Rule Based Authorization Delegation Management

With the development of the network and distributed technology, the computer security has become more and more attention. When we share the information and access the resource, we must consider the security of the system that we access. Access control is a security service mechanism, which constraint the action to the resource to insulate the sensitivity information. Access control is one of the most important security services, which attracts much interests from both academia and industry. In theory, the access control models are used to formally describe the system elements, prove the system security and precisely express the security policy etc. In practice, new technologies and proposed and applied in different areas of business, military and govemment to directly improve the utility, feasibility and security of information system.Delegation is one of the important mechanisms in access control. Delegation is referred to as one active entity in a system delegate authority to another entity to carry out some functions on behalf of the former in order to improve agility in managing permissions. In today's distributed systems, a user often needs to act on another user's behalf with some subset of his/her rights. Now, most delegation models are based on role. But, these models did not consider security constraints and how to delegate permissions under complex role hierarchy. Security constraints are essential technique method to protect system. Still, there is a strong need in the large, distributed systems for a mechanism that provides effective privilege delegation and revocation management.Based on the analyses of security requirement in delegation authorization, this dissertation addresses a few key problems of delegation authorization: security constraints in delegation models, complex role hierarchy and security constraints consistency. The contributions are as following:1. The dissertation brings forward a new rule-based authorization delegation model. The model considers the basic security requirements and operation requirements. The models restrict the delegation by kinds of the security constraint rules. So the model not only can sustain the agility, but also can assure the security of authorization. And the dissertation compares the model with other delegation models. 2. The dissertation brings delegation authorization arithmetic. The arithmetic solves the delegation authorization in complex role hierarchy of delegation authorization model. The dissertation defines some concepts, for example role level and role range. And we discuss the delegation between the roles which have different role level. The dissertation analyses the arithmetic with the material instance.3. When we delegate the permissions, we will bring some constraint rules. Then this constraint rules will cause conflict with intrinsic rules. The dissertation discusses security policies and security constraint consistency. We sett security conflict by detecting constraint conflict and adjusting the policies.4. The dissertation brings the framework about delegation authorization model, which combines the characteristic of hospital. The dissertation describes the modules of the framework and constraint rules in detail.