Research And Application Of Access Control Based On Time And Environment Constraints

In the era of high development of information technology,China has attached great importance to the construction of e-government,promoting the continuous integration of information technology and e-government,and continuously promoting the e-government information process.As an important security policy for e-government,access control has an irreplaceable role.Therefore,from the 1970 s to the present day when the access control technology was born,it has been highly regarded and deeply researched by scholars at home and abroad.Various outstanding research results that have emerged have promoted the development of access control technology.Access control models mainly include Discretionary Access Control,Mandatory Access Control,Role-Based Access Control,and extension models based on these three models.Among them,the RBAC model has been studied by a large number of scholars because of its simple authorization method,and the model is applied to different fields to solve different authorization management problem.However,role-based authorization is still a technical level of authorization.When the system is large and complex,excessive roles and permissions require authorization management.This increases the difficulty and complexity of authorization management,and severely degrades system performance.Therefore,the role-based access control model can not be directly used in complex e-government systems.facing the issue of authority management in the complex government affairs field,Organization Based 4 Level Aeeess Control emerged as the times require.The OB4 LAC model is based on the RBAC model and introduces the real "organization" layer of the real world,which can also be called the "position" layer.From the original userrole-permissions three-tier structure to four-tier structure of user-post-role-authority.The four-tiered access control model based on organization differs from RBAC in that it:(1)makes full use of the organizational structure that represents the functions in the organization,so that users no longer have a direct link with the role,but through the position to complete the user to the role To deal with changing staffing issues.(2)The operations performed by the privilege are not for the information object but the type of the information object.Compared with the RBAC model,the OB4 LAC model can better align with the actual organization and operation mode,and better meet the needs of authorization management.However,in practical applications,as the demand increases and diversifies,the OB4 LAC model also exposes its own shortcomings,that is,it cannot dynamically authorize and cannot timely control user behavior in a complex government affairs system.This paper proposed Time and Environment Constraints Based Four-layer Access Control Model by adding time and environment constraints to OB4 LAC at the fine granularity constraint level.Firstly,it put forward to the concept of position behavior and role behavior by referring to the idea of behavior.Then it formally defined the model,and gave the access control authorization strategy and grant scheme.Finally,it analyzed and designed the general structure of the authorization management system based on TEB4 LAC model and applied the TEB4 LAC model into the e-government system.Application examples verify the validity and scientificity of the model.