| The paper makes an in-depth study of access control issue in the enterprise information system. Its purpose is to provide the enterprise with a kind of the unified resource access control system, which enables the enterprise to implement authentication, authorization and access control in the unified way to the users, thus reducing the complexity of authorization management and security cost in the enterprise information system.The paper first analyzes today's three main access control technologies– Discretionary Access Control(DAC), Mandatory Access Control(MAC) and Role-Based Access Control (RBAC),and then points out that the traditional DAC and MAC are unable to satisfy the enterprise's demand for the unified resource access control. However, although RBAC has many merits, it is essentially still a subject-based static authorization model, and lacks the enough flexibility, dynamic characteristics and scalability and cannot satisfy the enterprise's demand for the unified resource access control completely. Based on the analytical research for RBAC's improved models, the paper proposes the Role and Context-Based Access Control (RCBAC) model. RCBAC model introduces the context information and the group mechanism to the access control policies. In RCBAC, the context information is used to control the user assignment and permission assignment dynamically and the group mechanism is used to simplify authorization further. Thus, RCBAC can implement the fine-grained access control and satisfy the enterprise's demand for the unified resource access control. Finally, based on the RCBAC model, the paper presents the framework and design for the unified resource access control system and has proved RCBAC's advantages by experimentation. |
PDF Full Text Request