Research And Application Of RBAC Model Based On Fuzzy Theory

With the development and popularization of computer network security of application system has been more and more prominent and relevant security technology has become a key issue among the researchers.Access control is a system security technology which can implement the existing security strategy.It can judge whether a request can access certain resource and it is usually used to prevent unauthorized user from accessing the resource and prevent authorized user from accessing the resource illegally.Traditional access control mainly has three models:DAC(Discretionary Access Control), MAC(Mandatory Access Control) and RBAC(Role-Based Access Control).By comparison RBAC which is agile,secure and convenient has become an effective model to implement the enterprise's security.It conforms to permission division based on duty in daily work.So RBAC is widely applied in large-scale system and becomes the key issue.But when certain system or service has large amount of users,it is a hard job for the administrator to assign the roles to each user and maintaining user-role assignment up-to-date is costly and error-prone.In order to standardize the access control strategy,human's fuzzy decision-making ability is needed.Some researchers import fuzzy theory into RBAC and propose fuzzy RBAC models to allow imprecise access control.But the models have invalidations in certain circumstances.In this dissertation,an optimized fuzzy RBAC model is proposed based on the existing models' advantages.Bitmap matrix is used for computing RT(Role's Trustworthiness).Variance is applied to adjust attribute weight vector to improve max-min operation's limitation.Fuzzy cluster analysis is utilized to improve the accuracy of the model.Historical and mutually exclusive permission table for each user is enforced to implement fuzzy RBAC model with separation of duty constraint.Additionally,the optimized model is described with XML-graph which implements multi-inheritance and private inheritance in order to improve the limitation of role inheritance in traditional XML-described RBAC model.XML's text-based property simplifies the user-role assignment by modifying XML files with notepad.XML's platform-independent property makes the access control strategy easily deployed in different systems and largely expands the model's application scope.In this dissertation the optimized fuzzy RBAC model is applied in certain bank's permission management system.In this system,administrator only needs to modify few entries of the approximately exact results by fuzzy evaluation and then he can acquire completely exact user-role assignment to accomplish multiple sub-systems' access control,which reduces the administrator's burden and improve the efficiency to a large extent.