Research On Attribute Mark Based Access Control Model

Access control technology is one of the key security technologies to protect thesystem resources. In this thesis, discretionary access control, mandatory access controland role based access control have been researched in depth, and the analysis of theiradvantages and disadvantages have been done, to lay the foundation for the design ofthe attribute mark based access control. In addition, XACML language based on XMLis studied in depth, including an analysis of its data flow model, context model andpolicy language model.In this thesis, the attribute mark based access control model，whose design idea isto meet high security, the principle of least privilege, flexible configuration, convenientmanagement and easy expanding of attribute marks’ contents and their correspondingaccess control policy, is designed based on the research above. Otherwise, the formaldescription and the model’s structure, the process flow are elaborated, including thestructure, authorization, withdrawal and storage of the attribute mark. This thesis alsodetails the strategy synthesis and the functions of other main models including PEP andPDP and so on. Finally, in an application scenario, the attribute mark based accesscontrol model is achieved initially through coding access control strategies and PDPmodel. The security of access control model is tested, and the results are analyzed.