With the rapid development of civil aviation, increasing demands of information sharing in the civil aviation network, the traditional civil aviation network system cannot adapt to the rapid development of civil aviation network. The efficiency and safety of civil aviation network information are increasingly high demands. System Wide Information Management(SWIM) is a new high-tech for solving those problems. SWIM is based on information technology. SWIM is a basic data exchange platform for different units and different information systems. The architecture of SWIM is service oriented architecture. The efficiency and security problems in SWIM information sharing are two major problems of SWIM information sharing. Data security and privacy protection are the most prominent problem in SWIM information security. Therefore, this article research the authorization method in SWIM network, laying the foundation for swim security access control data shared.The meaning of attributes in SWIM is defined in three aspects, those are subject attribute,resource attribute, and environment attribute. Then a method to representation those attributes is proposed. The method is intuitive, efficient and unified. We propose a method for generating strategy based on this SWIM attribute definition. The strategy fits for the cipher policy attribute based encryption based authorization method for SWIM. For resources which have same attributes, strategy do not need to be changed only if their operating permissions are changed.An attribute-based authorization scheme for SWIM network is proposed. The architecture of the scheme is based on characteristics of SWIM and existing civil aviation network architecture in our country. It meet the safety requirements for the civil aviation network. It can be easily deployed in civil aviation network. The scheme is simulated in a LINUX system. The result shows the scheme supports fine-grained authorization. It reduces the complexity of authorization management and improves the safety. It can be used in distribution, heterogeneity and dynamic SWIM network environment. |