Research Of Inter-Domain Access Control Technology Based On Ontology

In recent years, the Internet based distributed computing has been developed rapidly, more and more new wide scale distributed systems, have been realized. Secure interoperation among the systems has already become an important form of cooperative work. It will not only enhance efficiency, but also share resources. Each autonomous system, to protect own resources, sets up a set of independent system safety strategy, This requires cooperation to comply with safety regulations of another side. How to coordinate security policy between domains effectively for the security interoperability and guarantee each domain security has become the research hot spot in the present access control domain.One of the difficult points of inter-domain access control technology is inter-domain policies integration. As the heterogeneous of security policies, for example, naming conflicts, the heterogeneous of role level, the restraint conflict and so on, interoperability and the resource sharing, in the multi-domain environment, would be very difficult. In order to solve the problem of policies integration, this paper introduces ontology into the IRBAC2000 model to build ontology-based inter-domain access control model. This paper uses ontology describe description language OWL (Ontology Web Language) to describe the semantics specification of IRBAC2000 improvement model, security policy and the inter-domain role mapping and uses SWRL (Semantic Web Rule Language) to supplement the insufficiency of describing the restraints between concepts and the concealment information, which solve the heterogeneous question to access control policy isomerism at semantic rank.Research work of this paper mainly revolves the following several aspects:Firstly, to analyze the features and security requirements of the inter-domain access control, and review the related theories and the situation of technical research. Next, to analyze the characteristics and shortcomings of the IRBAC2000 model, improve it and design a framework of the inter-domain access control system based on ontology.Then, in view of the security requirements of security interoperability and resources sharing, gives the semantics specification of the optimized IRBAC2000 model and solution mentalities to the conflict of inter-domain role connection, the change of role hierarchy and so on.Finally, realize prototype system of ontology-based inter-domain access control system structure, and describe functional design and realization of global reasoner in detail. Also takes two subfields of the purchase and the stock management in the ERP system as the application scene, deploys and uses.