Study On Delegation Model In Access Control Systems And Its Implementation

As the security of information system service, access control is a management method to achieve the security of the system business resources. Access control is a way to guarantee the confidentiality, integrity, availability of data through proper control access and operation of data. Access control's research, from the traditional access control, like Discretionary Access Control, Mandatory Access Control, to Role-Based Access Control and its extension that most widely used in the world, access control is more and more complete in terms of security, flexibility, and easy management and easy maintenance. Authorization delegation as an extension of access control, to a certain extent, it realized that permission holders can execute permission allocation with freedom. Although delegation increased the flexibility of access control, the challenge of security and management is posed. Coarse-grained authorization delegation always used in basic delegation, not only it is easy to realize, more important it can ensure high efficiency of operation and management. However, Coarse-grained authorization delegation may cause potential safety hazard as it contains some subtle permission that should not be delegated. In order to overcome the difficulty, most of the role-based access control delegation model use fine-grained division of role. This solution realized fine-grained delegation and debased security risk. But in the meantime new problem is brought in. Obviously, the number of role exploded, and operation and maintenance management is more and more difficult. At the same time, in view of flexibility requirements of the authority delegation, many researchers do some research on timing and constrained-transmit, including delegate time, delegate revocation, multi-step delegation, etc., and these elements will further complicate scale. At the same time, in view of the authority entrusted by the "management" requirements, many researchers have also limited to the timing of the entrust and transmissibility is discussed, including the time limit, permissions revoked, the consignee to entrust, etc., and these elements will further complicate scale. Delegation, therefore, is not a simple problem. How to integrate access requirements, safety, ease of use, the efficiency of maintenance and management with multi-dimensional constraints, and how to consider the delegation grain and the dynamic of delegated permission, so many aspects need to be solved. Under the background, the main works of this paper are as follows:(1) Describe all kinds of access control model, especially Role-based access control model, and analyzed the Role-based access control model. Systematical analyzes authorization delegation, and summarizes characteristics. Elaborate advantages and disadvantages of major delegation model(2) Aimed at comprehensive security and manageability, especially analyzes PBDM model. Integrate role division with permission division, and proposes advanced PBDM model, to ensure security of delegation under different grain delegation and realize unified management of permission that can be delegated.(3) Based on advanced PBDM model, design and implement an permission management system with delegation. And then apply to an actual case, to verify feasibility and effectiveness of proposed model.