| As the development of the technologies of networks, access control and privilege management in distributed environment have got rapid development, Public key infrastructure (PKI) has solved identity authentication, data confidentiality and data integrity, Privilege Management Infrastructure (PMI) as a new technology can provide strong authorization, it was introduced to support access control, together with Role Based Access Control (RBAC), it can work very well.This paper analyzes existing access control models based on Attribute Certificate (AC) and RBAC, discusses the design of ACs, the specification of policy and the implement of RBAC. Considering the multi-domain environment, we propose an access control model based on AC and roles, in this model the interoperation of two domains is discussed; it is not supported by single policy like others and possesses higher security intensity.We choose XML for the policy specification language, in each domain RBAC is adopted to control resources. The policy is composed of several sub-policies, every sub-policy has its own effects, including role hierarchies, static and dynamic separation of duties, the access to target resources and the role mapping between domains. ACs was used to bind users and their roles, also policies are stored in ACs, so they are tamper-resistant. We consider constraint violations arising as a result of interoperation of multiple domains, give a method to detect them.Finally, we design a multi-domain access control model on the .Net platform, including the construction of client and server, an access engine is developed according the violation detecting method. |
PDF Full Text Request