Chun-hua GU,Xue-qin ZHANG,Guo-xin SONG

DOI: https://doi.org/10.3969/j.issn.1006-3080.2005.03.018

2005-01-01

Abstract:After analyzing the access control requirement of a virtual enterprise, a cross enterprise RBAC (CE-RBAC) model is defined by extending the traditional role based access control (RBAC) model. Through CE-RBAC model, the secure cross-enterprise access control can be easily implemented in virtual enterprise environment.

XL Li,ZW Xu,XW Liu,N Yang

DOI: https://doi.org/10.1109/wi.2003.1241240

2003-01-01

Abstract:It is a challenge to integrate and share resources securely across multiple autonomous administrative domains environment. We introduce the community-based model of vega enterprise information grid and its operation mechanism. The individuals and/or institutes forming different communities can not only implement diverse policies and autonomous management of resource sharing without any impact on the other communities, but also achieve a globally shared goal. Based on the model, the access control technique, including framework and uniform formalizing, is presented in detail. The static or dynamic role binding is used for entitling user's request for accessing resources within or across communities, which ensures a globally unified view for user. A prototype describes how these techniques are useful in building an enterprise information grid. The evaluation and future continuing works are presented in the conclusion.

Yan Zhuang,Dan Xu,Kailong Zhang,Jingui Pan,Jiming Chen

DOI: https://doi.org/10.1109/iccs.2008.4737241

2008-01-01

Abstract:Collaborative virtual environment (CVE) is a multi-user virtual environment that supports distributed collaboration. The two main issues that CVE is facing are how to improve system scalability and quality of service. Combining Active routing and content-based publish/subscribe and taking bi-directional shared multicast tree as the communication structure of Interest Management, Active interest management (AIM) can effectively improve system scalability. However, due to the lack of network monitoring, it can only provide same services, and consequently cannot guarantee services and alleviate system workload when it gets saturated. In this paper, we propose a QoS-based Adaptive Access control (QAAC) approach which includes dynamic system delay maintenance, active router verification and host low start. By QAAC, we dynamically control the access of hosts based on network status to improve services and scalability in AIM. Finally, experiment results show that this approach can stabilize network traffic, reduce system load and provide better collaboration services.

LI Lingfeng,TAN Jianrong,QI Guoning,JIAN Zhengfeng

DOI: https://doi.org/10.3321/j.issn:1004-132x.2001.z1.044

2001-01-01

Abstract:Part information online access system facilitates the members of a virtual enterprise to share data agilely and instantaneously. This paper presents the architecture that support sharing data and service between departments in an enterprise, or between enterprises. The components, such as data maintenance, publishing, search, presentation, user management, administration of the part information online access system are introduced. The part classification method, the data model for part information, the user scenario and the supplier scenario are described.

Chunhua Gu,Jing Gu,Xueqin Zhang

2006-01-01

Abstract:Virtual enterprise is a kind of distributed environment in which the members need to dynamically collaborate each other. An access model is essential in order to control the access to shared resources among member enterprises in a virtual enterprise. We researched the existing traditional access models, which serve the single enterprise and collaborative environments. By incorporating trust management with layer based access control (LBAC) and task based access control (TBAC), we put forward a Task Delegation-based Access Model (TDBAM). In TDBAM, member enterprises are connected by task assignments. Using delegation logic the inter-organizational control rules are enforced among member enterprises. Thus we can protect the resources of each enterprise in distributed environment efficiently and flexibly. And the needs of access control among enterprises are met.

Dejun Chen,Zude Zhou,Yingzhe Ma,D. T. Pham

DOI: https://doi.org/10.1108/03684920810907517

IF: 2.352

2008-01-01

Kybernetes

Abstract:PurposeThe purpose of this paper is to create a model of role‐based access control (RBAC) based access control for virtual enterprise (VE).Design/methodology/approachAn access control model for security and management of VE is presented by integrating generic structure of VE and applying the principles of RBAC. In addition, the application of the model to a supply chain‐oriented VE illustrates that a general access control scheme can ensure the running of VE.FindingsA theory base of access control for the realization of the VE is found.Originality/valueThe paper presents a very useful new model of access control for VE. This paper is aimed at researchers and engineers.

