| Access control is one of the most significant mechanisms in information system security. Access control service can restrict the approach to critical resource, and avoid damage brought by illegal users'intrusions or legal users'inappropriate operations.Discretionary Access Control (DAC) and Mandatory Access Control (MAC) have shortage and limitation in application. Owing to the concept of'role', Role-Based Access Control (RBAC) shows advantage in meeting the security need in many enterprise-wide systems, which is widely applied nowadays. However, with the continuous growth of enterprise's scale, RBAC revealed some of the problems and need further improvement.Therefore, this paper makes research on access control technology, the main research work are listed as follows:1.Presents a cryptographic key assignment scheme based on Both the Chinese remainder theorem and quadratic remainder theorem, in order to solve dynamic access control problems in user hierarchies. The user in higher security class can use information items which belong to users in lower security class, but the opposite direction of this operation is infeasible.2.Analyses the rules of RBAC, gives a formal specifications, presents the RBAC with the language UML, and compares RBAC with MAC and DAC.3.Considering the shortage of RBAC in application, an extended role-based access control (ERBAC) model is put forward. Compared with RBAC, ERBAC model is not only achieve dynamic adjustment of role-session, but also more flexible and suitable for large-scale system applications which have a large number of roles and small-granularity permission assignments. |
PDF Full Text Request