| With the development of network and information technology, informationsharing and distributed collaboration between different organizations becomeincreasingly widespread. On the one hand, they provide great convenience for themodern social production and life, while on the other hand, they will bring a variety ofinformation security problems. Each organization has its access control policy in itsown domain. It has become a current hot topic to how to provide and achieve a safeinteroperability mechanism between different organizational domains in the researchfield. Role-based access control (RBAC) has many flexible features, such as rolehierarchy, least privilege, separation of duty etc. It also provides convenience formanagement, and has been widely used in information systems and networktechnology.Role hierarchy within RBAC system brings convenience for management, but ithas not a clear semantic level, so traditional role hierarchy is not practical in someoccasions which require more security. There has been a lot of research oncross-domain access control between different RBAC systems. A safe cross-domaininteroperability is mainly based on role mapping to composite the global policy, whichis well in tight-coupled environment. However, in some loosely-coupled environment,such as web services, p2p, grid services, it is not suitable. Therefore, based on theabove requirements, the following aspects were studied in this paper:①In order to make RBAC role hierarchy has a good semantic level and can meetthe requirements of some occasions which need more security, this paper analyzes andextends the RBAC role hierarchy, given the hybrid hierarchy model and studies thegenerated security problems during the authorization process.②According to existing research, compared to cross-domain access controlmodel in tightly-coupled environment, this paper will propose a request-drivencross-domain access control framework model in a loosely-coupled environment, theframework model contains role mapping module, the role activation module andrequest buffer pool module, and solves the cross-domain access problems with hybridhierarchy and constraints. External domain user requests ultimately authorized or not isdetermined by role mapping algorithms and role activation algorithms. ③Giving a scenario to simulate the proposed framework model, and deeplyanalyzing the application of request-driven framework model under this scenario. |
PDF Full Text Request