Improvement And Application Of RBAC Access Control Method

There is a long history that people have researched access control technology, a variety of access control models come out one after the other. With the maturity of today’s Internet technology, electronics technology, wireless network technology and distributed network technology, the new wave of technology of Things and cloud computing are being swept today which constitutes the great scale and the mixed WEB Service Network environments. Accordingly, with the faster development of the network system, more and more threats become. The vulnerability existed in such a large network environment applications is inevitable, how to ensure the security of information systems has been a long-term issue of concern.Ideas and methods of access control technology with its powerful security capabilities quickly applied to all areas of network information system, there have been various access control models for different network environments applicable to specific network environments. However, the use of an access control model alone can’t apply to today’s open and large-scale web service network environment, especially in today’s distributed computing networking environment, the presence of mobile computing, cloud computing and other computing model, the study of fine-grained, multi-constraint, multi-level security access control model has been pressed a higher demand. In order to establish a more comprehensive constraints capacity, multi-level security access control model, we put forward the idea of combining the traditional RBAC with ABAC, tenses-based access model to extend role-based access control model and to achieve more thorough authorization mechanism, in addition, the new model gives more comprehensive consideration to the time attribute constraints.Role-based access control model-the model exists in today’s complex authorization systems, lacks a more flexible authorization mechanism, only a single model to authorize, the flexibility of the role is not strong, and the role of partition granularity is not detailed enough, can not support for time-sensitive applications, we are going to improve it from following aspects:1. The elements of role-based access control model: the user roles, sessions, property rights, etc. have been added the time constraints, designed for time-sensitive applications in access control model.2. Using security classification management to implement hierarchical management of users, roles, permissions, and file permissions. Corresponding user and roles with information file’s grades is to build a multi-level security system which based on grades division to ensure the safety of the system.3. Combining the hierarchical authority, License autonomous authority and the group authorization,we proposed the concept of templates authorization to resolve the duplication of authorize, backup authorization mechanism to simplify authorization processes to improve efficiency authorization.4. Proposed the concept of logical security group to be expanded on the role of conceptual, logical security groups can be created in the temporary authorization after the completion of the tasks, temporary authorization can be solved and flexibility of roles has been improved.Finally, the model’s application has been described in the document security protection system. In addition, taking into account inevitable authorization policy conflicts in access control model, the thesis gives a suitable mechanism for the resolution of conflicts that in our model.