Two Rbac-based Access Control Model And Applied Research

Enterprise credit data sharing platform, using modern information technology and network technology, based on the existing network resources, the realization enterprise and individual credit information in the administrative organ according to the safe and efficient and reliable credit data exchange standards and specifications, the judicial organs, financial institutions, public institutions and relevant organizations across the department between open sharing and summarize integration, and based on this, establish and improve the credit information resources development and application system, according to the needs of society, provide mutiple level credit information service, promote the construction of social credit system in rapid development. In order to guarantee the safety of the network security and guarantee system platform, designing enterprise credit data sharing flat platform-access system (enterprise credit access system) to ensure the security of the system. At First, the paper introduces the domestic and international research on access control and some commonly used access control strategies and models, and carries on the comparison. The work is follow:Firstly, the traditional access detailed for module-permissions and into data-permissions. A module-permissions contains one or more data -permissions. The link between module-permissions and data-permissions is existed. The division of the permissions plays an important role in RBAC model. It can lead to permissions too much if dividing too thin. Dividing too thick, it will not well distinguish user permissions. Two level permissions division, which makes access control more issions system in the real world. according to object-oriented ideas, the inherit permissions of role is divided into three types,which are public, private, protection. The basic information in permissions can define a depth of variable. Use the depth variable distinguish the difference.Secondly, it ncreases the concept of user-trust in order to prevent the user's possible existence of suspicious behavior. After combination of factors, it gives the definition of user-trust. The user-trust can divide into basic-trust, direct-trust and recommend-trust. Basic-trust can be obtained according to user login factors such as IP, frequency. In the calculation of direct-trust and recommend-trust, it introduces a Bayesian Estimation Theory. based on Bayesian Estimation Theory,it be able to launch a priori information and sample information in the calculation of the posteriori information. when calculation user-trust, the behavior of users may occur as an assumption, will act to undertake operating system set to obey uniform distribution probability, namely priori information, become the hypothesis of the bayesian hypothesis, again as sample user history visit record information, you can deduce the future behavior of users of information, namely the user trust.Thirdly,Combining the two levels based on RBAC mould access control model of role inheriting, access control and basic algorithms are given in the article.Finally, the model applies in enterprise credit data sharing platform, which giving a specific design and implementation. Enterprise credit data sharing platform sub-system-access system, convenient for the system administrator manages access control.The user-trust protects system security access in a certain extent. It demonstrates the design scheme of the feasibility of the permissions system.