Secure Role Based Messaging

A PhD thesis submitted to the University of Kent by Gansen Zhao.

This research presents the construction of secure role based messaging systems, which operate in open environments, provide protection of messages across domains, and can cater for most of the military security requirements for information confidentiality and some of the commercial requirements for information integrity.

Most existing systems are designed to cater for military security requirements, or for commercial requirements, but not both, forcing separate systems to be implemented for military applications and commercial applications respectively. This research approaches this issue by the construction of the secure role based messaging model. In secure role based messaging systems, roles serve as the fundamental and unifying concept to link messaging and access control in secure message systems: role identities are shared by role members; messages are addressed to roles; permissions are managed based on roles; access control is specified by RBAC policies.

This thesis presents the research results of the distributed RSA algorithm to support the sharing of role identities by a dynamic set of members, the policy based messaging model to provide message protection across domains, the trust infrastructure to support policy based messaging, and the construction algorithms to construct RBAC policies from Bell-LaPadula security policies and Biba’s Integrity policies. All of these results are essential for the construction of secure role based messaging systems.

This research shows that it is viable to use secure role based messaging systems to provide secure messaging for both military applications and for commercial applications.