Research And Application Of Access Control Mechanism Based On Certainty Factor

By analyzing the developing trends and main problems of network security, summarizing the new aspects and characteristics of network security, the thesis focuses on the authentication and access control based on certainty factor of user. The most work are as followed:Firstly, based on the current research and definition of trust, the basic definition and understanding of certainty factor are proposed. According to the subjective trust of user identity and uncertainties in the process of access, the thesis gives the analysis and description about properties affecting user's certainty factor.Secondly, aiming at solving the problem that traditional authentication system considers the user's id rather than its true identity, a new authentication model based on certainty factor is proposed. By introducing authentication certainty factor and trusted access condition of system to this model, the thesis gives the essential frame and exact description. Using the method of uncertainty reasoning in A.I, it also gives the formalization of authentication rules and the formula of certainty measurement. To be more adaptive, improved models are presented. Model with weighted factors can solve the problem that different premise conditions of authentication rule have different importance; model supporting fuzzy condition can solve the problem that the premise conditions and information obtained are not matched. Then comparison between trusted authentication mode and traditional mode are made using application cases.Then, by analyzing the independence problem of identity authentication and access control in the network security mechanisms, an access model integrated trusted identity authentication and access control is proposed. The thesis gives the essential frame and description of this model. Referring to user's certainty factor, the conception of object trusted access condition and user's dynamic certainty factor are presented. Integrated with RBAC model, an application of trusted access control model is given. By introducing the trusted activation conditions of role and graded role to this model, it can add trusted constraints in the assignment process of role and right, and prevents user of low certainty factor from having higher access right.Finally, on the background of the development of PMAS and referring to the model of trusted access mechanism, the access control subsystem of PMAS is designed and implemented.To summarize, the aim of research in this thesis is to improve the security of network application, study the theory and method of security control in network system and offer some useful reference for designing and realizing of security system.