1. Introduction
With the arrival of the high-speed and developed mobile internet era, mobile applications have become a necessity of life for the public, and have gradually become the core carrier of network applications and information data. With the new generation of information technology as the driving force, super business systems have emerged. The super business system combines and integrates a number of business services, and improves user experience, winning the industry (industry, region) ecology and intelligent application scenarios, so that users can spend more and longer time on the applications, to profit from them.
The super business system has the advantages and characteristics of being ‘full-featured’, ‘personalized’, and ‘super-flexible’. The interconnection of super business systems eliminates information islands, realizes the data sharing of multi-network, multi-platform, and multi-business systems, and makes the use and management of the system more convenient [
1].
The appearance of the super business system not only brings convenience, but also brings new challenges to information security. Access-control technology is one of the best methods of protecting information security, and granting and revoking user rights [
2,
3]. In the face of a variety of business systems, the application authority is very complex when performing access-control authorization, and the problems of low access efficiency and low security may occur in the access process. Therefore, because of the above problems, we used the role-based access control (RBAC) idea for reference, abstracted the attributes of the business system, and built the BE-BAC.
The main contributions of this paper are as follows: (1) it puts forward the concept of business entity, and constructs the structure of the business entity, which is composed of attributes, methods, and mechanisms; (2) the access-control model based on the business entity is described, and the related elements are described formally; (3) the access-control flow, based on the business entity, is designed, and the security of the model is proved.
The second section of this paper introduces the related work of the access-control model; the third section introduces the business entity-based access-control model, the concept and structure of the business entity, the relationship, and the constraints between the models; the fourth section introduces the business entity-based access-control model workflow; the fifth section analyzes and compares the model; and the last section summarizes the work.
2. Related Work
With the development of new-generation information technology, there are more and more data resources. The access and authorization of data resources have always been the focus of people’s attention [
4]; therefore, research on the access-control model is also a hot topic. Since the 1960s and 1970s, relevant researchers have proposed the discretionary access-control model (DAC) [
5] and the mandatory access-control model (MAC) [
6]. The characteristics of these two models are that the access subject is directly related to the authority, and they cannot well adapt to frequent access requests.
At present, RBAC is the most widely used in application systems [
7,
8]. The role is introduced into the research of the access-control model, and the RBAC management scheme of centralized management is given. The core idea of RBAC is the authorization of user roles and role permission. The permission is given to a role, and then the role is assigned to a user, so that the user has this permission. For the unified authentication and authorization of multiple business systems, Zhang Rui et al. [
9] proposed a role-based access-control policy, including user groups and resource groups, and implemented a unified authentication and authorization system. The RBAC2 model added the definition of constraints, to specify the mandatory rules that should be followed when permissions are assigned to roles or roles are assigned to users. Blundo et al. defined two constraints in the literature [
10]: one was the number of permissions that a role can contain; the other was the number of roles assigned to any user. These two constraints can be used to change the roles automatically output by the mining program, and to effectively capture the organization’s status. The RBAC model has been continuously improved and expanded. Xiong Houren et al. [
11] proposed an extensible access-control model, based on double-layer roles and organizations, to solve the problem of role or authority redundancy in a multi-domain environment caused by a single role. This model was more suitable than the RBAC model for application in a distributed environment composed of multiple similar organizations. Rao et al. [
12] aimed at the rapidly changing environment, added a role recommendation model in the RBAC system, optimized user role allocation according to user behavior, and improved the access efficiency of the model. Cai Ting [
13] and others proposed an RBAC model based on role expansion, given the shortcomings of RBAC in complex organizational structures and authority inheritance relationships. Xiong Tianhong et al. [
14] proposed an access-control model based on position role, introduced the concept of the business role, realized access control in the workflow management system, and realized the decoupling of the organization model and the business model.
