The Research Of Concurrent Priority Control And Authorization Based On Usage Control

With the development of the information age,information has brought convenience to people,and certain security risks as well, which put forward higher request to the computer information security. Access control is an effective protective mechanism against computer information security, access control is made up of traditional access control and modern access control.The traditional access control is generally divided into three categories:Discretionary Access Control(DAC) Mandatory Access Control(MAC) and Role Based Access Control(RBAC).But traditional access control gradually showing its own shortcomings in the process from Centralized closed environment to open network environment.also there are some security hidden danger In applied to modern information management, the purpose of usage control is provide a new kind of knowledge base on access control. There are two important characteristics in usage control Mutability of attributes and access decision continuity.At present, The research of usage control model is still in the imperfect stage, there exist some unknown areas worth exploring:At first,when a lot of subjects access to and try to change the attributes of one object at the same time,In order to ensure data’s consistency,we only allow one subject has the right to change the properties of the object.However,There is one problem appear, that is,Who comes first as many subjects apply to change the properties of the same object. Towards the question,the paper will propose a strategy,Which bring sequential access when multiple subjects concurrent access to object and meet the needs of customers.Next,Due to the vast network,network relationship has become more and more complex,each of subject has various connection through network.Among then, authorization and authority transfer become the active focus. Authorization was seem as the core factors in access control, has been widely studied and discussed. Traditional access control models are mainly concentrated on the prior authorization, Access control decision are made before a permission request operation,When the main access request to satisfy its request authorization rules,the system allows it to use the object resources,Otherwise reject its access request,In my thesis,I will present systemic authorization policy and detect method to realize more convenience and safety authorization means.In addition, the article proposes the methods and strategies of permission to transfer,which is convenient for users to use the function.In the end,this paper take<The Institution Personnel Integrated Management Platform>as an example,which combined the new strategy put forward by the author with actual application,the case has proved the priority, authorization and permission assignment method is practical.