control model. The Joint DoD and CIA Security Commission propose to bring fuzzy set theory to the area of information security, which can provide rigorous methods to handle many possible degrees of security[4]. Fuzzy logic is a relatively new paradigm that may radically impact computer security. It can be used in formal methods, in trusted system analysis and design, in measuring the security of system, and in representing the imprecise human world of polices and inference[5], and wo can use fuzzy set theory to policy analysis[6]. Recently using fuzzy mathematics to deal with the security problems of the information system security brings people's notices.The paper uses the knowledge of fuzzy mathematics to access control model andbrings forward new fuzzy access control models------FBLP and Role-Based FuzzyAccess Control. The paper offers a new thought to access control model's research and has certain reference value. There are several fresh innovations as following:(1) I deeply study the model BLP, then using the ideas, language, and techniques of fuzzy logic to redefine the inscape, the represent of system state, security system, security axiom and state's security, then advance a new fuzzy model BLP (FBLP).(2) Based on the model RBAC96 which is lucubrated and abroad applied at present, I put forward role-based fuzzy access control model (FRBAC) and present it's formal definition, using fuzzy set theory, fuzzy logic and fuzzy reasoning of fuzzy mathematics knowledge. FRBAC is made up with four parts that are fuzzy basic model (FRBACO), fuzzy hierarchy model (FRBACl), fuzzy restriction model (FRBAC2) and fuzzy unite model (FRBAC3).(3) Based on the model RBACO, through fuzzy the basic elements: user, role, permission and session, as well as user assignment, permission assignment and function, it forms the model FRBACO;the model FRBACl adds fuzzy role inherit based on the model FRBACO;the model FRBAC2 adds fuzzy restrictions based on the model FRBACO;the model FRBAC3 adds the restrictions of roles' rank based on the model FRBACl and the model FRBAC2.