Research On Access Control Between Network Components Of Security Domains

The development of computer technology is promoting the extensive application of information systems by almost all sectors of society. Ensure security of information systems application has become the key issues. To ensure the sharing of resources information system safe, a user security management mechanism must be made to manage user privilege and control user access. As a special department of our country which has especial requirement of security, to build a legal, safe operation of the access control mechanism which is suitable for the network characteristics of aviation to dynamically regulate the internal conduct to use the resources safely and legally has become the focus of this research.The first part of this paper expresses background and status of access control mechanism, analysis the related basic technologies of access control. Based on the deep analysis of key issues of access control and research of aviation network characteristics and also the collaborative operation model, the multi- domain role and trust based access control(MD-R & TBAC)model is proposed.The paper focuses on the research and implementation of multi- domain role and trust based access control mechanism, detailed specific and design the functional module, detailed design implementation mechanism and access control process of the model. The paper proposes a multi-level hierarchical user management model, and first introduced in user assessment weights and based on the user's role in the security domain is divided into different classes and set the corresponding weight involved in trust evaluation. And do a lot of expansion of the existing trust certification technology and first proposes feedback trust and role assessment weights combined with the direct trust and recommendation trust to evaluate the user's access behavior in order to achieve the dynamic fine-grained access control.Finally based on the access control model presented in this paper the author detailed designs relational database system and various functional modules and processes of visits between users, trust evaluation, trust updating. And last by developing a test software verified access control mechanism proposed in this paper fully reflects the advantage both of the role-based access control and trust-based access control, is a suitable for the characteristics of civil aviation network, easy to understand, easy to use, scalable, multi-level changing of users and permissions supported, efficient, viable, fine-grained access control mechanism.