基于角色访问控制及其在分布式系统和工作流中应用研究-智能与分布计算实验室

基于角色访问控制及其在分布式系统和工作流中应用研究

姓名	李沛武
论文答辩日期	2003.05.10
论文提交日期	2005.03.02
论文级别	学士
中文题名	基于角色访问控制及其在分布式系统和工作流中应用研究
英文题名	Role-Based Access Control and its Applications in Distributed Heterogeneous System &Workflows
导师1	卢正鼎
导师2
中文关键词	基于角色访问控制;角色层次结构;Ntree;封装角色区间;分布式异构系统;工作流系统;基于Web的应用
英文关键词	Role-based access control;Role hierarchy;Ntree;Encapsulated role range;Distributed heterogeneous system;Workflow system;Web-based application
中文文摘	随着网络和Internet技术的快速发展，构建分布式异构应用系统成为必然。分布式异构系统的信息集成和互操作必定会带来安全威胁，而解决访问控制安全是其最重要的一个方面。基于角色访问控制RBAC管理模型的主要组成元素是用户到角色的分配子模型、许可到角色分配子模型和角色到角色分配子模型。用户到角色分配和许可到角色分配子模型都是局部进行的管理模型，角色到角色分配子模型也即对角色层次结构的管理模型，是一个涉及分散进行实施的管理模型。因此，将基于角色访问控制模型应用于分布式异构系统中，关键是要解决角色层次结构的分散化和分布管理问题。 NTree是有根树和倒转有根树递归求精而形成的，它具有监视、分离和共享等特点，是用来组织角色层次结构最自然和最有效的技术之一。提出了根据角色层次结构定义一个角色关系矩阵，用以表示角色层次结构中的角色之间关系。将角色关系矩阵应用到NTree中，得到了NTree中角色的一些特性，如NTree的线性化、两个角色之间直接关联关系判别算法等。通过该角色关系矩阵，给出了判别一个角色层次结构是否为一棵NTree的算法。如果一个角色层次结构不是NTree，提出了近似地将它转化为一棵NTree的方法。为了使基于角色访问控制模型能够应用于分布异构系统，必须解决角色的分散化和对分散角色层次结构维护的一致性问题。将角色层次结构中的角色分散化，即要将NTree中的角色分散化。在角色的分散化过程中，提出始终以授权角色区间作为分散管理单元，即一个授权区间中的角色应该位于同一子系统中。给出了用角色关系矩阵识别一棵NTree中的所有封装角色区间的算法，将一个封装角色区间作为一个授权区间，并在每个授权区间上建立一个管理角色，实施对该区间内角色的管理操作。这些管理角色相应地构成一棵树型结构，方便了自身的管理。保证角色层次结构的一致性，即保证所有角色区间的一致性，也即任何操作都不能破坏授权角色区间的封装性。封装角色区间保证其内部的角色与任何外部角色有相同的关系，从而对区间内角色及关系的修改不会影响到外部角色。提出了将一个授权角色区间封装成一个对象，称为角色区间对象，从而保证对授权角色区间的管理操作都按照面向对象技术进行，有效地解决了角色的分布管理问题。分布式异构系统集成规范CORBA提供了安全服务，但没有提供应用级的访问控制策略模型。因此，提出了将RBAC模型集成到基于CORBA的应用系统中作为其访问控制策略，解决了基于CORBA的分布式异构应用系统的访问控制安全问题。 CORBA的核心是ORB，客户通过ORB向服务器请求服务时，在提交的证书对象中包含有客户角色属性。根据这个属性，给出了实现RBAC模型向CORBA应用中的集成方案。即在应用系统开发时建立相应的基于角色访问控制策略，并作为一个服务器程序实施。一旦客户请求服务，由客户提供的证书中的角色属性值可以得到相应的基于角色访问控制服务器中的角色许可，由应用级访问判定函数就可以判断客户是否具有访问指定对象的权限。提出了将RBAC应用到多级工作流系统中作为其访问控制策略的技术，给出了使用角色关系矩阵方法对工作流模型结构进行验证的方法。并提出将基于角色访问控制模型应用于多级关系系统中，用以解决系统的访问控制问题，而且可以消除系统中可能的隐通道。给出了将RBAC中的角色写入安全Cookies中，并应用到基于Web的应用系统，解决了基于Web的应用系统的访问控制安全。
英文文摘	With rapid development of network technology and Internet, creating applications in distributed heterogeneous environment is inevitable. The information integration and inter-operation in distributed heterogeneous system can jeopardize application security. Access control is the key to be solved. Administrative RBAC model consists of the user-role assignment, the permission-role assignment and role-role assignment. The user-role assignment and the permission-role assignment are applied in local system. However, the role-role assignment must be implemented in distributed system. The key problem to solve is the decentralized administration of role hierarchy when RBAC is applied in distributed heterogeneous system. NTree is the results of refining the rooted and inverted rooted trees. NTree has the features of monitoring, sharing and separation, and it is the appealing technology of organizing role hierarchy. According to the role hierarchy, we define a role-relationship matrix that represents the role-role relationships in role hierarchy. Applying the role-relationship matrix to NTree, we can get some features of roles in NTree, such as linearizing NTree, recognizing role-role immediate relationships etc. By the role-relationship matrix, we can determinate if a role hierarchy is NTree. If a role hierarchy is not NTree, we present an algorithm that can achieve the approximation of NTree. To use RBAC in distributed and heteregeneous systems, the decentrilization of roles and the consistency of role hierarchy must be achieved. The roles in role hierarchy are decentrilized, that is, the roles in NTree are decentralized. When the roles are decentralized, we maintain authority range as administrating unit, that is, all roles in an authority range must be located in the same part of a system. By role-relationship matrix, we give an algorithm that recognizes all encapsulated role ranges in NTree. An encapsulated role range is treated as an authority range. An authority range corresponds to an administrative role that executes modifying operations in the range. All administrative roles constitute a tree that is good for maintaining these administrative roles. We keep the consistency of role hierarchy, that is, we must keep all authority ranges in role hierarchy encapsulated. The encapsulation of role range requires that all roles in an encapsulated role rang be identically related to the roles beyond it. Thus, the modification of the roles and their relations in the encapsulated role range does not involve the roles beyond it. We let authority range be encapsulated into an object, which is called as the role rang object. Using object-oriented technology, the decentralized administration of roles is solved. CORBA has been the key technology that is used to develop the distributed heterogenous application system by many producers. Security services of the CORBA specification provide access decision functions at object level to protect system security. But it doesn’t provide the model of access control policy at application level. RBAC is applied in CORBA to solve the problem of access control security in distributed system. The core of CORBA is ORB. When client sends requests to server over ORB, there is the attribute role in the submitted certificate. And by the attribute RBAC can be integrated into CORBA application. Our idea is to create RBAC servers when developing application. When client requests services, servers get the role attribute from the certificate. And compare it with the role of RBAC servers to determine whether client has the right to access the specified object by access decision function at application level. At last, RBAC is applied to multilevel workflow systems as access control policy. The technology of relationship matrix is used to verify models of workflow. RBAC is applied to multilevel relations and the convert channel is eliminated. The role in RBAC is written to secure Cookies. The secure Cookies can be the access control mechanisms while they are applied to Web-based applications.