Research On Tag-based Fine-grained Access Control Model

With the rapid development of commercialize information technology and network technology, B/S based enterprise-level web applications have gradually become part of everyone's life. While business groups and individuals share their information on the web through all kinds of web pages and enjoy the rich data and information service provided by different web applications, the fine-grained access control demands for the protection of sensitive contents and element resources within the web page have become more urgent than ever.The tag-level fine-grain access control demands in the web page is analysised. Through the study of the existing research on web page based fine-grain access control models and discussion on their unsolved problems, considering the multi-policy authorization feature in the distributed enterprize environment, the formal definition and description of the tag-based fine-grained access control model is presented. The model is convised from three aspects: the authorization subject, tag-level object resource definition and authorization model, along with the fine-grained authoriztion rule which supports multi-policy authoriztion. The policy combination, propogational conflict of the priviliges and the conflict of authoriztion status are discussed and corresponding decision algorithms to solve the problems are proposed.Additionally, the deficiency of the traditional access control models during the application's developing stage is analysised from the delelopers' perspective. Based on the function and purpose of different web page elements, a series of general-purpose secure attributes which meet the demand for presentation-level fine-grained access control definition are specified. A RAD security development framework-Sectag Secure Tag Library System is implemented in Java Web environment. The system is designed upon the core secure tag library which implements the tag-based fine-grained access control model in application. SecTag provides the feature of configurable and multi-policy support secure tag components which could be configured from the visualized interface implemented for WYSIWYG secure management service for the secure tags. Finally, a comparison between the SecTag tag library and the mainstream secure developing frameworks is demonstrated to show SecTag?s practicability and configurable advantages over the other frameworks in the engineering application for tag-based fine-grained access control support.