Research On Theory And Application Of Access Control In Distributed System

With the rapid development and popularization of the technology on computernetwork, The production and life of the modern society have achieved a large number ofgreat changes, and more and more attention are paid to the problem of informationsecurity. Access control technology as a very important part of information assurancearea can authorize system user the access ability and the access scope effectively. Thedistributed, heterogeneous, autonomic and dynamic characteristics of distributedapplications bring many new challenges to the distributed interoperable access controltechnology.Based on the safety requirement of distributed network environment, the relatedtheory and practice of access control has been researched in this dissertation. First, itdiscusses the basic access control theory and technology, analyses traditional accesscontrol, points out the faults of using them in modern applications, and then putsforward usage control model, focus on analyzing the model's features and the systemstructure. Afterwards, the thesis analyses the requirements of access control indistributed environment, then obtains the limitations of existing access control models.Secondly, to be directed against in management function and distributed,multi-domain dynamic environment, this thesis puts forward the DUCON model. Withthe way of role, domain, protective domain, the DUCON model adds the function ofmanaging UCON organization and enhances the ability of model security applications.This model retains the advantages of RBAC model, changes the form of the Roledefinition, improves the way of Role management, increases protective mechanismsbased on objects. The formalized definitions of the DUCON model are also given. Thethesis also gives an implementation scheme of the DUCON system, which is based onthe DUCON model and could be applied in the distributed network environment.Finally, aiming at the specific application of distributed file system, the thesisapplies the DUCON model to distributed file system on WINDOWS SERVER 2003 OSplatform. It realizes the function of file encryption which is transparent to applications.