Research And Implementation Of Jtang Privilege Management Infrastructure Based On Extended RBAC Model

With the in-depth application and rapid development of information technology. information security issues have become increasingly prominent, while access control and privilege management are important parts of security system. The thesis aims at the problems of disordered privilege management and high cost of reuse in large-scale distributed systems, combines the hign-tech industrialization project of Natinoal Development and Reform Commission. faces to financial securities and other high-endindusty, we develop a unified framework for privilege management——JTangPrivilege Management Infrastructure(JtangPMI).Through this platform, we achieve the integration of heterogemeous cecurity model and common security services such as privilege management, cross-domain access control,security audit. By using the platform . we can improve the efficiency of development of information systems and simplify the security mamagement burden on business users.For the inadequacies of the classic RBAC model like the cumbersome operation in complex systems and the difficulty to map organization structures , the thesis proposes a role bidirectional-inheritance supported constrained RBAC model called BI-RBAC. Through virtual role hierarchies and the constraints on it ,the proposed model can enhances system security access , and provides a more flexible authorization mechanisms. Meanwhile, bases the features of decision making of authorization policy for distributed environment often have to consider the context information, we define a context constraint to enhance the model function.For the inadequacies of the current PMI system like lacking support for distributed applications and cross-domain authorization, the paper proposes a imporved framework based on the proposed BI-RBAC model, and designs structure of JTangPMI authorization policy based on XACML language, studies the policy-based access control process.The paper also conducts a detailed analysis of the conflict situation under the Sepetation of Duty (SOD) constraints, and gives the corresponding conflict resulation methods. We propose the key access control algorithms of model BI-RBAC. At last, the paper introduces the design and implemention of JTang privilege management service middleware system, and its application on the Hundsun Electronic stock trading system.