Research On Key Technologies Of Authorization Management Based On Improved UCON Model

The authorization management faces new challenges due to complexity, highly dynamic nature and inherent heterogeneity of the distributed network. The traditional static authorization just specifies the privileges in advance and the dynamic privileges are not under control during the process of accessing resources. Therefore the research on how to carry out efficient dynamic authorization to satisfy better users' requirements on authorization management and access control is a critical subject in the authorization management field and has significant meaning.Aiming at the questions mentioned above and based on the UCON model, this paper explores deeply into how to carry out efficient dynamic authorization. The main work in this paper shows as follows:1. On the basis of researches on the theory foundation of authorization management such as authorization models and access control models, this paper introduces in detail the present research actuality of the access control model and privilege management infrastructures and points out the dynamic authorization problem.2. This paper puts forward a role-based UCON authorization model that is called RBUCON. On the basis of analyzing deeply into the UCON model, this paper puts forward an improved UCON model that is RBUCON model by introducing concepts such as roles and role hierarchy. The RBUCON model is analyzed with the set theory, predicate logic and TLA logic. The results show that the model could support dynamic authorization efficiently with feathers such as simple authorization management and being easy to use.3. This paper explores the authorization framework based on RBUCON model. On the basis of RBUCON model, the paper puts forward a framework which supports dynamic authorization and proves its safety property with the theory of finite state machine (FSM). The critical technologies include the attribute certificate, the management of authorization rules and the reference monitor and so on.4. This paper investigates deeply into the XACML based access control policy that supports dynamic authorization. This paper studies the XACML based policy schema which supports dynamic authorization and improves the twin pattern based policy query algorithm to satisfy the real time property needed by dynamic authorization. The algorithm puts forward the idea of combining the region encoding of the policy set, the resolution of twin pattern and cutting down of the invalid policy. Experiments show that the efficiency of the algorithm gets raised.5. This paper devises and realizes key modules of the authorization management system which supports dynamic authorization.