刘端阳,平玲娣,潘雪增

DOI: https://doi.org/10.3785/j.issn.1008-973x.2004.01.006

2004-01-01

Abstract:With the development of collaboration among enterprises, it is very desirable to securely exchange information between PDMs through Internet. The original user/password mechanism is very weak, unsecure and inflexible. And also,authorization based on PKC(public key certificate) cannot satisfy the temporary relations between enterprises. In order to satisfy the demand of secure information exchanges between enterprises, according with the genernal security management model of PDM system, This paper designed an AC(attribute certificate) model based on PKC. The model was based on TTP architecture to achieve trust between enterprises and automation of enterprises' collaboration, and reduced the startup cost. And it provides not only reliable authentication and data protection, but also flexible access control and secure audit, and effectively implements information exchanges between enterprises. The new model can be well used in the fields of automobile manufacture,electronics,mechanics and so on.

Lijun Wu,Zili Chen,Jinshu Su,Xiangyu Luo

DOI: https://doi.org/10.1109/iccda.2010.5541099

2010-01-01

Abstract:T Because of the complexity of netware and its environment, how to ensure security of large scale netware systems is a longstanding key problem. The access control is always one of the important guarantees of security of large scale netware systems. The paper introduces the general AC(attribute certificate) and the role specification AC and the role assignment AC, and discusses the role-based PMI architecture, then combines the role-based PMI architecture with the PKI architecture to present a new access control model based on role PMI. The model has advantages of flexibility, convenience, less storage space and less network consumption etc. At present, we are going to use the model in management information systems of the large scale netware to realize access control for systems.

Xiyuan Chen,Miaoliang Zhu

DOI: https://doi.org/10.4028/www.scientific.net/kem.439-440.178

2010-01-01

Abstract:Semantic; Trust Management; RBAC; User-role Assignment Abstract. The application of RBAC in access management of the enterprise services and resources is very widely. With phenomenal growth of information interaction and cooperation between distributed systems, the number of users can be in the hundreds of thousands or millions. This renders manual user-to-role assignment a formidable task. In this paper, we propose a semantic and trust based framework to automatically assign users to roles based on a finite set of assignment rules defined by authorized people in the enterprise. These rules take into consideration the attributes users own and any constraints set forth by the enterprise including the assignment history and the credit of the requester. We choose OWL to specify the user attributes.

刘晓冰,白朝阳,王霄,李忠凯

DOI: https://doi.org/10.3969/j.issn.1000-3428.2010.03.050

2010-01-01

Abstract:Aiming at the problems of Privilege Management Infrastructure(PMI) model application in the work flow system that data redundancy, weakly dynamic adaptability, this paper proposes a PMI model based on Task-Role Based Access Control(T-RBAC). The model can make the relationship between access right and task by adding task specification access certificate, task assignments access certificate and task management agent. Application result proves that the model can support information security management with three ways of access control in dynamic work flow systems, it consists of access control based on role, task and role and task.

Yuping Deng,Xiaowei Guo,Xiamu Niu

DOI: https://doi.org/10.1109/ICICIC.2006.387

2006-01-01

Abstract:Identification and authorization are the two important problems among the intractable issues of network security. In this thesis, we first discuss the advantages and disadvantages of several traditional ways in identification and authorization including Kerberos, SSL, DAC, MAC, RBAC and PKI/PMI. Because of the inherent weakness of DAC and MAC, and the complexity of PMI, we propose a new system which combines role-based access control with PKI. It implements the process of identifying and privilege delegation as a whole. The model of RBAC based on PKI can ensure the security of both identification and authorization of the protected system and maximize the flexibility for users' maintenance. The particular process of identification and authorization has been given in the thesis. At last, we analyze the security of the system and also point out some existing threats the new framework has to face to

WU Hao,PAN Hui,WANG Yong,JIANG Xiangtao,LIU Gangchang

DOI: https://doi.org/10.3969/j.issn.1671-1815.2006.01.024

2006-01-01

Abstract:Sizeable enterprise usually have several applicable information platform, but each system run independently. There is lack of a mechanism of authorization management for the user to access the system resource,but the import ation of PMI provids a tool for the question. Mainly based on the PERMIS project, aim at establishing unified authorization policies, and realized the management of authorization integration in multi-platform system.

