The Application And Research On RBAC Model Based On Task And Resource Abstract

Currently, Role-Based Access Control is one of the focus of Access control technology, which can succeed in reducing the complexity and cost of security manage in the large-scale network application. However, in most cases the research on authorization manage schemes of Role-Based Access Control is not in the perfect, and many problems are needed to be solved. First of all, users and users type scale are huge and the number of roles in turn is increasing fiercely. Furthermore, more fine permission granularity, more the number of roles. Besides, RBAC model is in the such passive state, that temporal constraints are present directly by no means, thus the model is not suitable for environment of work flow.Many achievements, such as various modified strategy have been obtained towards solution to the above problems. Typically, Administrative RBAC(ARBAC), cause the more management steps and more management cost . Task-based Access Control (TBAC), has no capability of copying with the task of non- workflow. Temporal RBAC(TRBAC) ,don't analysis the model constraints based on the constraints policy, and bring the difficulty of permission management. Others, NRBAC(New RBAC) proposed by Qiao Yin and Role-Based Collaborative Systems Access Control(RBCSAC) proposed by Li Cheng-kai, the two models have no efficiency to do with the management of permission and roles.A scheme of RBAC based on task and resource abstract, TR_RBAC, is proposed in the paper after the investigation on the existing solutions.To begin with, The model is formed from the second abstract of the resource based on the traditional RBAC, and the model is decomposed into resource types and resource regions attached to detailed formalization definition. Besides, relationship after resource abstract is predicted and analyzed. The scheme of permission assignment and utility is presented. At last, the performance of resource abstract RBAC model is conducted. Analysis is shown that the reduction of role redundant extend and simplicity of complexity is obtain in my proposed model.Besides, the conception of task is introduced to the proposed RBAC model and definition attached to it is presented. The constraints and regulations related to tasks are prescribed and discussed largely with respects to the new model. According to three noted secure principle, the secure performance of it is analyzed. Analysis is shown that by the statistic constraints to role and dynamic permission manage to task, the proposed model achieves the separation of permission with users in the work flow, which solved the difficulties derived from RBAC model being in the manage system of work flow. Lastly, cases possibly emerging dynamic constraints collisions are discussed, furthermore, four types collisions are summarized, and collision detecting algorithm avoiding collisions is presented.The feasibility of the proposed TR_RBAC model is vertified. Based on the theoretical analyzing, the proposed model is applied to Permission Security Management Subsystem (PSMSS). The combination of role with task is achieved, and consensus function is added in the system, which makes it more perfect to manage the system safely. PSMSS has been put into effect in the University Educational Administration Manage System (UEAMS). AS shown, TR_RBAC copy with the difficulty of the role redundant extent and temporal constraints, so it is workable in the environment of workflow with large scale users. Furthermore, the model is applicable to enterprise security manage policy in the large-scale information system.The proposed TR_RBAC model, conducting the resource decomposing and introducing the task conception, will cause model more complex. And, roles commission has not been discussed. So, the future work such as discussion and optimal control on access control efficiency and roles commission will be conducting.