Large scale network-based applications, such as infectious diseases reporting system, require that access control policy can be changed according to environment alternation. However, existing access control models are inflexible and can not be adapted to environment alternation because they are lack of mechanisms to capture environment alternation and to change access control policy. In this paper, we analyze the access control requirements of infectious diseases reporting system. Based on the analysis, we extract the general access control requirements of large scale network-based applications. Through extending RBAC model, we design the components of the environment-adaptive role-based access control model called EA-RBAC and give the formal definition of the model. Compared with traditional RBAC models, EA-RBAC model adds event-trigger, event-based equivalent states transition, environment role and virtual domain mechanisms. Through event-trigger and equivalent states transition, the system can perceive environment alternation and transit state based on environment alternation. Through environment role and virtual domains, the system can dynamically adjust environment role and user authorization based on current state. EA-RBAC model can enforce flexible access control policy for large scale network-based applications while holds security. Also, as an example, this paper gives the applicability analysis of EA-RBAC model in infectious disease reporting system.

• 出版日期2011