Research And Implementation Of An Access Control Model Based On T-RBAC

With the rapid popularization of network and its application to every aspect of social life, the security of network has become an important problem. Access control is one of five security services that must be implemented in the basic architecture for secure information systems defined in the security standard (ISO7498-2) by ISO. Role-Based Access Control (RBAC) is one of the best and most popular access control models. Compared with the traditional DAC Model and MAC Model, it can provide better flexibility and scalability. Based on this, a Task-Role-Based Access Control (T-RBAC) model is brought up, which is integrated with the concept of role in RBAC and task in TBAC. T-RBAC can effectively reduce redundant data and make the related management more convenient. However, the lack of constraints such as time narrows its deployment in systems where a much higher security requirement is needed.The thesis presents a study on extended T-RBAC model in military enviroment. First, systematical researches on Discretionary Access Control, Mandatory Access Control, Role-Based Access Control and Task-Role-Based Access Control, summarizes the characterisitic-s, advantages and disadvantages of them; Then, analyses the especial request in military environment and puts forward a military access control model based on task and role called AT-RBAC model (Army Task-Role Based Access Control). The model put temporal constraint in the process of confering role and performing task that enhance time characteristic of the model. In order to decrease inheritance granularity, we divide the role inheritance into two ways:open succession and close succession. At the same time, some concepts are introduced in the model:role level, task fraction, task priority, dependency among tasks. T-RBAC model soundly strengthens constraint and satisfy the veracity and security request. Finally, in order to explain how to realize this system based on T-RBAC model, the thesis implements the given model in Military Dictate Automatization System. The thesis describes the work flow, datababase design and important code in the system. The test result shows that the system can achieve expected function of the model as well as its feasiblity.