The Research And Design Of Role Based Access Control

In the development of society, IT plays an important place. With the advancing of network technology, the communication and sharing of information go rapidly. We put more attention to computer security. Access control is the most important method of computer security; it involves operation system, database and enterprise's information system. Recently, role-based access control is the most concerned problem in the computer security area. RBAC provides convenience for management users and permissions through adding roles between permissions and users.Along with the application of workflow in the management of enterprise, RBAC becomes difficult to fit the dynamic environment of workflow. In order to complete the tasks, roles switch more, the relation of inherit become complex, the quantity of role is huge .All this phenomenon indicate the difficult to control permissions. But if we distribute permission based on tasks, the characteristic of organization can't be performing; some basic permission will be limited.According to the characteristics of two models, this dissertation gives a new model, named separation RBAC. Through the divide of role's permission into two parts, basic permission and dynamic permission, the user's permission will be controlled. When user gets his role, basic permission is given, but the dynamic permission is only active by the task instance through AS (authorization step). When the task finished, that is the lifetime of task is over, the dynamic permission is been hold up.The main research work of the dissertation is as follows:1) Analysis the theory and development state of access control. Especially analysis the RBAC. Then analysis the problems of modern access control;2) Discuss the desire of access control in workflow environment. Given a new Separation RBAC based on the traditional RBAC. Design the construct, defines and formal description of model;3) Given the scenario of this S-RBAC based the real workflow environment and the research of traditional access control model. Design the modules of whole system, database construct and some part of code.