An Enhanced Access Control Model Based on Trusted Computing

Abstract

With the increasingly strict requirement for computer system security, access control models have become more complex. Existing models, such as discretionary access control (DAC) model, mandatory access control (MAC) model, role based access control (RBAC) model, and attribute based access control (ABAC) model, all have advantages and disadvantages regarding practicability and security. In addition, there is an inherent security risk in these access control models. The models merely control the access permission, but ignore the verification for the identity credibility of the entities involved in the access. With the proposal of trusted computing and the application of trusted platform, it is possible to implement, on stand-alone computers, the verification of identity credibility for the entities involved in the access. In this paper, we analyze the authorization and access decision policy of the RBAC model and the ABAC model. The characteristics of the trusted computing, which can ensure the identity credibility of the entities involved in the access, is also considered. Based on the above analysis, we establish a trusted computing based enhanced access control (TCBEAC) model, which can be deployed on stand-alone computers for common users.