关勇,余少华,戴一奇

DOI: https://doi.org/10.3969/j.issn.1000-3428.2004.21.017

2004-01-01

Abstract:This paper presents a RPMI model to solve the limitations in PKIsystems. presents a role-based PMI model, prompts the RPMI system's modules framework and running mechanism based on PKI and gives the RPMI model's two main part of realization: one is role disposing module,the other is privilege verifier module. This RPMI system is applied to an ISPs PKI/PMI management project and gets a success .

杜薇,蒋兴浩,孙锬锋,程剑豪

DOI: https://doi.org/10.3969/j.issn.1009-8054.2009.07.027

2009-01-01

Abstract:Traditional PMI access control model binds privilege to the user and distributes certificate only by aiming at the user itself. This method always neglects the security of the terminal and would bring risk to the network resource. By introducing the security assessment technique, a PMI access control model based on terminal security assessment is designed, which could offectively solve the above problem.

Peng Wu,Zhao Wang,Jiexi Wan

DOI: https://doi.org/10.1109/ITCS.2009.185

2009-01-01

Abstract:In the e-business website which has the characters of personalization ,we need the univers al access controlstrategy to control the behavior of the user. Itpsilas the key point to resolve the website access control that constructing the strategy which combine the role control and privilege management . Integration of RBAC and PMI has prominent advantages of centralized strategy management ,dynamic authorization and effective access control . It can construct agile access control system for security of e -business website .

ZHANG Run-lian,WU Xiao-nian

DOI: https://doi.org/10.3969/j.issn.1009-8054.2007.08.035

2007-01-01

Abstract:According to the information security for campus grid in resource sharing and cooperation wit each other, this paper proposes an access control model based on PMI. The model supports distributed authorit based on delegation, and supports role delegation and partial role delegation based on delegation constraint and temporary delegation role. It follows the least privilege principle and avoids conflict of the authority an exceeding the authority.

Jiang Lifeng,Zhao Baohua

DOI: https://doi.org/10.3321/j.issn:1002-8331.2006.18.071

2006-01-01

Abstract:In the face of more and more problems of security of application information system,this paper analyses the disadvantage and shortage of traditional authentication authorization system.It promotes the whole structure of authentication authorization system based on the Java Authentication Authorization Service framework and model of Role-Based Access Control and its realization process are given.Some relative key techniques including the design of authentication module and authorization module are emphasized.

ZHAO Wei-gang,WANG Run-xiao,ZHANG Jin-rong,HUANG Wei

DOI: https://doi.org/10.3969/j.issn.1001-2265.2006.12.030

2006-01-01

Abstract:According to the requirement of enterprise sales management information system,the problems of management information system permission is analyzed and discussed,under the theory of role-based access control,an Access control model suit to WAN management information system based on user-role-page and menu is brought forward;and the access control process and realized method of the model is brought forward too.The access control model has been used in the WAN sales management information system,and it well completes the access control of the system.

Wang Jin,Li Qiang,Li Daxing

DOI: https://doi.org/10.1109/ICCA.2007.4376922

2007-01-01

Abstract:Role-based Access Control (RBAC) provides an efficient means of managing authorization of the system resources. In the implementation phase, access control should be strong and efficient based on user authentication information, so the RBAC mechanism commonly requires authentication as a prerequisite. By cooperating with Identity-based cryptography, this paper first presents an identity& role based access control (I-RBAC) model which supports user's authentication internally. In our model, both aspect of user authentication and role-based authorization can be verified by a user's signature simultaneously. An implementation method of I-RBAC is also presented using a variant of an ID-based signature scheme due to Cha and Cheon.

