The Research Of Role-Based Usage Control Model

As one of five security services that must be implemented in the basic architecture for secure information systems defined in the network security standard (ISO7498-2) by ISO, is an effective technique and method for information defense and protection. However, the traditional access control model mainly focuses on the protection of data in a centralized-and-closed environment, and can not meet dynamic, continuous access control requirements for open network environment. So it is very necessary to research on the access control model in open network environment.This paper presents a study on access control for an open network environment. Firstly it proposes an useful solution that integrates core usage control model ABC with role-based access control model RBAC for an open network environment after comparing and analyzing these two methods' profits and deficiencies; Then access control requirements in an open network environment with uniform administration and multiple access control policies are analyzed and discussed, the thought of separating right granting from revoking is set forth ,and based on it a role-based usage control model RBUC for an open network environment is presented with an integration of ABC and RBAC; Next it efficiently resolves access control problems for an open environment that meet dynamic, continuous access control requirements in a better way and facilitates central administration and improvements of existing RBAC application systems; Also administration operations of RBUC is discussed and defined, administration of users, rights and roles is implemented by TRUA, PRA and RRA based on administration model of RBAC ARBAC; Further, the application of RBUC is discussed in details, an implementation of traditional access control, trust management and DRM is presented; Finally, a formal specification for RUBC from logic of authorization and constraint policies with temporal logic of actions TLA is proposed, which explicitly describes and specify the formal meaning of RBUC from the point of temporal logic.