Research and design of the PMI-based access control model for OpenVPN

OpenVPN is commonly used to remotely access a variety of resources in the enterprise networks. However, there is a deficiency that OpenVPN can only provide coarse-grained access control. It brings in security problems in accessing the key resources with different security levels. To solve this problem, this paper analysis the security technology and the traditional access control of OpenVPN, and proposed a novel fine-grained access control model which is based on the Privilege Management Infrastructure (PMI). This model extended the handshake procedure of OpenVPN by adding the authentication of Attribute Certificate. The authentication of Attribute Certificate which we added is optional. Our access control model is efficient by completing the authentication and authorization at the same time.