Research On Multi-domain Role Access Control Policy Merge Method And Its Implementation

Nowadays, the computer network is developing fast, the rapid increase of data andinformation in various fields of resources may be unable to meet their own needs. Inorder to achieve the resource sharing, interoperation gains the authority and resources ofthe other areas between different security domains. Assign permissions and securitysettings on an independent security domain is safe. However, people do not have a veryclear understanding of cross-domain permissions assigned; the security in the process ofcross-domain access, security domain appears.This paper first studied multi-domain relevant technologies of the access control,access control model, cross-realm safety interoperable related methods, global-basedrole mapping method and request-based role mapping method. For the global-based rolemapping method, this paper takes inheritance, directional, transfer and timeliness of thefour attributes of cross-realm safety interoperability model. Meanwhile it accompaniespermission down principle. This model not only more fine-grained realizes cross-realmrole mapping mechanism, but also improves the method of synthesis strategiesflexibility, this model not only takes less new role in the security policy introduction,but also increases the role of mapping flexibility, meets all the requirements ofcross-realm role mapping than the other models.Then this paper research on secure domain of interoperable conflict, the method isproposed a Warshell-based conflict detection algorithm, this method can be successfullydetected inheritance ring conflict, role unrelated conflict and the non-affiliated (SOD)conflict, meanwhile this method has the best time complexity. In today’s cross domainsecurity interoperability research field, the role mapping brought by the security conflictsolutions are also limited to adding new role conflict, removing role mapping method,Although this method is optimization, there are space complexity is bigger, not satisfythe application requirement, people ignore using time constraint solving conflicts acrossthe field. This paper takes GTRBAC model applied to solve the problem of theseconflicts, so as to solve the domain administrators avoid conflict then cancel somenecessary role mapping associations or add too many new character problems. Usingthe model in cross domain security interoperability has very important significance.According to the front of all the research content, this paper proposes a methodtime-based interoperation access control module TBIACM model, and realizescombining global-based role mapping method and request-based role mapping methodto realize the two security domain of interactions.Finally, this paper is based on library user information integration from an actualapplication background, realize the TBIACM model of application, meanwhileaccording to the requirements, designing corresponding system module. The system function module for specific functions described, in view of the system on security andaccuracy analysis and verification.