Chunhua Gu,Xueqin Zhang,Guoxin Song

2005-01-01

Abstract:Because of the new business trends such as cooperating, downsizing and resource sharing, the use of virtual organization (VU) is gaining increasing importance as a model for building large-scale business information systems. Authorization is essential in VU in order to control the access to shared resources. But authorization in VU is challenging because the participants of VU need to collaborate in a distributed, dynamic and heterogeneous environment, and accordingly the access control policies are complex. A delegation logic based authorization mechanism is put forward in this paper. Our proposed approach translates the access requests, credentials and access policies into unified delegation logic rules. Based on the calculation on those rules, the access decision is made. We introduce the concept of Access Unit (AU), which wraps the AC system of a task. The rude exchange interface of AU is defined. The main contribution of this paper is that it suggests a practical mechanism for implementing authorization for VU. In essence, we propose an approach to enforce RBAC in VU based on task/project structure.

GAO Xiao-wu,GU Chun-hua,CHEN De-qing

DOI: https://doi.org/10.3969/j.issn.1000-7024.2007.12.012

2007-01-01

Abstract:Access control is one of the most difficult topics in the area of virtual enterprise.Based on the current research results of access control technology,VE-SAML model is proposed for the typical requirements of enterprise collaboration and seamless access among vir-tual enterprise.Because of using the XML form,the model is maintained and extended easily,and is used to realize the user management of VE.

Dejun Chen,Rui Hu,Zhu Du,Zude Zhou,C. Ji

DOI: https://doi.org/10.1109/indin.2009.5195917

2009-01-01

Abstract:This paper analyzes the requirements of a Virtual Enterprise access control. An SOA-based virtual enterprise access control model is proposed to handle resource management. The authorization mechanism and the operation process of the model are explained. Meanwhile, the components and the framework of the model are given. Finally, a team project development management platform based on the SOA-based virtual enterprise access control model is shown, which provides a solid foundation for the reasonable implementation.

Biao Li,Kaiyu Dai,Shensheng Zhang

DOI: https://doi.org/10.1109/WECWIS.2001.933927

2001-01-01

Abstract:Certificate authority is the core component of public key infrastructure. However, the traditional structure of CA is either hierarchical or reticular, unsuitable for the security requirements of the new trends in enterprise cooperation, namely the virtual enterprise (VE). In this paper a new idea, the virtual certificate authority (VCA), is proposed, as well as its implementation. The goal of VCA is to provide a certificate service over virtual enterprises while keeping the CA of each participant intact as much as possible. Unlike PEM, PGP, and BCA, by using the secret sharing scheme, virtual CA avoids the need for TTP and supports the virtual enterprise's feature of dynamical construction and destruction

Cuiyu Fu,Aiping Li,Liyun Xu

DOI: https://doi.org/10.1109/ICIME.2010.5477976

2010-01-01

Abstract:This paper proposes a hierarchical and dynamic security access control we call RTBAC (role and task-based access control) model for cooperation in a virtual enterprise. A multi-level privilege model is developed to simplify the process of permission definition and assignment for enriching the expression ability and helping to realize fine-gained access control. Role hierarchy and the task stat migration are brought into RTBAC for dynamic authorization management. Based on the practice, RTBAC model is more efficient to control collaborative operations. It meets the characters of design tasks. Different designers with different roles in different tasks have multi-level privileges to the components; the designers see only the data they are allowed to see, at the level of detail they are permitted to see it, which avoids the shortcoming of "all-or-nothing" permissions. © 2010 IEEE.

