Research Of Authorization Policy Based On Expanded RBAC Model

Privilege Management Infrastructure is an important part of Information Security Infrastructure. Authorization policies provide guarantee of running harmoniously for each privilege management system of Privilege Management Infrastructure. It describes the principles authorization followed and the range of each authorization entities. It determines the main content of privilege assignment and the availability of privilege verification.Access control model have close relations with authorization policies .Therefore the paper supply expanding research on access control model firstly .To analyzes current authorization policies .Later rise out new authorization policies and carry on research on application in PMI.The main work of this paper as follows:1. Given an expanded RBAC model. Based on RBAC model, the paper adds user group, role group to extend the model from user, role and permission. The model can improve the flexibility and reduce the workload for authorization.2. Analyzed authorization policies of PERMIS PMI. It defines complete authorization policies based on roles and provides basic dependence for research on authority in practice, and there is some shortage in specification and complex situation yet.3. Researched and submitted specification of authorization policies based on expanded RBAC model. Shown out authorization policies of expanded RBAC model by PERMIS PMI, and researched on elements of authorization policies, matter considered when constituting, later defined specification of authorization policies and supplied reference data for operating authorization policies.4. Clarified authorization policies based on expanded RBAC model application in roles allocated to users, privileges allocated to roles, setting privilege management center, setting resource management agent and privilege verification.