Research Of Multilevel Security Metadata Access Control Policy And Model

With the rapid development of metadata technology, the applications of metadata become more and more, many information systems use metadata to describe information resources. Metadata can describe all aspects'information of information resources, besides, metadata have the same behaviors and characters as the information resources described have, in someway it can be said that, metadata is as well as a kind of information resources of information systems.In many information systems, users can access metadata directly, and get the information of information resources which are described by metadata by the access to the metadata. Like other information resources, the metadata of information systems are threatened by the illegal access of unauthorized users and the illegal operations of authorized users too, therefore, the access control to metadata is needed.This paper firstly researches metadata and access control, then analyses the metadata and the metadata access control of the information systems which contain sensitive information resources and use metadata to describe information resources, educes that the problem of metadata access control of this kind of information systems is a problem of multilevel security, then, analyses the deficiencies of existing access control models in solving this problem, accordingly, puts forward Multilevel Security Metadata Access Control policy and model to solve this problem.Multilevel Security Metadata Access Control model is a kind of access control model bases on Role Based Access Control model which has been developed maturely, acknowledged and applied extensively, it introduces Security Level, Category, Sensitivity Level and some other elements, adds Secutiry Level Assignment, User Category Assignment, Sensitivity Level Assignment, Object Category Assignment and some other relations, and ameliorates the access control rules and constrain rules of Role Based Access Control model, consequently, avoid the deficiencies of Role Based Access Control model in metadata access control, and can solve the problem of metadata access control commendably.This paper analyses the related problems of this model, introduces multilevel security metadata access control policy, illuminates and depicts the basic elements, holistic structure, relations, constrain rules and access control rules of model, analyses the this model, lastly, designs the framework of implementing this model, validates the feasibility of this model by a prototype system which applied this model.