Research On Hierarchical System Based Access Control Model

With the rapid development of Internet and cloud computing,there's growing requirement of the interaction between users under distributed environment as well as the cross-domain sharing.Informatization is double-edged sword,it makes our daily life more convenient,but it causes security problem which needs more attention.For example,prevent the user privacy from being leaked or ensure the resource not to be tampered illegally.The access control is one of the efficient methods to solve these problems.According to the background above,this thesis proceeds the theoretical research and engineering practice of the mainstream access control models.In terms of the traditional access control,it is difficult to manage the user permission and be employed under the dynamic network environment;the authorization in role based access control model requires real name which may result in the leak of user privacy and do not support cross-domain access so that it cannot be used in the distributed environment;moreover,the classic hierarchical system cannot satisfied the requirements of the current network development.That is to say,the terminal with only a single device extends a complicated environment with a lot of devices.The redefinition and partition for the hierarchical system is the key problem that needs to be solved.On the basis of above-mentioned,all the access control models existed have disadvantages when being employed in the distributed network environment.This thesis contributes to the access control model design which can be applied in the distributed network environment with cross-domain resource sharing.Thus,it puts forward a new hierarchical system based access control model and designs two experiments to discuss its feasibility and advantages respectively under distributed network environment.The contributions in this thesis are summarized as follow:First of all,this thesis proposes a new hierarchical system with containment relationship,which is more suitable for the open distributed network environment;formally defines administrator permissions to achieve self-administration,which meets the needs of cross-domain sharing resources in the complex environment and reduces the pressure of management from the system administrator.Secondly,based on the hierarchical system above,this thesis puts forward a hierarchical system based access control model,defines four kinds of attributes formally and designs POL module by utilizing the obligation mechanism.POL module divides the permission management into two parts to achieve both the fine-grained and coarse-grained authorization access control.What's more,the fine-grained authorization owns the highest priority level.In this way,the model not only reduces the possibility of policy conflict,but also resolves the problem about the policy repository explosion.Then,hierarchical system based access control model divides the policy into three types,which is the first time to formally define the access control policy for a certain subject in detail.The three kinds of policy almost contain all the situations that the subject may encounter.Thus it makes the model more perfect and can cope with the different situations flexibly in the system.The most important thing is that the policy supports authorization which can rely on parts of attributes rather than real name.That is to say,it protects the user privacy information from leaking to others.Finally,this thesis designs the model framework based on an access control policy language,describes the flow of information,utilizes the experiment to illustrate the running process and shows the model flexibility in granting and revoking authorizations with actual data.In conclusion,this thesis focuses on the practical application research of access control model in hierarchical system,which not only designs a new hierarchical system based on the actual complex requirements but also defines the formal semantics of the model.This thesis enlarges the research extension of access control model being applied in the complicated environment,so that it can be an inspiration and reference to further application research.