| The technology of access control is an important part of information security.RBAC(Role-based Access Control) has been a hot area of research for sevral years.However, since the sophistication of relationship between administrative roles, it isnot easy to estimate administrative role’s scope. To prevent permission leakage,certain algorithm is needed to search the scope, and improved the original RBAC.This thesis explained the risk of permissions leakage in management parts inARBAC, and proposed a method using graphplan of intelligent planning to analyze it.To achieve this goal, this thesis developed a description model by intelligent planninglanguage. To simplify the model, some contraints must be added into URA. Thenthis thesis defined the initial status of model by user’s roles, generated virtual actionsby roles’ inheritance relationship, converted administrative roles’ managementpolicies to actions, and defined the target status of model by the roles leading topermissions leakage. In the foudation of this model, graphplan of intelligent planningcould be applied to obtain the administrative role’s management scope. Soexamination whether permissions leakage happened could be performed.To preventthe permissions leakage, this thesis proposed two improved models of ARBAC. Thesetwo models aimed to reduce unpredicable effects made by sophisticated policies.MRBAC expanded role into two types of role to constrain the role assignment.OSRBAC introduced organization structure in order to avoid the chain of assignment.Both of them achived fine effects in preventing permissions leakage.By means of graphplan, the admistrative role’s scope can be estimated accurately,then improved models of RBAC was introduced to preventing permission leakage. |
PDF Full Text Request