| Because of the high dynamics and uncertainty of multi-domain environments,there is complicated relationship between the local policies of domains. And thecalculation modles and the access control policies of different domains are oftendifferent. It brings more challenges to the access control of workflows inmulti-domain environments. To solve the problem, we proposed a method based onthe algebraic system to optimize access control technologies of workflows inmulti-domain environments. The main works are as follows:First of all, it formally described the access request of workflow, introduced theconcept of request policy. The risk is the basic property of access policy, the securitiesof request policies can be compared according to their risk levels. And the securitypartial order relationship between request policies can be established, we can provethat the relationship may constitute a lattice model in mathematics. So Multi-LevelSecurity policy can be implemented effectively to ensure the confidenty ofinformation. In addition, the safety level of users changes with the occurrence ofaccess event, so the lattice should update in real time. To solve this problem, weintroduced the concept of user configuration table, and the lattice needn’t be updated.Secondly, since MUR should calculate the minimum role sets of the wholesystem, it will cost too much system resources, especially in multi-domainenvironments. To solve the problem, we optimized MUR by reducing the scale ofsearching roles. It reduced its time complexity, and improved the efficiency.In the end, according to the algebraic system, we analyzed the role mappingbetween domains, and proved that it is a homomorphism. Heterogeneous policies ofdifferent domains can be mapped to one algebraic system, and they can be combinedin it. When the complexity of distributed multi-domain evironments is increasing, thismethod can avoid the explosion of access policies effectively. |
PDF Full Text Request