An Environment-Based RBAC Model for Internal Network

Role-based access control is widely used in information system of internal network, but there are still many limitations when there is a large number of roles and objects in the system, such as to achieve fine-grained access controls may lead to role-permission explosion problem, and the users in the network can easily evade the existing access control mechanism to gain access to the system by altering permission. As the information systems, user environment, system roles and permissions are relatively definite in internal network, we propose an environment-based RBAC model and present a formal definition and representation, which can effectively prevent unauthorized operation behavior in internal network, meanwhile providing support for forensics of security event. The practice and application in internal information system shows that the model can achieve fine-grained access control, effectively prevent malicious users from accessing system via permission altering.