Research And Application Of Access Matrix And RBAC Access Control Model

In the daily application of the information system, information security had become one of the problems to be solved urgently. Access control technology as an important part of information security technology became a hotspot for researching. Traditional access control technology is divided into discretionary access control, mandatory access control and role-based access control. Because of the real information system’s complex requests to information access, traditional access control model had been unable to meet the actual demand. In general, many experts and scholars had to research and establish a new extension model when they met various specific issues. And because of these, the access information system is enriched greatly and widely. But they didn’t summarize systematically on various models to build a kind of access control model which can be used widely.For standardizing access control model, on the base of a lot of work, through the conclusion, this article proposed PABAM which is an extension of attribute-based access matrix model and EXRBAC which is an extended role-based access control model. And this article also introduced both models in information system application in two ways. Using both models combined with access control method can solve the majority of access control. PABAM which is an extended attribute-based access matrix model, is an extension and improvement to the traditional access matrix. PABAM established a six-dimensional authorization model<permission-subject attribute-object attribute-the condition function of the subject attribute,the condition function of the object attribute, time attribute>, using subject attribute and object attribute and time attribute as parameters. Among them, the condition function of subject attribute and the condition function of the object attribute’s import from makes the model can authorize dynamically to the main part based on the subject attribute, the object attribute and the time attribute. EXRBAC which is an extended role-based model,can be used to cardinality constraints limit, session limits, time limits of model RBAC2on the basis of the model RBAC as well as increasing the notion of space constraints and improving rights management diversity, security and flexibility.Finally, the hospital information system as an example to demonstrate the model PABAM and EXRBAC joined together to apply in the access control of information resources. It is proved by practice that the model PABAM of access matrix and the model EXRBAC of role-based access control combined can be applied on the access control technology is feasibility. PABAM and EXRBAC can be used to solve the normal access control of the information system’s problems.