Attribute-based access control (ABAC) has become a research hotspot in recent years. This method proposes the concept of attributes, and uses the attributes of the subject and the object to replace the RBAC rights allocation, to achieve fine-grained and dynamic access control [
15,
16]. The ABAC is mostly used in cloud environments and multi-domain environments. Zhu et al. [
17] discussed building a user-friendly and easy-to-manage secure attribute-based access-control mechanism for cloud storage services. Attribute-Based Encryption (ABE) implements an attribute hierarchy similar to the user hierarchy in RBAC, enabling flexible control of data access in the cloud. Bai et al. [
18] proposed a multi-domain access-control scheme suitable for smart city construction. The huge device group is divided into multiple domains for parallel and distributed management, and the ABAC is used to improve data-processing efficiency. Zhang et al. [
19] proposed an ABAC that supports anonymous access in smart cities, which enhances the identitylessness of ABAC by incorporating homomorphic attribute-based signatures (HABS) that do not send subject attributes to the authority, reducing the subject attributes and the risk of re-identification. The research on the ABAC is not isolated. Combined with the new generation of information technologies, such as the Internet of Things and blockchain, a corresponding model is proposed. The literatures [
20,
21] combined the attribute-based access-control model with blockchain technology, and applied it to the environment of the Internet of Things, ensuring data security in the Internet of Things, and enhancing the effectiveness of access management.
To solve the access-control problem in the product data management system, Wei Dongdong [
22] and others proposed to combine the RBAC and ABAC methods, and to add attribute elements as the basis for authorization. Experiments showed that the model significantly improved the execution efficiency of the system. At present, there are also many types of research on models and algorithms that combine attributes and RBAC. Wang Jingyu [
23] and others designed a role-mining algorithm, based on minimum disturbance, to solve this problem. The experimental results showed that the effectiveness of this algorithm had been significantly improved. Mahdi [
24] and others combined trust with the RBAC model, which was a new RBAC model based on trust and reputation. This model can not only properly resist the security threat of the trust-based RBAC model, but also has a reasonable execution time.
Like the RBAC model, the ABAC model has also been studied in combination with trust, and an access-control model based on trust and attributes has been proposed. In [
25], Wang et al. proposed an access-control model based on trust attributes, which introduced a trust evaluation module, and combined dynamic trust attributes and static multi-attribute comprehensive constraints, to complete authorization. Mohd [
26] et al. proposed a trust-based access-control model, to protect sensitive attributes and to provide a new quantitative method for calculating the two attributes of user credibility, making the evaluation of user credibility more accurate, and solving the problem of sensitive attribute protection. On the other hand, the combination of the RBAC and the ABAC research, whether it is the RBAC or the ABAC, has its advantages and disadvantages in large-scale enterprise applications; therefore, Sun et al. [
27] combined the advantages of the two models, and proposed a simple method in a generic framework for implementing hybrid access control that combined the advantages of the RBAC and the ABAC. This model supported dynamic authentication and authorization by using attribute policies based on the RBAC infrastructure framework.
By analyzing the related research work of access-control models at home and abroad, it can be seen that there is no research on access-control authorization in super business systems. Therefore, we propose a new method for super business systems based on the complex characteristics of business systems in super business systems. The access-control model of the system abstracts the complex business system into a business entity, and realizes the access-control authorization in the super business system.
3. Access-Control Model Based on Business Entity
In this section, we introduce the composition structure of the access-control model based on the business entity, and show the basic elements, relationships and constraints of the model. In addition, the related concepts, the composition of business entities, and the relationship between business entities are described in detail; thereby, we propose a complete access-control model diagram based on business entities.
3.1. The Basic Elements
The basic elements of the BE-BAC model include users, business systems, business entities, operations, permissions, sessions, and constraints. The specific description is as follows:
- (1)
User: the access subjects, which have certain attributes and requests to access business system resources. It is recorded as User = {user1, user2, …, usern}. The attributes of the access user mainly include intrinsic attributes and security levels, which are recorded as UAttr = {Intrinsic, Safetylevel}.
- (2)
Business system: the access object refers to the object operated by the access user and the accessed resource entity, which is recorded as BS = {bs1, bs2, …, bsn}. Attributes mainly include business attributes and security levels, which are recorded as BUsattr = {Permission, Safetylevel}.
- (3)
Business entity: an abstract description of a business system. It is an abstract data structure composed of attributes, methods, and events. It is the carrier of business system permissions. It is recorded as BE = {be1, be2, …, ben}.
- (4)
Operation: the operation that the user can perform on the business entity is recorded as OP = {op1, op2, …, opn}.
- (5)
Permission: refers to the access mode that the access user can use to access the business entity. It is recorded as P = {p1, p2, …, pn}. P has two values: the read permission, rp, and the write permission, wp; the latter includes three operations: add, delete, and modify, and also includes rp.
