The Research Of Time-Constrained And Organization-Based Access Control Model

Access control technology has provided an important guarantee for information security, and it helps to prevent unauthorized users from accessing any resources of the system, thus ensuring the information system to be used within the legal range. With the development of computer technology, various types of access control models have been generated, providing the system with different access control policies to meet the needs of authorized management. Among them, the traditional access control model DAC and MAC can’t be applied widely because of their limitations of the design basis. While the Role-Based Access Control (RBAC) can achieve simple and efficient authorization with lower management cost, therefore it has been widely used. However, the authorization management complexity of the RBAC system will increase with the number of roles and permission increases, and the performance of the system will be dramatically reduced. Therefore RBAC model can’t be applied to the multi-level and multi-application complex e-government system. Organization-based four layer access control model (OB4LAC), promotes a perfect fit between authorization management and organizational structure of the government by introducing the position layer. It complies with the authorization mechanism in the real world, and can practically efficiently realize authorization management. But OB4LAC model does not involve the time factor, when facing the time-sensitive activities which require time constraints in e-government system, it can’t provide complete access control policies to meet the appropriate authorization management needs.For existing access control model is difficult to meet the security needs of the complex e-government systems in time sensitivity, the paper in-depth study on the basis of OB4LAC, and by adding time constraints to the model, proposed a time-constrained access control model TC-OB4LAC. From a management perspective and taking the organization as the core at the same time, TC-OB4LAC model is committed to using the time constraints to restrict the access operation of users so that the authorization can change dynamically over time. It gives access control policies and mechanisms, including access control algorithm processes and conflict resolution strategies, to control the user’s permissions to a minimum, while achieve fine-grained access control. Meanwhile, the paper proposed a management model ATC-OB4LAC, to manage the assigning relationship of users, positions, roles and permissions, and the hierarchy relationship of positions and roles, and also gives division of roles sets for application systems, which achieve a clear and effective model management. Finally, the TC-OB4LAC model is applied to e-government system. We analyzed and designed the authorization management system based on TC-OB4LAC model, and application examples illustrated the effectivity and scientificity of the model.The proposed TC-OB4LAC model conforming to the organizational structure of complex government system, can meet access control requirements of time-sensitive activities, making authorization more secure and flexible, all of which provide a guarantee for the safety of complex e-government systems.