Distributed Access Control Model over Multi-trust Domain

In the current information system which is highl dynamic, heterogeneous and distributed, it is necessary to realizing information-sharing and interoperation among multi-trust domains securely by a crossing single-domain restriction. This thesis analyses the basic idea of the IRBAC (Interoperability Role Based Access Control) 2000 model, then points out several existing problems in them, which are showed as follows: (1) it violates the principle of duty separateness during role mapping among multi-trust domain; (2) it dose not consider how to process the related role when roles enter or exit. To solve the above problems, the MTD-EIRBAC model is proposed. With the introduction of the trust-level computing and granular logical reasoning, the dynamic authorization of the MTD-EIRBAC model is realized, and the problems of both the related role processing while roles changes (role enter or exit), and the role infiltration while the role shuttles the other domains are properly resolved. The safe and flexible collaboration of multi-trust domains is maken possible.