Research On Access Control Techniques For Mechanical Product Collaborative Design Environment

With the dramatic development of computer and networks, that employing product collaborative design environment has being an important solution to improve the efficiency of product development. There are security problems of data in collaborative design environment because of the mode of data sharing and interaction between collaborative users. An applicable product collaborative design environment must be with the ability to guarantee the data security for product data is the important wealth of a company.Access control is the most important part of security settlement for information in networks, under which information leakage is prevented by forcing that data only can be accessed by authorized users. Recent years, the direction of access control research has turned to focus on different requirements of areas for different applications with different natures. The characters of product collaborative design environment contain groupment, distribution, interaction and collaboration that make the environment distinct from other areas. It is a great challenge and urgent mission to develop access control approaches for product collaborative design environment not only for theory but also in practice.The main contents and contributions are as follows:(1) Attribute and Role based Access Control Model. For supporting the dynamic security policies in collaborative design environments, an Attribute and Role Based Access Control Model(A-RBAC) is presented by introducing attribute-based access control ideas into role-based access control model which has the features including abstraction and generalization. An attribute using for access control is a variable mapping to a value which should be nonnull, unique, complete and disjoint. The principle of complete mediation can be observed if each domain of attributes is complete and values in a domain are disjoint when using attributes as primary elements to express permission assignments.(2) Attribute and Task based Access Control Model for Workflow. Attributes are taken as the base to define, assign and use permissions mapping to tasks in workflow. An Attribute and Task Based Access Control Model is presented, which includes two important elements, process and task-step. A process will issue access requests on behalf of a user and a task-step includes the information of task and its state. It is the prerequisite to use a permission for a successful access that the task-step associated to the process issuing the access must match the task-step associated to the permission. The result of the prerequisite is that permissions only can be used in certain works for completing tasks associating with the permissions. A component named as obligation is defined for the implement mechanism to support some dynamic policies in permission administration.(3) The Permission Delegation Mechanism in Access Control. The mechanism focuses on controllable delegation, in which a permission delegation process is divided into three steps including declaration, acception and revocation. A new element called controlling permission is added to expression of a permission to make delegator be with ability of choosing a certain delegation mode. In a delegation chain, there are strong relations between different delegation nodes, that means the ability of delegation is used up gradually. In delegation declaration, to keep the balance between controllability and flexibility, the constraints are classified into two type, globle constraints and local constraints. The willing of delegatee is taken into account in acception step. In the step of revocation, the conditions for revocating are summarized.(4) A General Implementation Framework for Access Control Systems. The subjects and objects in access control are divided into different tiers. On the summaration of primary elements and relationships between the elements, a powerful policy expression is presented which can discribe many types of security policies. Then, a general implementation framework for access control system, called Access Control Enforcement Framework(ACEF), is built depended on the policy expression to accommodate mainstream access control models and that presented in this desertation. The modulized ACEF can decouple the access control system and the business system.In order to verify the models, mechanism and implement framework presented above, we design and implement an access control system for the Collaboravtive Design and Simulation Environment. The work of designing and implement of user interface, security framework and system integrating is illustred in this desertation. Finally, the main work is summarized to underscore the self-pointed contributions and to discuss some future research may favor the high efficiency access control servers for product collaborative development environment.