- (6)
Session: the mapping that establishes the corresponding relationship between the user and the business entity set is recorded as Session = {session1, session2, …, sessionn}.
- (7)
Constraint: the restriction in the whole access-control process, mainly including cardinality constraint, space–time constraint, time constraint, responsibility separation constraint, minimum permission principle, and data abstraction principle.
- (8)
Spatiotemporal environment: refers to the environment of the whole system during access control; it is recorded as TS = {ts1, ts2, …, tsn}. Its attributes include, for example, time and location, which is recorded as TSAttr = {Time, Location}. According to this attribute, you can get different permissions in different spatiotemporal environments.
3.2. The Business Entity
To solve the access-control problem when there are many services in the super business system, and to improve the security and efficiency of the access-control process, we propose the concept of a business entity. The concept and composition of the business entity are described in detail below.
3.2.1. The Basic Concepts
The Business Entity is an abstract description of the business system, and it is the carrier of a certain amount of authority in the business system. Different business bodies are mapped according to the attribute characteristics of the business system; the access permission of the business system is encapsulated into the business entity; the user and the business entity are mapped; and the user indirectly accesses the business system through the business entity. A business entity is an abstract data structure composed of properties, methods, and events.
Based on the role-based access-control architecture idea, the concept of a business body is proposed, to solve the complex problem of access objects, and to realize the mapping relationship between users, business entities, and business systems. The RBAC model proposes the concept of role for the complex access subject. The user obtains the role by becoming an appropriate role, and has permissions, which realizes the decoupling of the user and the permission; we propose the concept of a business entity for the complex access object and the integration of the business system, which is abstracted as a business entity. The business entity is the carrier of the authority of the business system. The user has a mapping relationship with the business entity, and indirectly obtains the corresponding business system authority through the business entity, which simplifies the management of the authority. In the actual application scenario, there are many relationships between users and business entities, and between business entities and business systems, and there are hierarchical inheritance relationships between business entities. Therefore, the permissions owned by users are the minimum set of permissions owned by the business entities they map.
3.2.2. The Basic Composition
The business entity is an abstract data structure for the business system, which helps access-users to access business system resources, and simplifies the complexity of the access process when accessing objects. It consists of three parts: attributes, methods, and events. The attributes represent the characteristics of the business entity, including ID, business system attributes, user attributes, space–time attributes, and security level. The ID is the unique identifier of the business entity, and the business system attribute describes the characteristics of the abstracted business system. This attribute belongs to Static attributes, whose attribute values remain unchanged, mainly including business system permissions and business attributes; ‘user attributes’ refers to the attributes of access-users, including inherent attributes and security levels; ‘space-time attributes’ refers to the attributes of the space–time environment where the access request occurs. Mainly including time and location, the security level guarantees the confidentiality of access authorization. The method includes the initialization method, calculation method, and attribute-acquisition method, and realizes the functions of initialization, processing, and calculation in the access-control process. As part of the business entity, the event mainly realizes the response function. When an access request occurs, its response method will be activated, and it will then activate the attribute acquisition-method in the business entity method, complete its corresponding operations, realize the mapping between the user and the business entity, and then complete the access-control authorization. As an abstract description of the business system, the business entity maintains the control relationship between the user and the business system during the access-control process. The data structure of the business entity can be described by the following code.
Abstract Business Entity
{
String BeId;//Business Entity ID
String BeSL;//Security level attribute of business entity
String BusAttr[] = {Permission, SafetyLevel }//Business system attributes
String UAttr[] = {Inherent,SafetyLevel}//User attribute
String TSAttr[] = {Time,Location}//Time and space attribute
String GetBusAttr(BusAttr)//Get the attribute value method that constitutes the business system
String GetRequest(Request)//Get access request method
String GetUAttr(TSAttr)//Get user attribute method
String GetTSAttr(TSAttr)//Get space–time attribute method
String Request[] = {user,bs}//Access request method
String Answer(Request)//Response method
String InitBE(BusAttr)//Initialize the business entity method
String SInitBE(InitBE(BusAttr)∩TSAttr)//Secondary initialization business entity method
String map()//Mapping method between a business entity and user
String authorization()//Authorization method
}
In accordance with the above description, the structure diagram of the business entity is shown in
Figure 1.
