Research On Role-Based Delegation Model With Fine Grit And Efficient Revocation

Role-Based Access Control(RBAC) Model is the mainstream of current Access Control Model,which is also hotspot of research in recent years.It is superior to traditional Discretionary Access Control(DAC) and Mandatory Access Control(MAC),and meanwhile provides higher grade of flexibility and expansibility, which is adapt to distributed application.The purpose of delegation is transferring,managing and controlling the right. People manage to design logical delegation model and establish strategy of delegation to implement flexible delegation.Delegation technology developed a series of models such as RBDM0, RDM2000,PBDM on the basis of RBAC.But they all have problems at the side of delegation granularity or system resource demanding.RDBM0 and RDM2000 can not incarnate the principle of least privilege on granularity of delegation.PBDM implements fine grit with thought of delegation role(DTR),but also brings problems such as that plenty of temporary roles which are incomplete on logical occupy system resources and lead safety potential.So it is meaningful to research and resolve aiming at the problems of existing models.This dissertation begins with a simple introducing of the background of RBAC and its features,then analyzes the PBDM model which is compared with RBM0 and RDM2000 and point out the problems of delegation granularity or system resource demanding of the models.Integrating with features and safety requirements of enterprise's access control system,this text points out the necessity of adopting role-based access control and granular delegation technology in enterprise's access control system.This text takes the thought of PBDM for reference and consummates the problems which are summarized,puts forward a role-based,granular, delegation model with efficiency and safe revocation,then expatiates on the implement logical of the new model.At last this text specifies the workflow of model using enterprise as the background to validate the feasibility of this theory model and finally gets arrival at a conclusion.