A New Design Scheme of Role-Based Access Control Based on PKI

Author

Deng, Yuping ; Guo, Xiaowei ; Niu, Xiamu

Author_Institution

Shenzhen Graduate Sch., Harbin Inst. of Technol., Shenzhen

Volume

3

fYear

2006

fDate

Aug. 30 2006-Sept. 1 2006

Firstpage

669

Lastpage

672

Abstract

Identification and authorization are the two important problems among the intractable issues of network security. In this thesis, we first discuss the advantages and disadvantages of several traditional ways in identification and authorization including Kerberos, SSL, DAC, MAC, RBAC and PKI/PMI. Because of the inherent weakness of DAC and MAC, and the complexity of PMI, we propose a new system which combines role-based access control with PKI. It implements the process of identifying and privilege delegation as a whole. The model of RBAC based on PKI can ensure the security of both identification and authorization of the protected system and maximize the flexibility for users´ maintenance. The particular process of identification and authorization has been given in the thesis. At last, we analyze the security of the system and also point out some existing threats the new framework has to face to

Keywords

authorisation; client-server systems; computer networks; message authentication; public key cryptography; telecommunication security; message authentication; network security; public key infrastructure; role-based access control design scheme; system authorization; system identification; Access control; Access protocols; Authorization; Data structures; Protection; Public key; Security; Sockets; Technological innovation; Web server;

fLanguage

English

Publisher

ieee

Conference_Titel

Innovative Computing, Information and Control, 2006. ICICIC '06. First International Conference on

Conference_Location

Beijing

Print_ISBN

0-7695-2616-0

Type

conf

DOI

10.1109/ICICIC.2006.387

Filename

1692265