Research And Implementation EPCIS Access Control Mechanism Based On XACML

The EPC network is the infrastructure of tracking and tracing system. EPC in the RFID tagis used to identify products uniquely in the EPC network, while product information is stored inthe database in the EPC network, so tracking and tracing systems achieve tracking andtraceability of product. However, product information in the EPC network will face securitythreats, so it is necessary to study the security mechanism of the EPC network. Moreimportantly, the access control mechanism is the core of the security of information systems,and so it should be taken seriously.In order to solve these problems, we have studied the RFID-based tracking and tracingsystem for the application background. Due to the EPC network access control, the EPCISaccess control model is proposed based on the XACML. We analyzed the workflow of themodel, implemented a loosely coupled policy enforcement point and an efficient securitycommunication component, and we analyzed the results of performance testing.This paper has accomplished the following tasks:1. Based on studying of the XACML language and model, we designed an EPCIS accesscontrol model for EPC network. The model consisted of three security modules, access controlservice component, access control enforcement interface, as well as security communicationcomponent. Through collaboration between the security modules, the model meet requirementswhich are flexible policy deployment and real-time response of EPCIS access controlmechanism.2. We designed and implemented a loosely coupled policy enforcement point. First weanalyze the functional requirements of policy enforcement point, and we studied the methodinvoking interception mechanism based on Spring-AOP and attribute information acquiringmechanism based on java annotation. Secondly, the function which are method invokinginterception, attribute information acquiring, and authorization response processing arepackaged into independent module, and dependency injection is used to achieve the integrationof these modules. Finally, we realized the loosely coupled integration of Fosstrak EPCIS queryinterface and policy enforcement point.3. We designed and implemented a real-time security communication component. First weanalyzed the functional requirements of security communication component, and we focused onauthorization request/response transmission, communication between policy enforcementpoint and policy decision point, and real-time response of the model. And then, in order toachieve a real-time and distributed security communication component, SAML is used to packaged XACML authorization request/response; Spring Web services technology is used todeploy policy enforcement point and policy decision point flexibly; caching mechanisms isused to improve real-time response efficiency. Finally the performance results show that thesecurity communication component can enhance the applicability of the EPCIS access controlmodel.