Unlock instant, AI-driven research and patent intelligence for your innovation.

Method for improving dRBAC model based on trust mechanism

A model and mechanism technology, applied in the field of information security, which can solve the problems of implicit promotion of roles, failure to consider the trust of two entities, and lack of control over the depth of third-party delegation to achieve the effect of facilitating in-depth control.

Active Publication Date: 2014-04-16
BEIJING INSTITUTE OF TECHNOLOGYGY
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, both of these two schemes have certain defects: the first scheme does not have good scalability, the second scheme does not consider the trust between the two entities when entrusting the delegation, and does not control the depth of the delegation
[0004] However, the dRBAC model also has some flaws, including the following aspects: (1) There is no control over the depth of third-party delegation; (2) Due to the decentralized release and management of delegation, the delegation chain may form a ring, how to timely search for the delegation chain? Terminating the repeated search of the circular delegation chain is not involved; (3) a certain role of a management domain may have the authority of a higher-level role through the delegation chain, resulting in an implicit promotion of the role, which will violate the role of the RBAC model (4) In the dRBAC model, allied organizations adopt the RBAC model, and separation of duties is one of the three basic security principles supported by the RBAC model. resources of an organization, a violation of the organization's segregation of duties constraints will pose a security risk

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for improving dRBAC model based on trust mechanism
  • Method for improving dRBAC model based on trust mechanism
  • Method for improving dRBAC model based on trust mechanism

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0082] In this embodiment, the improved model is applied to deep control of entrustment.

[0083] The original dRBAC model does not have enough control over delegation. If an entity has the right to assign a role, he can not only delegate the access right of the role, but also delegate the right to assign. In this case It is very insecure, and will cause the length of the certificate chain to be uncontrollable, increasing the complexity of certificate search.

[0084] In order to solve the above problems, it is necessary to control the depth of delegation, and by introducing trust degree in the delegation process, the depth can be flexibly controlled.

[0085] In role delegation, entity A stipulates that the trust threshold A.a.Trustline of role A.a in its name space is 75, and A's trust degree to B and C in A's trust table is 90 and 80 respectively. Then A can delegate A.a to entities B and C through object delegation or assignment delegation.

[0086] The assigned commissi...

Embodiment 2

[0097] This embodiment is to apply the improved model to cascade revocation of role authorization.

[0098] After the authorization tree is established, the entity can define authorization tree update rules, and check and update the authorization tree at intervals or every N operations. If the trust degree of a node drops below the role trust degree threshold of the authorization source, the node will be cut out from the authorization tree. Whether the node's child nodes are cut out together depends on the specific access control entry.

[0099]The revocation of authorization in the original dRBAC model is very inefficient. When an entity wants to take back the access rights of a certain role, he can issue a certificate to announce the cancellation of authorization for a certain entity. But when an entity wants to cancel the access permission of a certain entity, it is more difficult to cancel the access permission of all entities assigned by the entity. For example, for rol...

Embodiment 3

[0103] In this embodiment, the improved model is applied to determine whether there is an implicit promotion of role authority after the delegation is completed.

[0104] The original dRBAC model provides a distributed access control and authorization management model in a multi-domain dynamic alliance environment, but each individual domain in a multi-domain environment still uses the RBAC model to implement specific access control, and the principle of least privilege is One of the three basic principles of the RBAC model, when there is a violation of the principle of least privilege, it will bring serious security risks. Without the knowledge of the security administrator, a role may obtain the privileges of a role with a higher level than him. permission. Because the dRBAC model is a distributed model aimed at multi-domain environments, there is no unified security management mechanism, and it is impossible to perform centralized management to prevent potential safety haza...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a method for improving a distributed role-based policy access control (dRBAC) model based on a trust mechanism, which belongs to the technical field of information safety. The core idea is that the trust mechanism is introduced into the original dRBAC model, namely trust level elements are added into the original dRBAC model, and a trust level table is established and the trust level is used as a standard for issuing entrustment and authority. The improved dRBAC model can be conveniently applied to depth control of entrustment and cascade revocation of authority, and whether the entrustment betrays the principle of least privilege of the RBAC model can be effectively judged.

Description

technical field [0001] The invention relates to an improved method of a dRBAC model based on a trust mechanism, and belongs to the technical field of information security. technical background [0002] With the rapid development of Internet technology, one of the current research hotspots is that multiple organizations jointly complete a certain task under the condition of dynamic alliance. Under such conditions, the allied organizations not only need to protect the shared resource files, but also do a good job of protecting the resources that they do not want to share. This requires authorization management and access control technology to implement. In this case, establishing trust and proper delegation of authority between interoperating entities is key to ensuring security. In order to solve these problems, researchers have done a lot of work, and the existing solutions can be roughly divided into two categories: the first category of solutions is to establish a role ma...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L29/08
Inventor 郑军王思远高春晓张启坤谭毓安
Owner BEIJING INSTITUTE OF TECHNOLOGYGY