3.3. The Basic Relationship
The relationship between each element is shown in
Table 1. Each element set is connected through the relationship set, to realize the operation between elements.
3.4. The Relationship between Business Entities
The concept of a business entity is put forward in the access-control model based on the business entity. There is a corresponding hierarchy-inheritance relationship between business entities, which reflects the relationship between power and responsibility, and provides convenience for permission management. As shown in
Figure 2: business entity be5 inherits the permissions of business entities be1 and be2; business entity be4 inherits the permissions of business entity be3; and business entity be6 inherits all the permissions of business entities be1, be2, be3, be4, and be5.
BEH ⊆ BE × Be indicates the partial-order relationship inherited in the business entity set, and is marked as “≥”. bei ≥ bej represents the business entity bei inherited by the business entity bej.
3.5. The Safety Level
The security level of a business entity is calculated according to the security level of the business system. Because the mapping relationship between a business entity and a business system is many-to-many, and a business entity corresponds to multiple business systems, the security level of a business entity is calculated by the average of the security level values of the mapped multiple business systems, expressed as:
3.6. The Basic Constraints
The constraint is an essential part of the access-control process. It exists in the whole process of access-control. Its purpose is to limit the user’s operation authority on resources, prevent the occurrence of ultra vires, and judge whether the value in the access process can be accepted. Only the accepted value can be allowed to access [
28,
29], which enhances the security of access authorization. In this study, constraints mainly include the following: cardinality constraint, separation-of-responsibilities constraint, minimum-permission principle, data-abstraction principle, space–time constraint, and time constraint.
- (1)
Cardinality Constraint (CardCons): refers to the restriction on the number of mappings between users and business entities, the number of users assigned by business entities, the number of permissions assigned to business entities, and the number of business entities that can be assigned permissions.
For example: cardcons_u (user) ≤ m indicates that a user can only be mapped to m business entities at most; cardcons_beu (business entity) ≤ n indicates that the business entity can only be assigned to n users at most; cardcons_be (business entity) ≤ k indicates that a business entity can only map up to k authorizations; and cardcons_bea (authority) ≤ t means that the authorization authority can only assign up to t business entities.
- (2)
Attribute-Conflict Constraint (AttCCons): means that in the initial initialization process of the business entity, the attributes set between the business bodies cannot be conflicting attributes, and for the ID attribute in the business entity, its attribute value likewise cannot conflict.
- (3)
Static Separation of Duty (SSD): defines the inheritance relationship between business entities in the business entity-based access-control model. If the SSD relationship is used between business entities, the inheritance relationship can’t be defined between business entities.
- (4)
Dynamic Separation of Duty (DSD): restricts the user’s authority. If there is a DSD between two business entities, both business entities can be assigned to users, but users cannot activate the two business entities in the same session.
- (5)
Time Constraint (Time Constraint, TimeCons): refers to the effective time in which the user has permission during the access process. If the access time exceeds the constraint time, the permission needs to be updated again.
- (6)
Time–Space Constraint (TSCons): refers to the time, network environment, and geographic location constraints of the user during the access process.
- (7)
The principle of least privilege: means that each user has the minimum privilege set necessary to complete the operation, and this model sets the business entity to the minimum privilege set required to complete the task.
- (8)
Principle of data abstraction: the abstraction of data is embodied by the abstraction of authority, and the business entity is the abstract description of the business system, thus realizing the protection of data in the business system.
The above describes in detail the basic elements, basic concepts, and basic relationships involved in the business entity-based access-control model, and draws the business entity-based access-control model diagram, according to the above description, as shown in
Figure 3.
5. Model Analysis
In this section, we carry out a security analysis and model comparison of the access-control model proposed in this paper. Firstly, we prove the security of the proposed model, using finite-state machine (FSM) theory [
30]. Then, we compare the proposed model with other control models, and note the advantages of the business entity-based access-control model, in many aspects.
5.1. Safety Analysis
In this study, we use the FSM theory to prove the security of the access-control model, based on the business entity. FSM describes the BE-BAC model as an abstract mathematical state. Firstly, we verify that the initial state of the model is safe, and that all state transition functions are safe. If the above two conditions are met, the whole system is safe. The state transition is shown in
Figure 7.
