Improved RBAC XACML Constraint Model And Its Implementation

Information security is becoming an increasingly important part as the development of information technology. Access control is a critical method for protecting the system resources. The goal of access control is to ensure the security of information system by denying the unauthorized access behavior.There are various types of access control model in the real network environment, role based access control model is one of them. Based on the traditional model of RBAC, the paper explains an improved role management method that focus on the weakness of the traditional RBAC constraint module, it divides the roles into special role and common role, and uses different methods named static role assigning method and dynamic role assigning method to deal with the problem respectively. As the result, the role assigning method makes the role assigning process both various and dexterous. While, it means that it is no need to assign the role right after receiving the access request, it can be assigned dynamically as per requirement. So, the improved method increases the efficiency of the role assigning process to some extends.Firstly, based on the analysis of existing mechanism for access control module, an optimized RBAC module is designed. In the revised model, the role is divided into special role and general role respectively and it will be assigned statically according to the specific situation. Finally, the function of access control mechanism is tested. The inadequacies of the revised module keep arousing the further study in this field. Secondly, the corresponding XACML access control framework is designed based on the revised model. Thirdly, the revise model is tested in the real environment with the help of JAVA language and SunXACML development kit. Finally, the instructions are listed based on the testing result for the revise model for the further study in this field.Compared with the traditional RBAC model, the revised one provided a more reasonable role assigning mechanism and makes the role assigning process easier and faster. While, in order to design a better model for the access control, it is obvious that it needs further study in the relative fields in the future.