The Equivalent Conversions of the Role-Based Access Control Model
share
The problems which are important for the effective functioning of an access control policy in a large information system (LIS) are selected. The general concept of a local optimization of a role-based access control (RBAC) model is formulated. The optimization criteria are proposed. The algorithms of a local optimization of the RBAC model are defined and justified. The developed algorithms are used in the methods of the solution of the following problems: the assessment of risks of the leakage of permissions in the RBAC policy, the access control in the distributed hierarchical systems, the combining of role-based and mandatory access control models. In the first problem the question of the permissions distribution in the role hierarchy is researched. The analytic hierarchy process (AHP) is applied to creation of the estimates. The method is based on the hierarchical structure of a role set. The offered technique can order the permissions according to the value of the risks of their leakage. In the second problem the algorithm of the distribution of the cryptographic keys in the system with a hierarchical arrangement of the objects is offered. The cryptography protocols for the practical use of this algorithm are defined. The conditions of the implementation of the discretionary and mandatory principles of the access control on the basis of the developed algorithm are formulated.
READ FULL TEXT