LI Bo,HUANG Dong-jun

DOI: https://doi.org/10.3969/j.issn.1006-8937-B.2006.04.001

2006-01-01

Abstract:The paper analyzes and compares several primary ways to distribute privileges during the current design process of access system such as Discretionary Access Control(DAC), Mandatory Access Control (MAC) and Role-Based Access Control (RBAC), points out their respective characteristics and limitations of their applicability. By taking the new characteristics of modern enterprise management into consideration and combining with the existing access control model, the authors discuss the access control technology of the multi-users information system, present and realize the security control model based on role level, department level and user level in the application. Practical application makes clear that it enhances the security and maintainability of information system.

Ying Lei

2006-01-01

Abstract:Privilege management infrastructure is the research hotspot in the field of network security at present. How to improve the PMIsystem’s efficiency and how to standardize the access control policies are the main questions now. A condition based on access control policy and itsimplementation mechanism is improved by using XACML technology. Combined with J2EE technology, a PMI system based on the policy model isdesigned and implemented. The improved system resolves the questions above, provides convenient privilege management and fine-grained accesscontrol.

原仓周,柳重堪,张其善

DOI: https://doi.org/10.3969/j.issn.1000-3428.2004.09.051

2004-01-01

Abstract:An identity-based authorization model is presented in this paper. It combined the identity authentication technique of PKI and the access control technique of RBAC. Considering the compatibility with the existed EMR systems, a realization based on MCS is demonstrated. The roles, privileges and role hierarchy for the EMR systems are defined. The mechanism not only meets the requirement of security, but also ensures the efficiency and generalization of the system.

XU Guo-yong,LIU Qiang,ZHANG Pu-xuan

DOI: https://doi.org/10.3969/j.issn.1000-7024.2007.01.011

2007-01-01

Abstract:On resource integration implemented in government and organization,a more security and open access control system working in large scale application environment is required.Public key infrastructure authenticates a user by granting a public key certificate.Pri-vilege management infrastructure authorizes a user using attribute certificates.RBAC provides a flexible relationship between user and privilege.Emphasis on access control proceeding and policy management using PKI,PMI and RBAC,an access control mechanism based on role and dual-certificates is described.The mechanism has implemented in the taxation resource integration project.

Zhensong Liao,Hai Jin,Chisong Li

DOI: https://doi.org/10.3321/j.issn:1671-4512.2006.02.021

2006-01-01

Abstract:Role-based access control (RBAC) introduced the concept of role to the access control, helping authorized users to access web resources, and reducing the system s burden to store huge individual information. On the basis of analyzing RBAC model, an attributed certificate (AC)-based RBAC model in the distributed environment was put forward in accordance with the characteristics of RBAC system and the superiority of SPKI/SDSI certificate. It defined the AC structure and described the workflow, and concluded the features of the presented model. The analysis showed that the model was characterized by compact credential structure, supporting anonymous access and single login on.

Meisong CAI,Hongming CAI

DOI: https://doi.org/10.3969/j.issn.1671-8844.2006.04.025

2006-01-01

Abstract:The network security polices in terms of users personal,role and temporary attributes are introduced;and then the access and control mechanism for the three security polices are put forward.An adoption of server-pull and LDAP structure is discussed to perform access and control for the enterprise fundamental information platform based on RBAC.The system employs LDAP directory server as the role server and users can obtain required information in certain secure mode(e.g.SSL),so as to implement the relevant RBAC strategy to achieve the access control purpose.The structure's feature is simple and flexible.

侯奋飞,宋宇波

DOI: https://doi.org/10.3969/j.issn.1000-3428.2004.17.047

2004-01-01

Abstract:The e-government involves both the internal information resources for the government and the public resources for exchanges. From the integer point of the view, the security architecture of the e-government is a large-scale multilevel distributed architecture. Therefore it is essential to look for a access control solution satisfying the need of the e-government application. This paper discusses the application of the Arbac97 model in e-government and presents a framework using PMI (Privilege Management Infrastructures) to implement role based access controls.