Lin Yao,Xiangwei Kong,Zichuan Xu

DOI: https://doi.org/10.1109/NCM.2008.75

2008-01-01

Abstract:Although RBAC models have received broad support as a generalized approach to access control, the administration of roles in large organizations can become quite cumbersome. In this paper, we develop a new paradigm for access control and authorization management, called task-role based access control (TRBAC) with multi-constraint. The basic idea of this model different from traditional RBAC is that roles and permissions are not connected directly but are put together by tasks. It is a dynamic authorization model with fine-grained partition on users, roles, tasks and sessions. The unit of task becomes the permission granularity. It is more convenient for enterprise privilege management such as distributed application,C/S access control and workflow management. It can reduce the administrator's burden and avoid some potential safety hazards because of adopted dynamic authorization.

Ni Wancheng,Liu Lianchen,Liu Wei

DOI: https://doi.org/10.3321/j.issn:1002-8331.2006.21.037

2006-01-01

Abstract:Based on RBAC(Role-Based Access Control) theory,a role-page model based access control method for Web applications is given out to facilitate the Implementation of RBAC Model.Considering the characteristic of B/S application model,this method is to logically partition the business logic and the representation logic.Then the access control can be implemented by controlling the Web pages' availability to different roles.This method can be used to facilitate the construction of Web applications because it reduces the judge code of access control.And this method has already been validated in the CERS(China education Equipments and Resource Sharing) project.

BAO Zhigang,HU Yanjun,GU Xinjian

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.01.059

2006-01-01

Abstract:Firstly making reference to role based access control(RBAC)model,this paper proposes the basic idea about access control.Then it introduces database design of two realizing methods about access control and two methods’ realization in program,it also presents visual effect.Finally it analyzes and compares one to another in detail from two aspects of applicability and reusability.

刘晓冰,白朝阳,王霄,李忠凯

DOI: https://doi.org/10.3969/j.issn.1000-3428.2010.03.050

2010-01-01

Abstract:Aiming at the problems of Privilege Management Infrastructure(PMI) model application in the work flow system that data redundancy, weakly dynamic adaptability, this paper proposes a PMI model based on Task-Role Based Access Control(T-RBAC). The model can make the relationship between access right and task by adding task specification access certificate, task assignments access certificate and task management agent. Application result proves that the model can support information security management with three ways of access control in dynamic work flow systems, it consists of access control based on role, task and role and task.

Peng Liu,Zhong Chen

DOI: https://doi.org/10.1109/wi.2004.10081

2004-01-01

Abstract:Business process describes a set of services that span enterprise boundaries and are provided by enterprises that see each other as partners. Web services is widely accepted and adopted to construct business process. Web services are built in exposed environment and open to security threats. When a web service contained in a business process is authorized to illegal users, it will cause economic loss of the service provider. Although there exist some standards for security of Web services and access control for services in distributed systems are well studied, there is a lack of comprehensive approach in access control for web services, especially in business process. In this paper, an extended RBAC model, called WS-RBAC, is proposed to secure web services in business process. The model takes web services in business process as protected objects and extends the classical RBAC model. Next, The software architecture of WS-RABC is presented. This paper also presents how to specify business process in the model and the authorization constraints of WS-RBAC based on WS-Policy.

LI Bo,HUANG Dong-jun

DOI: https://doi.org/10.3969/j.issn.1006-8937-B.2006.04.001

2006-01-01

Abstract:The paper analyzes and compares several primary ways to distribute privileges during the current design process of access system such as Discretionary Access Control(DAC), Mandatory Access Control (MAC) and Role-Based Access Control (RBAC), points out their respective characteristics and limitations of their applicability. By taking the new characteristics of modern enterprise management into consideration and combining with the existing access control model, the authors discuss the access control technology of the multi-users information system, present and realize the security control model based on role level, department level and user level in the application. Practical application makes clear that it enhances the security and maintainability of information system.

