| Summary: | 碩士 === 國立雲林科技大學 === 電子工程與資訊工程技術研究所 === 88 === In this paper, we proposed an access control scheme to implement Role-Based Access Control, named SACPF (Secure Access Control with Prime Factorization). In the SACPF structure, the role inheritance is implied in the Role information on the capability. And the Role information is a product of primes. It can deduce the role inheritance and the permission of the role by prime factorization of the role information.
SACPF is a distributed approach, which includes the one Role Manager and several Object Managers. Before taking the object access request to the Object Manager, the user has to get the capability from the Role Manager. There exists the Role information on the capability and the system authenticates the user and makes the access control decision according to the capability held by the user.
SACPF scheme provides an effective and efficient security management that includes the Role inheritance, the Role authorization, the Access object authorization, and User/Role/Object addition/deletion. By modifying the SACPF,several special security requirements can be satisfied, such as the private role attribute, the limited times of object access, and the multi-roles concurrently controlling object access.
|
|---|
