| With the continuous development of information society, the large number of information technologies not only provide us with more convenient and efficient service, but also bring a lot of information security issues. As an important part of information security, access control technology has been given extensive attentions. Access control is an important mechanism of security service, its main function is to protect system resource from illegal use and visit. However, as the development of cloud computing and distributed systems, information systems are becoming more and more complicated, and the network is also becoming more and more openness, how to ensure the effective implementation of security policy in access control model, has been one of the difficulties in the access control research.Traditional access control technologies, such as discretionary access control (DAC) model, and mandatory access control (MAC) model, can’t meet the needs of practical application because of their shortcomings and insufficiency, they are now rarely adopted or only applies to some special fields. Role-based access control (RBAC) model introduces the new concept of role, to replace the original relations between user and permission, making the coupling of authorization been reduced. It also allow the abstract permissions, making the authorization be more flexibility. Hence, RBAC quickly becomes the mainstream of access control technologies, and develops continuously.Along with the increasing of social demand and network scale, today’s information system has not only stay within a local area network (LAN), such as cloud computing technology, marks the information society has entered a new era, in a cloud computing environment, the distributed system which in a large scale is widely used, a lot of users, roles, and permissions, always accompanied by a variety of complicate constraints, making the authorization management become difficult. The efficiency of the system has always been one of the important criteria of performance evaluation system, we should not only guarantee the safety of authorization, but also improve the rationality and efficiency of authorization, all of above introduction indicate a strong need to solve the problem of RBAC authorization.This paper analyzes the advantages and deficiencies on the basis of the existing variety of RBAC model, and researches on the RBAC authorization with constraint and inheritance. As RBAC authorization mechanism is based on role, the technology of role-based collaboration can be adopted. This paper introduces a model named E-CARGO, which is a kind of group cooperative model based on role and agent, and modeling with formalized technique, translates constraints and inheritance of RBAC into the mapping relationship between role and agent of E-CARGO. At the same time, on the basis of the relations of role inheritance and organizational structure, with a evaluative mechanism based on role requirements and agent qualification, the authorization method of RBAC is designed and implemented, in this way, it not only improves RBAC’s ability of describing complicate constraints, but also improves the efficiency of authorization. In the end, experiments show that the RBAC authorization with E-CARGO is efficient. |
PDF Full Text Request