The Research And Application Of Access Control In Distributed System

With the development of network technology and the enlarging of enterprise scale, distributed application systems are used by more and more enterprises. Many distributed application systems use access control as effective solution to handle security problem. But so many distributed application systems have been used in enterprise, that security management become very complicated. To solve this problem, enterprises have to integrate all of distributed application system and develop Enterprise Information Management Platform (EIMP), so employees or administrators can use it to access or manage distributed application systems for attaining the purpose of uniform access control and management.This thesis takes the establishing of global access control mechanism as study content, to supply efficient security access solution for the development of EIMP. Firstly, the author analyzes traditional access control model, such as mandatory access control, discretionary access control and role-based access control, and then points out the fault of using them in modern application. Secondly, new generation access control model-usage control(UCON), which lay the logic foundation of practical application, has been systematically studied and analyzed by using set and predication theory. Thirdly, according to the feature of distribution application and enterprise structure, Organization Structure Access Control (OSAC) model has been created in this thesis by using basic principle of UCON, and describing through set and predication theory. Fourthly, the author introduces in detail the architecture and functionality of EIMP, and analyzes OSAC model deeply. Finally, the author puts forward the security control solution based on OSAC to implement the EIMP. The author studys the development of database and modules, analyzes key technology and puts forward an application example of the solution.The thesis indicates that OSAC model can describe the characteristic of global access control, to afford safe and practical strategy of access control for kinds of distributed application systems; what's more, the access control solution of OSAC can satisfy the need of access control strategy as reusing and dependent component in EIMP,and the solution achieves the goal of uniform user management, uniform resource management and uniform access control for kinds of distributed application systems through visible and friendly interface.