Unlock instant, AI-driven research and patent intelligence for your innovation.

Method for improving dRBAC model based on trust mechanism

A model and mechanism technology, applied in the field of information security, can solve problems such as implicit promotion of roles, poor scalability, lack of control of third-party entrustment depth, etc., and achieve the effect of facilitating in-depth control

Active Publication Date: 2011-06-22
BEIJING INSTITUTE OF TECHNOLOGYGY
View PDF0 Cites 11 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, both of these two schemes have certain defects: the first scheme does not have good scalability, the second scheme does not consider the trust between the two entities when entrusting the delegation, and does not control the depth of the delegation
[0004] However, the dRBAC model also has some flaws, including the following aspects: (1) There is no control over the depth of third-party delegation; (2) Due to the decentralized release and management of delegation, the delegation chain may form a ring, how to timely search for the delegation chain? Terminating the repeated search of the circular delegation chain is not involved; (3) a certain role of a management domain may have the authority of a higher-level role through the delegation chain, resulting in an implicit promotion of the role, which will violate the role of the RBAC model (4) In the dRBAC model, allied organizations adopt the RBAC model, and separation of duties is one of the three basic security principles supported by the RBAC model. resources of an organization, a violation of the organization's segregation of duties constraints will pose a security risk

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for improving dRBAC model based on trust mechanism
  • Method for improving dRBAC model based on trust mechanism
  • Method for improving dRBAC model based on trust mechanism

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0082] In this embodiment, the improved model is applied to in-depth control of commissions.

[0083] The original dRBAC model lacks in-depth control over delegation. If an entity has the right to assign a role, then it can not only delegate the access right to that role, but also delegate the right to delegate arbitrarily. In this case It is very insecure, and will cause the length of the certificate chain to be uncontrollable and increase the complexity of certificate search.

[0084] In order to solve the above problems, it is necessary to control the depth of delegation. Introducing trust in the delegation process can control the depth flexibly.

[0085] In role delegation, entity A specifies the trust level of the role A.a in its namespace, A.a.Trustline is 75, and the trust level of A in the trust level table of A is 90 and 80 for B and C, respectively. Then A can delegate A.a to entities B and C through object delegation or assignment delegation.

[0086] Assigned delegation [...

Embodiment 2

[0097] In this embodiment, the improved model is applied to role authorization cascade revocation.

[0098] After the authorization tree is established, the entity can define authorization tree update rules, and the authorization tree will be checked and updated every period of time or every N operations. If the trust degree of a node drops below the role trust degree threshold of the authorization source, the node will be cut out from the authorization tree. Whether the child nodes of this node are switched out at the same time depends on the specific access control entry.

[0099] The revocation of authorization in the original dRBAC model is very inefficient. When an entity wants to withdraw the access rights of a certain role, it can issue a certificate to announce the cancellation of the authorization of a certain entity. But when an entity wants to cancel an entity's access rights, it is more difficult to cancel the access rights of all entities assigned by the entity. For ...

Embodiment 3

[0103] In this embodiment, the improved model is applied to determine whether there is an implicit promotion of role authority after the delegation is completed.

[0104] The original dRBAC model provides a distributed access control and authorization management model in a dynamic alliance environment between multiple domains, but each individual domain in a multi-domain environment still uses the RBAC model to implement specific access control, and the principle of least privilege is One of the three basic principles of the RBAC model. When there is a violation of the principle of least privilege, it will bring serious security risks. Without the knowledge of the security administrator, a role may get a higher-level role. Permissions. Because the dRBAC model is a distributed model for a multi-domain environment, there is no unified security management mechanism, and it is impossible to conduct centralized management to prevent the appearance of security risks. Using a delegatio...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a method for improving a distributed role-based policy access control (dRBAC) model based on a trust mechanism, which belongs to the technical field of information safety. The core idea is that the trust mechanism is introduced into the original dRBAC model, namely trust level elements are added into the original dRBAC model, and a trust level table is established and the trust level is used as a standard for issuing entrustment and authority. The improved dRBAC model can be conveniently applied to depth control of entrustment and cascade revocation of authority, and whether the entrustment betrays the principle of least privilege of the RBAC model can be effectively judged.

Description

Technical field [0001] The invention relates to an improved method of a dRBAC model based on a trust mechanism, and belongs to the technical field of information security. technical background [0002] Internet technology is developing rapidly, and a major current research hotspot is that multiple organizations jointly complete a certain task under the condition of dynamic alliance. Under these conditions, not only must the organizations that form alliances protect the shared resource files, but also protect the resources they don't want to share. This requires authorization management and access control technology to implement. In this case, establishing trust between interoperable entities and performing reasonable delegation of authority is the key to ensuring security. In order to solve these problems, researchers have done a lot of work. The existing solutions are roughly divided into two categories: the first type of solution is to establish a role mapping model between tw...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/08
Inventor 郑军王思远高春晓张启坤谭毓安
Owner BEIJING INSTITUTE OF TECHNOLOGYGY