The Research And Applicate Of Attribute Based Access Control Model

With the development of internet technology and distributed system, more and more organizations form complex alliances to work together. In the distributed collaboration system, the subject and object of collaboration have some features, for example high degree of autonomy, disorderly growth and complicated. Applications transform a service mode with centralized, closed, relatively static, is familiar with the user community to another service mode with distribution, open, dynamic and strange user community. Cross-organizational domain or security domain, transaction processing, interaction and dynamic collaboration have more demands.Traditional role-based access control model already can not adapt to the demand of working together in open network environment and information sharing, in order to ensure the security of cross domain access of information. This paper designs an ABAC(attribute-based access control) model, in the system decisions are based on authenticated attributes of the subject, the object, the environment, and the action. ABAC gets rid of the limitations of ID-based access control. This paper designs an ABAC model are based on multi-level granularity. Using Extensible Access Control Markup Language(XACML) standard models of the ABAC. Coarse granularity refers to the business logic structure for the practical application, fine-grained refers to the contents of the attribute of actual resource, to segregate business and the content.At home and abroad, ABAC research focuses on the strategy of modeling and ABAC synthetic strategies and conflict resolution, but does not take into account the impact of attribute retrieval and strategy retrieval. At present attribute retrieval and strategy retrieval generally adopt traditional retrieval methods, for example attributes and strategies with exhaustive traversal, which reduce the availability of ABAC. This paper first proposed business index mechanism, and fully combined with caching mechanism, optimizing the attribute-based on access control model to improve the efficiency of the evaluation of retrieval, at last satisfy its commercial application of high throughput of the business. At last, we use ABAC model, design the overall framework, and give an example to instruct the specific process of the ABAC.