This thesis focuses on an Object-Oriented Role-Based Access Control model (ORBAC) for distributed systems that efficiently represent the real world.; The access control models are well documented. Previous research in Role-Based Access Control (RBAC) is reviewed. Through our work, an information flow analysis technique is proposed to deal with a confinement problem on ORBAC. A practical method that can be employed in distributed systems for managing security policies is presented. A cryptographic key management solution to solve the access control problem in a position role hierarchy is also proposed. Based on one-way hash functions, we introduce a key assignment and derivation method. This solution uses limited number of keys and hash functions. Moreover, ORBAC extends its original model from a single enterprise domain to foreign domains and has been applied to the Internet. Using XML techniques, we propose an efficient method to manage security policies for web-based applications. Unlike most existing approaches, with our approach the authorization is independently defined and is separated from policy representation and from implementation mechanisms.; The academic and technical achievements of this thesis can be applied to electronic commerce and distributed systems, and may also be integrated with firewall techniques. |