- (1)
Define relevant state variables
The finite-state transition system of the BE-BAC model is formally described as M = (S, S
0, F, I), where: S denotes a finite state set, S = {S
0, …, S
n}; S
0 indicates the initial state of the model; I represents an input set; and F represents the state transition function, F: P × S→S
n. This indicates that the model state changes from the current state to the next state under the driving of the input. In accordance with the above state variables, the access-control state settings are shown in
Table 2.
- (1)
Define the initial state, and analyze its security
In the initial state, there is no access-request operation, the business entity has not been initialized, and the access policy has not been called, which meets the security requirements of the finite-state machine. Therefore, the initial state S_0 is secure.
- (2)
Define the state transition function, and analyze its security
The safety state transition functions of the BE-BAC model include:
F1: S0 × I0→S1: this function represents accepting the user-access request, and initializing the service entity;
F2: S1 × I1→S2: this function indicates that the business entity response event is activated;
F3: S2 × I2→S3: this function indicates that the get method of the business entity is activated, to obtain relevant properties;
F4: S3 × I3→S4/S6: this function indicates that the get method of the business entity is activated, to obtain relevant properties;
F5: S4 × I4→S5/S6: this function indicates that, in the process of access authorization, it is judged according to the authorization rules; the business system is accessed when the conditions are met, or accessed without permission;
F6: S5 × I5→S7: this function indicates that, in the process of access authorization, it is judged according to the authorization rules; the business system is accessed when the conditions are met; or accessed without permission;
F7: S6 × I6→S7: this function indicates that, in the process of access authorization, it is judged according to the authorization rules; the business system is accessed when the conditions are met, or accessed without permission;
The schematic diagram of state transition is shown in
Figure 8.
The final state transition function can be expressed as F = F1 × F2 × F3 × F4 × F5 × F6 × F7. When the user sends an access request, the system state S1 is safe. After initialization, the business entity automatically accepts the user’s access request, and activates the response event. Therefore, the system state S2 is safe. The business entity attribute acquisition method makes corresponding operations for the response event, so the system state S3 is safe. Through the mapping rules, the user-service body mapping is completed, and the system state S4 is safe. Judging the access rights according to the authorization rules, if the conditions are met, the access is allowed, and the system state S5 is safe. If it is not satisfied, the system security remains unchanged, so the system state S6 is safe. To sum up, because the initial state S0 is safe, and the state transition function F is also safe, which satisfies the definition of finite state machine safety, the BE-BAC model is safe.
5.2. Model Characteristics
The biggest advantage of RBAC is that it simplifies the management of users and permissions. By classifying users, roles and permissions are associated, while users and permissions become indirect associations. The authorization management of users becomes very simple and easy to maintain. With the help of the role-based access-control idea, the proposal of the business entity-based access control abstracts the complex business system into a business entity that reasonably divides the permissions, realizes the mapping relationship between users, business entities, and business systems, greatly facilitates the management of permissions, and adds security level attributes to users and business entities, to ensure the confidentiality and security of object data, thus realizing fast, secure-access authorization.
In order to analyze and compare the capabilities, performance, and security of the BE-BAC model and other access-control models more intuitively and concisely, this paper selects five access-control models, and compares them from 10 aspects. The comprehensive analysis and comparison are shown in
Table 3. The DAC model and MAC model are less flexible, due to the characteristics of the application scenarios, and cannot adapt to frequent access requests. The literature [
9] designed a unified authentication and authorization system using the RBAC model in a multi-service system. As the most widely used model in the application system, the RBAC model is also the basis of this study; however, due to the low flexibility of model authorization, it will not change due to changes in the space–time environment, and it is unable to conduct multi-level security management. The ABAC model introduces attribute elements, to achieve fine-grained dynamic access-control authorization, but it still does not take multi-level security management into account. The literature [
27] combines the RBAC model with the ABAC model, and proposes a RACAC model to implement access-control authorization in large enterprise applications; however, it only considers the environment attribute, not the time attribute, and it does not propose multi-level security management. Based on the above research results, this paper proposes an access-control model based on the business entity, abstracts the business system into a business entity, and sets the security level for the business entity. The time, environment, and other dynamic space–time attributes of the subject are introduced into the authorization, to achieve flexible access authorization.