Design of Attribute-based Access Control Model for Power Information Systems

The power information system constitutes a complex multi-domain environment. While providing convenient information exchange and coordination to the power industry, it also brings some security problems, especially the access control issues. As there are quite a lot of application systems in the multi-domain environment, and the accessing users may be from different domains, the traditional RBAC model is confronted with problems, such as the tedious user-role assignment and mapping difficulty across different domains. So an attribute-based access model for multi-domain control is designed. Extended from roles, attributes can overcome these shortcomings of RBAC and make access control more flexible, dynamic and fine-grained. Meta-attribute and meta-policy are presented to describe the attributes and policies in local domains. It can adapt well to the distributed environment, satisfy the dynamic and heterogeneity character and the self-management to their resources.