Context-Based Role-Filtering Model In RBAC

In the rapid development of communications technology,network technology has been developed significantly.In the network environment,applications have enabled more people to collaborate and communicate on common tasks,while resources have also been shared on a wider scale.Network is double-edged sword,it makes our daily life more convenient,but it also causes security problem which needs more attention.For example,preventing the information leakage or increasing the authorization efficiency of the system.The access control technology is one of the efficient methods to solve these problems.According to the background above,this thesis proceeds the theoretical research and engineering practice of the role-based access control model.The role-based access control model is simple in authorization,its permission management is also convenient,and the model can support flexible security policies.Since its introduction,it has received extensive attention.However,as the network environment becomes more and more complex,the role-based access control model also exposes defects: when the model is applied to the network environment,the sudden increase in the number of roles in the system makes it impossible for users to quickly query the appropriate role to activate.This is called the user-role-query problem.The activation of the role is the key point of the role-based access control model's authorization.Therefore,the speed of the user query roles directly affects the authorization's efficiency of the model,and the model must be extended and optimized.Based on the above research contents,this thesis aims at solving the problem of user-role-query when the model is applied in the network environment,proposes a role filtering model based on context constraints,and gives the realization of the model in the security framework.Through continuous research,this thesis has achieved some creative results,mainly including the following:First of all,this thesis analyzes and summarizes several context-aware applications,and gives context information definitions in a general network context.At the same time,in order to combine the context with the model,this thesis presents the model-level context constraint classification and the canonical representation of context constraints.Secondly,this thesis proposes a role filtering model based on context constraints.On the basis of users,roles,permissions and sessions,context attributes,context condition elements and filtered role sets have been newly introduced,and two relations of context attributes and users,context conditions and roles have been established.The model obtains the context information by collecting the value of the context attribute assigned to the user in real time,and uses the context information to evaluate the context conditions assigned to the role,and finally filters the role according to the evaluation.In this way,the query scope of the role is reduced,the efficiency of the user query role is improved,and the authorization efficiency of the model is improved.Then,this thesis gives the functional description of each component in the extended model,including: system management functions,system support functions,system review functions,and role filtering functions.Role filtering functions describe the process from the changes of the user's context to the filtering role.The functional description outlines the various functional interfaces needed to create and maintain model components and support system operations.These functions can be packaged into higher-level abstract operations in implementations.Finally,this thesis gives the realization of the model based on the mature security framework,and further explains the authorization process and feasibility of the model.This thesis focuses on the application of access control model in the network environment.It not only proposes a new access control model based on complex practical requirements,defines the elements and relationships of the model,but also gives the authorization process of the model.The application of the access control model in the network environment has been expanded and it has inspired the relevant research in the future.