随着互联网技术的迅速发展和云计算技术的出现，分布式环境下用户之间的交互变得越来越频繁，跨域资源共享也变得越来越普遍。在信息化带来便利的同时，却使得信息安全问题成为了重大隐患，无论是保证用户的隐私不被泄露还是确保信息资源不被非法篡改都是必须要关注的焦点问题。访问控制技术正是解决上述问题的有效措施之一。

    本文从上述背景出发，基于主流的访问控制模型进行了理论研究和工程实践。就传统访问控制而言，其权限管理困难，很难应用在动态网络环境中；而基于角色的访问控制模型需要实名制授权易造成用户隐私泄露，且不支持跨域访问无法应用在分布式环境中；同时经典的层次化系统结构已经不能满足目前网络发展的需求，即仅拥有单一设备的节点扩展成为了更复杂且拥有大量设备的环境，必须要重新对经典层次化系统定义及划分。基于上述研究内容，目前已知的访问控制模型对于应用在分布式网络环境中，均存在一些不足。因此，本文以设计支持跨域资源共享且能够应用在分布式网络环境中的访问控制模型为目标，提出了一个新的基于层次化系统的访问控制模型，并分别设计实验讨论其应用的可行性和优势。本文通过不断研究，也取得了一定的创造性成果，主要包括以下几点：

    首先，提出了一种新的呈包含关系的层次化系统，其与开放的分布式网络环境更匹配，具有普适性。形式化定义管理员权限，在任一环境中均实现自管理模式，适用于复杂环境中的资源共享，极大地减轻了系统管理员的管理压力。

    其次，基于上述层次化系统，本文提出了基于层次化系统的访问控制模型。在该模型中，形式化定义了四类属性并结合义务机制设计了POL模块。该模块将权限管理分为两部分，兼顾了细粒度和粗粒度的授权访问控制，且细粒度授权具有最高优先级别。该方法既减少了策略冲突的可能性，也解决了策略库膨胀的问题。

    接着，基于层次化系统的访问控制模型将访问控制策略分为三种类型，首次在访问控制模型中针对某一主体类型详细形式化定义其访问控制策略。上述策略基本包含所有可能出现的情况，使得模型更加完善，可以灵活地应对系统中的不同情况。与此同时，策略支持只针对用户的部分属性授权，即非实名制授权，解决了用户隐私信息易被泄露的问题。

    最后，本文基于一种通用的访问控制策略语言设计该模型框架并阐述了其信息的流向。设计实验利用实例进一步说明了模型的运行过程和可行性，基于实际数据直观的表明其授予和回收权限的灵活性和便捷性。

    本文侧重于访问控制模型在层次化系统中的研究，不仅依据复杂的实际需求设计了新的层次化系统，同时也定义了模型的形式化语义。拓展了访问控制模型在复杂环境中的应用，对未来的相关研究具有一定的启发。

With the rapid development of Internet and cloud computing, there's growing requirement of the interaction between users under distributed environment as well as the cross-domain sharing. Informatization is double-edged sword, it makes our daily life more convenient, but it causes security problem which needs more attention. For example, prevent the user privacy from being leaked or ensure the resource not to be tampered illegally. The access control is one of the efficient methods to solve these problems.  

According to the background above, this thesis proceeds the theoretical research and engineering practice of the mainstream access control models. In terms of the traditional access control, it is difficult to manage the user permission and be employed under the dynamic network environment; the authorization in role based access control model requires real name which may result in the leak of user privacy and do not support cross-domain access so that it cannot be used in the distributed environment; moreover, the classic hierarchical system cannot satisfied the requirements of the current network development. That is to say, the terminal with only a single device extends a complicated environment with a lot of devices. The redefinition and partition for the hierarchical system is the key problem that needs to be solved. On the basis of above-mentioned, all the access control models existed have disadvantages when being employed in the distributed network environment. This thesis contributes to the access control model design which can be applied in the distributed network environment with cross-domain resource sharing. Thus, it puts forward a new hierarchical system based access control model and designs two experiments to discuss its feasibility and advantages respectively under distributed network environment. The contributions in this thesis are summarized as follow:

First of all, this thesis proposes a new hierarchical system with containment relationship, which is more suitable for the open distributed network environment; formally defines administrator permissions to achieve self-administration, which meets the needs of cross-domain sharing resources in the complex environment and reduces the pressure of management from the system administrator.

Secondly, based on the hierarchical system above, this thesis puts forward a hierarchical system based access control model, defines four kinds of attributes formally and designs POL module by utilizing the obligation mechanism. POL module divides the permission management into two parts to achieve both the fine-grained and coarse-grained authorization access control. What's more, the fine-grained authorization owns the highest priority level. In this way, the model not only reduces the possibility of policy conflict, but also resolves the problem about the policy repository explosion.

Then, hierarchical system based access control model divides the policy into three types, which is the first time to formally define the access control policy for a certain subject in detail. The three kinds of policy almost contain all the situations that the subject may ener. Thus it makes the model more perfect and can cope with the different situations flexibly in the system. The most important thing is that the policy supports authorization which can rely on parts of attributes rather than real name. That is to say, it protects the user privacy information from leaking to others.

Finally, this thesis designs the model framework based on an access control policy language, describes the flow of information, utilizes the experiment to illustrate the running process and shows the model flexibility in granting and revoking authorizations with actual data.

In conclusion, this thesis focuses on the practical application research of access control model in hierarchical system, which not only designs a new hierarchical system based on the actual complex requirements but also defines the formal semantics of the model. This thesis enlarges the research extension of access control model being applied in the complicated environment, so that it can be an inspiration and reference to further application research.