An authorisation certificate-based access control model

There are currently many types of access control models and schemes that have been proposed to protect valuable resources in a distributed environment. Many such models have failed to take into consideration efficiency, security, practical implementation and management at the same time. Based on the analysis of conventional certificate-based access control characteristics, this paper proposes an authorisation certificate-based access control (ACBAC) model to realise access control in a distributed environment. Employing certificates in access control can help meet the various requirements in distributed networks or systems while ensuring security to a great extent. Efficiency and security can thus be improved by delegating the functions of making access authorisation decisions to the certificate issuer (CI). We will formally describe the model, introduce the application scenarios and the processes of the model, and provide the details of implementation. Finally, the effectiveness and superiority of the model is verified through experiment and analysis.