Research On Access Control Technology Based On Security Label For Web Application

With the development of civil economics and informationization, the Classified Protection is an elementary policy. The construction for information system meets the 3rd Security Level (Security Label Protection) defined in GB17859-1999 is the decisive role when Classified Protection are performed, in which Security Label and Mandatory Access Control (MAC) are the most important security requirements. The key work of improvement for information system is to make the Web applications satisfy above security requirements.This paper has studied the characteristic of Web resources and the elementary principles of Web techniques on opening network environment, the technique of access control and its application on Web applications, and combined with the requirements for 3rd Security Level, the optimized model, mechanism and architecture of access control are proposed to perform MAC based on security label for Web applications. There are three contributions in this paper:(1) The Security Label-base Access Control Model for Web Application is proposed.According to the characteristic of Web applications and intensive research on BLP model,when the redefinition of elements, modification of security property and extension of states conversion rule are finished, an optimized mandatory access model control based on security label for Web application is proposed. The optimized model can support the access control based on security label for Web application, and satisfy the requirements for access control in 3nd Security Level.(2) The access control mechanism combined with role and security label is established.According to the Security Label-base Access Control Model for Web Application andGeneral Framework of Access Control (GFAC), a mechanism of access control for Web applications combined with role and security label is established. At first, the research on organization and management of key elements in mechanism and the relationship between departments in practice are performed, and the definition of category based on organization structure is proposed; then according to pretreat and decide of access control processes in this mechanism, the corresponding execution flow and algorithms are proposed.(3) The system architecture of access control for Web applications based on security label is designed.Considering the requirement of system construction for access control in practice, and based on the foundation of the theory model and the mechanism, a system architecture of access control for Web applications based on security label is designed; when the configuration of function module is well finished, a system of access control for Web applications is formed which can support the unified service of authorization management and achieve the ability of transplant and extension; finally the design and implementation for access control module are performed.