Optimization Of Role-based Access Control And System Design

Role-based Access Control (RBAC) is an advanced and efficient secure access control method, which greatly reduces the complexity and cost of authorization management. It can flexibly adapt to the changes of the secure policy. At present, the research on RBAC-related is a hot issue, and it has a unique scientific value and broad application prospects.This paper proposed an optimization idea for the RBAC model which is named Multi-Domain RBAC model. The concept of―domain‖is added into the classical RBAC model. At the same time, we add the domain inheritance and the domain cooperation mechanisms so that the efficiency and safety in authorization decision and authority calculation are improved.For the problem of role inheritance violation, this paper proposes a method which can detect whether there's a role inheritance violation and where it is. Then this paper gives a method to solve this problem under a special condition when there are only two domains.An idea for the optimization of role hierarchy is proposed in this paper. That is the Role Hierarchy Graph Coding(RHGC)ideas. This idea is mainly aimed at the complex computing problem caused by role inheritance, and it simplifies the calculation and query of authorization.To guarantee the least privilege principle, a method of using the knowledge of network flow to model is proposed in this paper. And then through a series of transformations we get a solvable model of minimum cost flow problem. Through the approach of modeling by network flow, this paper ensures the principle of least privilege in the authorization management of RBAC system successfully. And the availability and superiority of RBAC system are further enhanced.Since it is related with the security, it is difficult to find an available and complete RBAC system. For this issue, this article will introduce an RBAC access control system based on multi-domain RBAC model. The system follows the requirements of the standard RBAC system, and it completes most functions of the standard RBAC system. At the same time, including the RHGC idea proposed in this article, many of the latest research results about RBAC have been reflected in the system.