SA-RBAC: An Innovative Role-based Access Control Model Introducing Self-authentication Mechanism

With rapid development of computer technology, communication technology and network technology, the safety of computer system get more and more attention. As an important security technology, access control has a broad application field, which includes operating system, database, network, and so on. Role based access control (RBAC) is the mainstream access control model since the 1990s. Comparing to the traditional discretionary access control (DAC) and mandatory access control (MAC), RBAC has better flexibility and expansibility.The NIST RBAC Model, which is proposed by the US National Institute of Standards and Technology (NIST) in 2001, is a normative reference model for the research on RBAC. However, the reference model has some deficiencies in its practical application. First, previous researches in the field of RBAC model, including the NIST reference model, focused largely on the subject part containing entities of users and roles. Correspondingly, the permission part containing entities of operations and objects is neglected. Second, the operations and objects of access control mechanism often have obvious safety grade in practical application environment, which is not embodied in the NIST reference model. In addition, the NIST reference model lacks its own identification.Based on the above consideration, self-authentication mechanism is introduced to the NIST reference RBAC models to enhance safety and reliability of the whole application systems. An innovative role-based access control model introducing self-authentication mechanism (SA-RBAC) is proposed in this paper, and the verification and implementation of the new model is studied as well. Our research consists of the following four parts:(1) Detailed discussion and formal description of SA-RBAC model.Based on the NIST reference RBAC model and identity authentication technology, an innovative role-based access control model introducing self-authentication mechanism (SA-RBAC) is proposed. A multi-dimensional description of self-authentication mechanism is given at first, and the follow is a formal presentation of SA-RBAC on the based of NIST RBAC Model. Moreover, we also make a systematical description on several key issues on the new model.(2) Specification and verification of SA-RBAC policy based on Colored Petri Net (CPN). The modeling of SA-RBAC policy based on CPN is carried on, and the verification of related safety properties is implemented as well. All the states in the CPN model describing SA-RBAC policy can be proved to be consistent.(3) Research of modeling and implementation of SA-RBAC policy using Unified Modeling Language (UML).The work not only focused on specifying the static structure of SA-RBAC policies using user case diagrams and class diagrams, but also includes descriptions of the patterns of dynamic behavior using collaboration diagrams and sequence diagrams. Our policy specification approaches are relatively close to the implementation, so it can be integrated into software design methods to ease the task of incorporating the policies into UML application models.(4) Implementing SA-RBAC policy in .Net development environment.