Research on Risk Property of Access Control Policy

摘要

There are leaks in the permission distribution and delegation for the traditional access control based on roles. By introducing the concept of risk, this study establishes an integrated theoretic framework. This paper represents access control policy and the ordering relation among roles based on risk. The concept of risk distance is proposed, which made the security of access control polices can be compared according their various risk bands. We also illuminate the basic relationship between roles. The properties and principle are proposed for the policies' delegation and reassignment based on risk. Through these properties and principle, this article proposed a method to optimize users' access control polices. It ensures the executions of policies are under the minimum risk. The risk-based method can limit the highly risky authorization and delegation. And it can improve the security of the system.