Research on Application of Role-Based Access Control in SSL VPN

摘要

SSL VPN system is based on encryption and authentication provided by SSL. Compared with other VPN (1PSEC VPN, PPTP VPN, etc.), SSL VPN has the advantages of convenience, fine-grained access control and so on. Access control technology plays an important role in SSL VPN System, which aims at preventing unauthorized access. In order to protect server on the intranet from users' attack or invasion, this paper proposes a dynamic role-based access control method for SSL VPN. In which a data detection module is configured at the server side to detect the illegal access of users logged in SSL VPN system. The detection results will be fed back to the dynamic access control. Then the dynamic access control module will adjust the access control policy based on the detection results and a hierarchical recycling method based on RBAC (role-based access control) is proposed to recycle user's permissions. The test results show that the proposed method can make permission assignment more reasonable and ensure the safety of the system.