Research On Application Of Usage Control Model In Multi-Domain Enviroment

With the maturity of network technology and development of information technology, multi-domain interoperation in distributed environment is not only a necessary but also possible. Multi-domain interoperation provides a method to resource sharing to enhance the rate of using resource. As traditional access control model only pays attention to authorization step, the user can unlimited use the resource when he is authorized, that lacks agility , dynamic and granule control, go against to protect resource. Go by the name of next generation access control model, usage control (UCON) model encompasses traditional access control, trust management, and digital rights management and becomes the next generation of access control. It solves the security and privacy issues in the modem commerce and information system and makes a great drive to the access control technology and the network security.The usage control model was introduced and several kinds of traditional access control technology and the subsistent problems were analyse, based on them, the theory of predicate and collection to analysis the work mechanism, logic description and architecture of this model were used. With analysis the security requirement of distributed environment to access control, this thesis uses mapping policy to construct multi-domain interoperation model named MDUCON based on usage control. Formally define this model and modeling its components, The problems of three modules: attribute, condition and duty, when sharing data and interoperating in distributed systems, are explored and the solution is given.In addition, As the experience of the e-Government project,it introduces the system and security requirements of e-Government, points out the application status and shortage of the traditional access control model, and fusion the features of UCON with it, and then studies the feasibility and bright prospect of applying MDUCON to e-Government. Finally, the main aspects and steps to UCON are put forward, and the characteristics of UCON which includes integration, security, reality and feasibility are discussed. Lastly, A prototype system about multi-autonomous domain is developed based on the project which is an e-Government rights management platform in Hubei province. The rules for interoperating between domains and solution for conflicting are defined. The characteristics of the UCON basic model and its expansion in multi-domain are implemented in this thesis.