The Research And Implement Of PMI Access Control Model Based On Terminal Environment Quantitative Assessment

Access control is a key content in Information Security Guarantee System; it concentrates on issues about date confidentiality, integrity and availability. Access control could keep information systems are in legal use by checking up the availability of the subject to access the object. Access control mechanisms nowadays, such as RBAC, are all based on user as single subject. If users have the right to access object, that means any programs on this system can have the access right on this object. If users are logging on systems with low-level security, users may lose the specific control right on the resources, thus, confidentiality, integrity and availability of the information would be seriously threatened. So user guide access control mechanism formally used could no longer meet requirements to protect resources, especially sensitive resources and a more completed strategy is needed.PMI (Privilege Management Infrastructure) is universal authority management and service console. It do access control work successfully through attribute certificate which represents and accommodates rights information. PMI models nowadays, are all RBAC related, using role as attributes to give user the right certificate. This article introduces a PMI access control model based on terminal environment quantitative assessment with idea of safety assessment.This model use safety access technology to do the checking up and assessment work for the collective object in terminal before terminal get access to the net to get the quantitative assessment results in terminal environment, which is, in other words, safety grade. Then it authorize and judge the access rights according to object combined with user identity and terminal environment safety grade. If there is security hole in terminal, safety access can propose remedy suggestions accordingly and do real-time job to monitor the terminal safety status. In this way, safety problem in terminal can be degraded and net resources can be protected This paper first introduceed detailed the basic theory on access control and PMI technology, gave an PMI access control model based on terminal environment quantitative assessment. Then, it gave the needs analysis and design of the main frame. Chapter 4 analysised the main factors collected in terminal environment, studied the attribute assessment method and gave a example. At last, this paper gave a detailed introduction on designing of the structure of each module in the main frame and the way they communicate, it also gives the implement on java platform from the points of client proxy and server judgment.