| The Chinese Wall security model is the most important access control model in the field of the commercial information. It provides a kind of flexible and effective control mechanisms for the access control, and it combines user's freedom with confidentiality of the information. The RBAC is the popular access control strategy at present. Because of its unique merits, it has aroused widespread concern in the academia. RBAC is applied widely in many systems, especially in large-scale database system, because of its flexibility, convenience and safety.In this paper, dataset organization, simple security and *-property of the Chinese Wall security model which is proposed by Brewer and Nash (the BN model) is introduced firstly, and sanitation for the company information is proposed, too. Chinese Wall security policy-an aggression model (the T. Y. Lin's model) is proposed based on the BN model, unified the conflict analysis which Pawlak proposed, and increased some uncertain factors. The biggest difference between the T.Y.Lin's model and the BN model is that the conflict of interest relation which is supposed by the BN model is an equivalent relation, but the T.Y.Lin's model thought the conflict of interest relation is binary relation which only satisfy the reflexivity. RBAC is one form of mandatory access control, and one of its characteristics is"the neutral strategy". RBAC is not designed for the special security policy, but it can realize many different security models. There are two notable characters of the RBAC model. For the first one, it could reduce the complexity of authorization management and administrative cost. Second, it supports corporate security policies, and always adapts easily to fluctuations of corporation. Therefore, it motivates us to implement the Chinese Wall Security Model based on RBAC.The primary coverages of this paper are:1. RBAC based on single-granularity time constraints is configured to implement the BN model. In the configuration, the key is role hierarchy and role-user assignations are configured according to the data organization and access control strategy of the BN model. And a constraint of effective time is given. The role constraints languages are given to avoid ambiguity which the natural language produces.2. The RBAC are configured, which are according to the differences of the conflict of interest relation and data organization. And it is proved that the final decisions of the T. Y. Lin's model and the RBAC configuration model are consistent to the ueses'access request.3. The last part of this paper presents a B/S system which is complied with C# under the .NET platform. The BN model and the T.Y.Lin's model are simulated separately, and then RBAC are configured in two models to control users'access request. The system can make the correct decisions to the users'visit requests. |
PDF Full Text Request