Research On Timing-Constraint Delegation Model Based On RBAC

As an effective and flexible security model, RBAC is superior than traditionalaccess control like DAC and MAC, and dominates the main stream of current accesscontrol model; therefore, it gets widely used in some organization, such as enterpriseand government.In RBAC, users implement management and appointment of roles by administrator.It is very effective in some organization system above mentioned. But in somelarge-scale and distributed circumstances, it is extremely inconvenient when you adoptadministrator-centralized management; moreover, the efficiency of managementdescends sharply, even the proceeding of management will be seriously dead. Therole-delegation technology provides an effective way for the utilization of RBAC inmassive and distributed circumstance and becomes an important access controlmanagement policy. Nowadays, some engineers make a lot of extensive research workon delegation model, but, research of constraint on role-delegation is just on thebeginning-point, especially timing-constraint.Firstly, some basic concepts of access control and two traditional access controlmodels (DAC and MAC) are introduced in this thesis. Then, the knowledge of RBAC isinterpreted, like the raise of RBAC, four models of NIST RBAC, the advantages anddisadvantages of RBAC. Meanwhile, we lead to role-based delegation model on thebasis of RBAC. In chapter4, we explain three classic delegation models, and thecharacteristic of the three models are analyzed and compared systematically using thecriteria of delegation granularity, delegation depth, delegation policy and revocation; thedifferences, advantages, disadvantages and deficiency of role-delegation constraints ofdifferent models are showed as well. In chapter5, we introduce the timing-constraint inrole-based delegation model because without any constants, the model existsstate-explosion and is difficultly realized. So, we propose a delegation model based ontiming-constraint; and prove the rationality of the model; at last, we analyze the securityof the model.