Research And Model Design On Access Control Over Distributed System

With the fast development of technology on computer network, share and use of many Internet resources, including books, images, videos and data make people more prompt and convenient to grasp the real time information. At the same time, many applications of enterprise such as e-government and e-commerce are rising with this trend. Just as a coin has two sides, this kind of benefit of opening also arouses the spread of the virus and hacker's attack. Nowadays more and more people have realized the significance of information security. From the stage of operation system to network access, secure access control, as a basic method for protecting systems, is always the hotspot in the investigation and research of information security. This paper focuses on the problem of access control over cross-domain and its performance. Based on the analysis of the several classical models and architecture of access control, a kind of improved RBAC structure is issued here to meet the requirement of cross-domain access control. The process of secure access control consists of the following three steps: identity authentication,dynamic assignment of roles,permissions and verification of attribute certificates. For more secure guarantee of the system, HTTPS service is applied for verification on both sides and encryption of the messages in interaction. For better dynamic performance and thinner scale of the whole system, public/private roles and the max number constraining heritage, units/function roles and privilege are being used here. Use of three states of each role, plus the constraint on state of roles and attribute certificate here also ensures more limits and powerful verification on the relationship among users,role and privileges. Next is role mapping and solving conflict used in cross-domain for distributed access. Finally, the article gives us a comprehensive skeleton of distributed access control complying with the thought mentioned above and the J2EE architecture, even coding work of some module in this model.The enhanced RBAC model used in the cross-trust-domain access control has been proved by analysis of its feasibility and usability which has bright prospect in kinds of distributed enterprise applications such as e-government and e-commerce. It can provide more secure,dynamic and flexible access control mechanism in distributed environment and contribute to the development of booming application service in the world of network.