Research And Application Of Improved DRBAC Model Based On PKI/PMI

In the current information age, distributed database is a favorable platform for storing and integrating massive information and also have a wide range of applications in many fields, such as enterprise, governments and military. However, security is a basic matter of distributed database. Without the security, all the data become valueless. In the high-level confidential application, such as electronic commerce and military, security is the most important matter. So, for a large distributed database platform, a perfect user authorization and access control is essential.This article takes the project "Online Combat System" for Criminal Investigation Detachment of Dalian as project background and the experimental environment. With a deep study of the multi-domain access control and user authorization under distributed environment, put forward an effective solution. When handing criminal cases, polices usually need large shared information, which locating other polices, filter and integrate the information so as to supply clue. The "Online Combat System" supplies a distributed platform for sharing and integrating information for all the local polices. The system must ensure the sharing information of integrity, confidentiality and availability, besides that, the system also must prevent illegal user login, encrypt sensitive information transmitted over the Internet, and prevent unauthorized accessing.This article makes a deep research on all the threats that the distribute database faced and analyses the current access control models, then make a theoretical analysis about existing advanced access control model RBAC, combining with the technology of PKI and PMI, this paper rise a promotion model which extending the application of the original access control model and establish a new DRBAC model under the distributed environment. As a result of adapting PKI/PMI technology, the model can effectively achieve the goal of user authentication and data non-repudiation under the distributed network environment. In the application detail, On the realization of specific, the user authentication based on Lightweight Directory Access Protocol LDAP can effectively addressed the issue of User Access Control under distributed environment. This paper also study and analyze the issue of role-mapping among multi-domains and relevant problems caused by role-mapping, such as privilege constrain and inheritance, then support a reasonable solution in order to ensure the practicality and reliability of the DRBAC model under the distributed environment.Based on the original mature model, this paper makes an improvement and solves the shortcomings of the original model under the distributed environment and establishes an enterprise-level access control framework. This paper also raises a comprehensive introduction to the entire system of the various functional modules and key technologies of the new model. At last, based on the platform of "Online Combat System", this paper implements the improved DRBAC model, to verify its validity and usefulness.