陆庭辉,文贵华

DOI: https://doi.org/10.16208/j.issn1000-7024.2010.07.040

2010-01-01

Abstract:Aimed at the characteristic of web system and its special demand in access control,a role-module-page model based fundamental idea of access control in B/S environment is proposed and then its implementation details are discussed.Based on traditional role-based access control model,role-module-page model treats a series of pages as module,describes the role's access permission of each module and the function of each page with binary values,so while the user access the pages,the user authentication can be finished by a series of logical operations.Through practical application in FM2E(maintenance system for freeway mechanical equipments),it indicates that the proposed access control method can satisfy enterprise's demand in access control of web system with good applicability,scalability and flexible configuration.

曾岫,彭宏,左国威

DOI: https://doi.org/10.3969/j.issn.1007-1423-b.2008.10.002

2008-01-01

Abstract:Proposes a new role-based access control model on the basis of analysing the tradi-tional RBAC model.The model can efficiently overcome the shortcoming of the traditional model.It can decrease the complexity of authorization management and expense of manage-ment,and provides a better e-Environment for managements to realize security strategies.

ZHOU Shen-gang,ZHAO Song-zheng

DOI: https://doi.org/10.3969/j.issn.1001-3695.2005.06.073

2005-01-01

Abstract:The authority management in information systems is one of the necessary conditions to guarantee the data safety.Based on discussing the model of role-based access control and combining with the shared project of information system developing,a new RBAC-based authority control method in information system of B/S mode is presented so as to the problems in the method of access control based on user-function are solved.The new method has been applied in the course of the system developing, and the safe authority control is realized with good effect.

Wang Zhenjiang,Liu Qiang

DOI: https://doi.org/10.3321/j.issn:1002-8331.2005.35.009

2005-01-01

Abstract:Authority Management is a most important aspect of Information Systems.A successful information system is always supported by a well-designed access control system.Role-based access control policy,which is the focus of access control study nowadays,is more flexible and less management burden.Based on Role-Based Access Control(RBAC) and Task-Role-based Access Control,this paper gives a flexible extended access contrl models,XRBAC,standing for Extended Role-Based Access Control,which extends the definition of role management and authority.

MA Xiao-dong,LIU Xian-hui,ZHAO Wei-dong

DOI: https://doi.org/10.3969/j.issn.1671-0428.2008.02.002

2008-01-01

Abstract:In this paper, the author analyzed a number of access control models ,discussed the application of role-based access control(RBAC) in ASP platform, and also designed and implemented a kind of RBAC model used in mobile business platform based on ASP. This model is based on platform users and the structure of enterprises' organization, divides the roles into different classes and levels which can decrease the complexity of the authorization and management of users.

ZHU Yi-qun,LI Jian-hua,ZHANG Quan-hai

DOI: https://doi.org/10.3321/j.issn:1006-2467.2007.05.026

2007-01-01

Abstract:This paper reviews the existing research work of the security technology and access control for web services, and then presents a dynamic hierarchical role-based access control model for web services. In this paper, by introducing the notion of authorization group and mechanism of hierarchical access control, the model dynamically manages privileges and protects the parameters themselves. The model improves the flexibility and independence and expansion of access control for web services, and dynamically manages privileges, and provides a more perfect security mechanism for web services, and also effectively enhances the security for web services applications.

高涛,朱晓民,沈奇威

2011-01-01

Abstract:With the development of Internet,privacy has been acknowledged to be more and more important.So far,there exists such like P3P,EPAL,XACML models or frameworks to protect privacy.This paper describes a privacy protection model based on the familiar access control model RBAC.It supports to fulfill the demand for complex privacy strategies,such like the standards of Safe Harbor Frameworks.By the way,this paper also gives out an achievement of the model in a Content Management System.

