Research On Extended Attribute-Based Access Control Model Supporting Collaboration Crisis Management

Many efforts in the area of computer security have been drawn to Attribute-Based Access Control(ABAC). Compared to other adopted models, ABAC does better in granularity, scalability, and flexibility. This makes its policies more expressive and regarding attributes as access granularity can prevent the role explosion problem under dynamic environment, which is especially fit for the AC of Collaboration Crisis Management. On the other hand, the basic ABAC model is lacking of sensitive attributes protection mechanism which is demanded by this environment, which will lead to illegal disclosure of sensitive attributes of access objects.This thesis presents an extended access control model based on attributes associated with objects and subjects. It incorporates trust and privacy issues and makes access control decisions sensitive to the cross-organizational collaboration context to solve the problem metioned above.(1)This thesis proposed a trust computing algorithm to compute the trust level of access subjects and objects, and use this result as one of factors considered in the final access control decision; presented well-defined purpose to realize the privacy protection of the sensitive attributes of objects by the judgment of compatibility of well-defined purposes of subjects and objects;(2)This thesis demonstrated realistic formulation as the policy basis of realization of the authorization model and designed a collision detection method of ABAC policies in the domain of distributed multiple organizations crisis management systems to ensure the consistency of access policies.(3) This thesis designed a collaborative graphical tool that enables the actors in the crisis management system to make better decisions and verifies effectiveness of presented method.The model shows how it guarantees the privacy of object’s attributes, taking into account the trust of the subjects and evolving context. This tool incorporates a decision engine that relies on attribute based policies and dynamic trust and privacy evaluation. The resulting platform demonstrates the integration of the ABAC model, the evolving context, and the attributes of actors and resources.