Research On Mechanisms Of Multi-Domains Secure Interoperability In Distributed Environment

Nowdays, the distributed system has developed quickly, whose size and complexity are becoming greater. The distributed systems are made of multi-domains. In every domain, the security is guaranteed by the centralized control. Regarding the access control in single domain, two kinds of access control have been studied: one is role-based access control, the other is access control based on key management mechanism. Towards role-based access control, the user-role and permission-role assignment and revocation are always executed by secure management member to guarantee the security of access in the domain. But this processs is not very flexible. Based on the ARBAC97 model, a new independent role-based assignment and revocation model is proposed to enhance the flexibility of the original model.Regarding the distributed systems, secure interoperability between multi-domains is the key aspect guaranteeing the systems'security. The essential of secure interoperability between multi-domains is authorizing the users in foreign domain to get the permission of original domain. IRBAC2000 model defines the role mapping between two domains and solves the problem of mapping roles in foreign domain to roles in original domain. Based on the role mapping in IRBAC2000 model, an improved role mapping algorithm is proposed, which avoids the confliction of role mapping by adding the restriction condition to the process of role mapping.Another method of access control in single domain is based on the key management mechanism. Unified hierarchy defines the node to be the set of equal users and equal resources, which is more proper to implement the access control by using key management mechanism. By extending the key management mechanism in single domain, coinstructing the set of associated edges between two domains and computing the value of each associated edge, the key management mechanism between multi-domains is proposed. Applying the extended key management mechanism and identity authorization between multi-domains to the access control between multi-domains, the multi-domains secure interoperability model can be implemented. In addition, the security of the new model is analysed.