| With fast development of information security technology, a whole internet security solution is put forward. Access control system is critical to ensure the security of the system. PKI systems can set up a safe net environment, by the flexible way of managing key and certificate, which becomes the fundament of implementing security mechanism such as access control, confidentiality and integrity. On the basis of authentication, Privilege Management Infrastructure has implemented an independent authorization and access control system in the form of certificate. It is less related to the application system and would simplify practical system development and maintenance, which is more flexible. X.509 standard has not standardized any type of authorization policy, and it leaves this to the system which uses PMI.By analyzing the requirement of Removable Devices Information Anti-leaking System, It presents a framework of access control system based on RPMI which consists of client, access execute function, privilege verification function and certificates database. Privilege policy is critical to system operation. In the design of the access control system, by analyzing existing policy and considering the requirement of the RDIA, it designs an authorization policy to satisfy the basis and special requirement of the system. The policy designed for the system consists of seven sub-policies and they are attribute policy, subject policy, role hierarchy policy, role assignment policy, target policy, action policy and target access policy. It is described by xml. In this policy, it discusses how to describe all kinds of constraints which tighten the screws of access control. Using this policy and considering the PMI design thought, it implements the user authorization and access control system for the removable devices information anti-leaking system in local area network. Besides, it gives a frame of improved system, which shows the further study content. |
PDF Full Text Request