分布式访问控制技术研究与模型设计-通信与信息系统专业论文.docx

上海交通大学工学硕士学位论文 上海交通大学工学硕士学位论文 PAGE PAGE IV RESEARCH AND MODEL DESIGN ON ACCESS CONTROL OVER DISTRIBUTED SYSTEM ABSTRACT With the fast development of technology on computer network, share and use of many Internet resources, including books, images, videos and data make people more prompt and convenient to grasp the real time information. At the same time, many applications of enterprise such as e-government and e-commerce are rising with this trend. Just as a coin has two sides, this kind of benefit of opening also arouses the spread of the virus and hacker’s attack. Nowadays more and more people have realized the significance of information security. From the stage of operation system to network access, secure access control, as a basic method for protecting systems, is always the hotspot in the investigation and research of information security. This paper focuses on the problem of access control over cross-domain and its performance. Based on the analysis of the several classical models and architecture of access control, a kind of improved RBAC structure is issued here to meet the requirement of cross-domain access control. The process of secure access control consists of the following three steps: identity authentication、dynamic assignment of roles、permissions and verification of attribute certificates. For more secure guarantee of the system, HTTPS service is applied for verification on both sides and encryption of the messages in interaction. For better dynamic performance and thinner scale of the whole system, public/private roles and the max number constraining heritage, units/function roles and privilege are being used here. Use of three states of each role, plus the constraint on state of roles and attribute certificate here also ensures more limits and powerful verification on the relationship among users、role and privileges. Next is role mapping and solving conflict used in cross-domain for distributed access. Finally, the article gives us a compreh