Research Of Administrative Model For Access Control

With the rapid development of computer networks and mobile intelligent terminal, more and more people surf the Internet. A lot of sensitive information will been brought by users in the network. It is a problem how to protect such information. However, access control is an effective method to solve this question.First, this paper describes the discretionary access control and mandatory access control model and analyzes the characteristics of these two models. Since the subject of DAC can use permissions discretionarily and mandatory access control restrictions are too strict by level of security, they are no longer be able to adapt to today’s complex network environments. Then role-based access control model is presented, and gradually become a hot topic. But with the increase of users, roles, it is a complex problem how to manage role, users, permissions. Therefore, we propose a model B-ARaBAC to solve the management of the role-based access control. With the rapid development of mobile clients, it presents new challenges to access control. For example it need continuity authority control. Usage control proposed to solve these problems. However, the management model of UCON is still problem. Therefore, introducing role element manage UCON. Thesis research contents are as follows:(1)For the role-based access control management model recovery is not flexible enough, management information redundancy. First the role is expanded with joining the three attributes of time, times, inheritance. So that the role has some dynamic properties that can automatically revoke the temporary role privileges, to reduce the administrative burden. Second, we present the concept of the management base that introduced the extended role into the management base. The management base formed to manage the access control as the basic management unit, reducing redundant information, unauthorized distribution of competences, flexible and efficient for system resource management.(2)There are still some drawbacks in UCON model: the management of rightscan not be achieved, and the management of the authority entrusted to attribute sources. So the role elements are introduced and divided into the provider role and the consumer role based on the UCON model. Then the authority is divided into direct use of authority and the need to authorize authority, In order to achieve the UCON model in the management of authority, authority delegation, and through the role of the provider of variable attributes of the source of management. Making UOCN more flexible management of authority and the attribute source is more reliable, so the application scope of UCON is more extensive.(3)For role-based access control management model can allocate correct permission. Using XACML policy language to express the role based access control model, then we test these rules using instrumentation test method to protect system.The policy expression test to detect whether the management model can correctly assign permissions.