Q Li,JP Shi,SH Qing

DOI: https://doi.org/10.1109/icebe.2005.23

2005-01-01

Abstract:Role-based access control (RBAC) model has been widely deployed for Web security. In some large-enterprise-wide situations, however, this model is difficult to manage due to huge amount of users, roles and interrelationships. As a result, the applications of this model are greatly limited. To address this problem, we present in this paper a decentralized RBAC model (DRBAC) by proposing a new concept of groups and by introducing non-trivial modifications to the user-role assignment of the existing models

SHAN Qiyi,GAO Jianmin,CHEN Liang

DOI: https://doi.org/10.3969/j.issn.1001-3881.2006.10.009

2006-01-01

Abstract:Access control mechanism is an increasingly important content in security policy of distributed workflow management system.Based on the RBAC model,the new requirement of access control mechanism in workflow environment was analyzed,a WS_RBAC model was built to realize the access control in Web-based WFMS and the representation of context constraints was analyzed.The external quality system examination was taken as example,the model and context constraints introducing were validated.

ZHAO Wei-gang,WANG Run-xiao,ZHANG Jin-rong,HUANG Wei

DOI: https://doi.org/10.3969/j.issn.1001-2265.2006.12.030

2006-01-01

Abstract:According to the requirement of enterprise sales management information system,the problems of management information system permission is analyzed and discussed,under the theory of role-based access control,an Access control model suit to WAN management information system based on user-role-page and menu is brought forward;and the access control process and realized method of the model is brought forward too.The access control model has been used in the WAN sales management information system,and it well completes the access control of the system.

Zhu Yiqun,Li Jianhua,Zhang Quanhai

DOI: https://doi.org/10.3969/j.issn.1000-386X.2008.11.054

2008-01-01

Abstract:In accordance with the increasing customers and the various resource access policies in service-oriented environments,the limi- tation of the related research is anallyzed,and a multi-policy services-oriented attribute-based role-based access control(AB-RBAC) model is proposed.Based on the relationship between the resource attribute and the user attribute in multi-policies,different role groups are defined,and relevant rules are made.User-rde assignment is realized based on a finite set of rules,and the requirement of multiple access policies is satis- fied.The flexibility of access control is enhanced,and the efficiency of the system is improved.A case that uses the AB-RBAC model is de- scribed,and a detailed comparison among several models is made,which clearly shows the advantages of AB-RBAC.

XU Guo-yong,LIU Qiang,ZHANG Pu-xuan

DOI: https://doi.org/10.3969/j.issn.1000-7024.2007.01.011

2007-01-01

Abstract:On resource integration implemented in government and organization,a more security and open access control system working in large scale application environment is required.Public key infrastructure authenticates a user by granting a public key certificate.Pri-vilege management infrastructure authorizes a user using attribute certificates.RBAC provides a flexible relationship between user and privilege.Emphasis on access control proceeding and policy management using PKI,PMI and RBAC,an access control mechanism based on role and dual-certificates is described.The mechanism has implemented in the taxation resource integration project.

Meisong CAI,Hongming CAI

DOI: https://doi.org/10.3969/j.issn.1671-8844.2006.04.025

2006-01-01

Abstract:The network security polices in terms of users personal,role and temporary attributes are introduced;and then the access and control mechanism for the three security polices are put forward.An adoption of server-pull and LDAP structure is discussed to perform access and control for the enterprise fundamental information platform based on RBAC.The system employs LDAP directory server as the role server and users can obtain required information in certain secure mode(e.g.SSL),so as to implement the relevant RBAC strategy to achieve the access control purpose.The structure's feature is simple and flexible.

P Liu,Z Chen

DOI: https://doi.org/10.1109/cec-east.2004.17

2005-01-01

Abstract:Web services are widely accepted and adopted to provide business functionality in business world. Especially, Web service is chosen to compose business process by companies to achieve their business objectives. Business process contains a set of activities, which represent business interactions between Web services spanning company boundaries. As Web services are built in open distributed environment, it is apt to cause security concerns. Security problems mainly prevent many companies from implementing Web services. This paper proposes an extended RBAC model, called WS-RBAC4BP, to protect Web services in business process. In this model, companies and Web services are considered as subjects and protected objects, respectively. New types of constraints are introduced. Furthermore, the system architecture of WS-RABC4BP is presented. This paper also gives examples to illustrate the model