The Improvement Of Role-based Access Control Model

The role-based access control model achieves the logical separation of users and permissions by the roles.The model solves the problem in the traditional access control model that the subject is always bounded with certain entities.This model is widely used at present because of its good applicability and flexibility.However,with the development of the internet,authorization management becomes complicated,and access decisions may depend on the context information when the request is initiated.The role-based access control model is a static authorization model,which is not suitable for the situation where context information must be considered.At the same time,the access control of sensitive data is not strict enough in this model.Although this problem can be solved by adding a large number of roles with different access rights,it is easy to cause the problem of role explosion.The research of this paper can be summarized as the following points.Firstly,an improved access control model based on role is proposed.Attributes have been added to the new model.In order to achieve the purpose of fine-grained authorization and solve the problem of role explosion when the number of resources is huge,access control rules based on attributes are used to restrict the permissions of roles.Finally,an example is given to illustrate that the model is effective.Secondly,a method of rules retrieval based on attribute grouping is proposed.The traditional strategy retrieval method is inefficient in the case of large complex rule sets.The method proposed in this study narrows the scope of the rules retrieval by grouping the original set of rules based on attributes,and reduces the comparison time of rules by filtering rules based on attribute names.Finally,the experimental results show that the method is superior to the current retrieval methods in terms of retrieval efficiency.Thirdly,a user attribute management model based on attributes is proposed.After adding attributes to the role-based access control model,the user attributes become the key factor in the authorization process.Although the management of user attributes is important,but researchers have not paid enough attention to it,and there is no unified management model.A user attribute management model based on attributes is proposed in this research and an example is given to illustrate the effectiveness of the model.