Research Of Multi-Domain Secure Interoperation Technology

Posted on:2012-04-18

Degree:Master

Type:Thesis

Country:China

Candidate:X Sui

Full Text:PDF

GTID:2248330371458205

Subject:Computer application technology

Abstract/Summary:

PDF Full Text Request

Multi-domain system is a distributed system made of multiple independent safety systems to work together, which is widely used in the government, military, commercial, medical fields and so on. In the multi-domain environment, we can achieve multi-domain synergy through interoperations between secure systems (autonomous domains) independently managed.At present, access control policies of autonomous systems are mostly based on RBAC policy. In this paper, we study multi-domain secure interoperation technology based on RBAC. The specific contents of this dissertation are listed as follows.Firstly, we comprehensively and systematically expatiate on RBAC, and analyze its advantages and disadvantages. We discuss in detail the basic concepts and related technologies of interoperation in multi-domain system which is composed of systems based on RBAC.Secondly, by analyzing the relationships between inter-domain role mappings, it is found that the transitivity of role hierarchies can lead to insecurity of each domain at the time of interoperation. Therefore, the traditional role hierarchies are improved to role hybrid hierarchies. We propose an improved inter-domain interoperation model called IRDM based on role hybrid hierarchies, into which the concept of output roles is brought. It terminates transitive relationships of activating roles by entity in request domain, and prevents the activation of other roles and the occurrence of unauthorized access. The capacity of cross-domain is enhance, and security risk is reduced at the same time.Finally, we propose multi-domain interoperation authorization improved algorithm. Output role set generation algorithm is proposed. When request permissions are not exactly matched with corresponding roles in the target domain, separated roles fully corresponding to request permissions are created and role inheritance hierarchy is added in the target domain. Because separated roles can not be generated infinitely, we propose revocation strategies and algorithms to them. Experiments results show the use of static revocation strategy can achieve the best results in both the algorithm efficiency and system overhead.

Keywords/Search Tags:

Access Control, Multi-Domain Collaborative System, Secure Interoperation, Separated Role, Role Revocation

PDF Full Text Request

Related items

1	Research On Key Technologies Of Role-based Secure Interoperation In Multi-domain Environments
2	The Study Of Multi-domain Authorization Management And Authorization Provenance
3	Research On Secure Interoperation Mechanism For Multi-domain Environment
4	Research On Access Control In Secure Grid Interoperation
5	Design And Implementation Of Role Based Access Control In A Secure DBMS
6	Research On Dynamic Trust And Access Control Mechnism In Multi-Domain Interoperation Environment
7	Research On Role Based Interoperation Access Control In Distributed Environment
8	The Construction Of Role Based Access Control Policy
9	Research On Role-Based Delegation Model With Fine Grit And Efficient Revocation
10	Research On Role-Based Access Control In Multi-domain Authorization Management