Jianxin Li,Jinpeng Huai,Chunming Hu,Yanmin Zhu

DOI: https://doi.org/10.1016/j.ins.2010.05.014

IF: 8.1

2010-01-01

Information Sciences

Abstract:Nowadays, various promising paradigms of distributed computing over the Internet, such as Grids, P2P and Clouds, have emerged for resource sharing and collaboration. To enable resources sharing and collaboration across different domains in an open computing environment, virtual organizations (VOs) often need to be established dynamically. However, the dynamic and autonomous characteristics of participating domains pose great challenges to the security of virtual organizations. In this paper, we propose a secure collaboration service, called PEACE-VO, for dynamic virtual organizations management. The federation approach based on role mapping has extensively been used to build virtual organizations over multiple domains. However, there is a serious issue of potential policy conflicts with this approach, which brings a security threat to the participating domains. To address this issue, we first depict concepts of implicit conflicts and explicit conflicts that may exist in virtual organization collaboration policies. Then, we propose a fully distributed algorithm to detect potential policy conflicts. With this algorithm participating domains do not have to disclose their full local privacy policies, and is able to withhold malicious internal attacks. Finally, we present the system architecture of PEACE-VO and design two protocols for VO management and authorization. PEACE-VO services and protocols have successfully been implemented in the CROWN test bed. Comprehensive experimental study demonstrates that our approach is scalable and efficient.

Dejun Chen,Zude Zhou,D. T. Pham

DOI: https://doi.org/10.1108/03684920810907526

IF: 2.352

2008-01-01

Kybernetes

Abstract:PurposeThe purpose of this paper is to create a model of role‐based access control (RBAC) for virtual enterprise (VE).Design/methodology/approachAn access control model for security and management of VE is presented by integrating generic structure of VE and applying the principles of RBAC. In addition, the application of the model to a supply chain oriented VE illustrates that a general access control scheme can ensure the running of VE.FindingsA theory base of access control for the realization of the VE is found.Originality/valueThe paper provides a very useful new model of access control for VE. This paper is aimed at researchers and engineers.

Xingcan Zhou,Fuyou Miao,Yan Xiong

DOI: https://doi.org/10.1109/bigcom53800.2021.00007

2021-01-01

Abstract:Virtual enterprise is an effective model of many systems like mobile ad hoc network and smart city. It consists of many independent abstract enterprises which communicate with each other through cross-domain authentication. To realize cross-domain authentication, we propose a scheme which combines threshold secret sharing and identity based encryption to construct certificate authority domain. This scheme minimizes the length of verifying path and realizes decentralization because it does not rely on trusted third party. Because of using disturbance, this scheme allows enterprises to join and quit and makes all enterprises have equal status. Moreover, the threshold and initial quantity of enterprises are equal, which makes the system able to set up on public channel.

Bo Zhou,Zhi-jun He,Jing-fan Tang

DOI: https://doi.org/10.1109/CIT.2005.61

2005-01-01

Abstract:With the development of web services related technologies, the enterprise business systems can be encapsulated through web services. The service oriented architecture can be adopted for the enterprise business processes. Specific interfaces are introduced between the web services of different enterprises for data exchanging to achieve the cross-enterprise systems integration. Different enterprises can be organized into virtual enterprise through web services to share resources and achieve win-win. This paper introduces an adaptive model of virtual enterprise based on dynamic composition of web services (DCWS-VE). A service execution plan will be dynamically built to aim at the target of the virtual enterprise through the composition of web services. The development and deployment of web services is separated to support the dynamically deploying and binding of the web service at run time. The members in the virtual enterprise will be located through the dynamic web service discovery based on DAML+OIL logic reasoning, and selected through the dynamic web services negotiation with multi- steps protocol to organize the virtual enterprise at run time. Electronic contract is adopted in the organizing process of virtual enterprise to achieve the stable running.

Xb Zhao,Ky Lam,Sl Chung,M Gu,Jg Sun

DOI: https://doi.org/10.1007/978-3-540-27800-9_36

2004-01-01

Abstract:With the rapid development of the global information infrastructure, the use of virtual organization (VO) is gaining increasing importance as a model for building large-scale business information systems. The notion of VO is significant in that it could serve as a basic framework for implementing geographically distributed, cross-organizational application systems in a highly flexible manner. VO is generally composed of participants from different organizations driven by specific tasks. In order to control both participation and access to shared resources, authorization is essential in VO. However, authorization in VO is challenging because of the dynamic and distributed nature of VO, thus requiring mechanisms that axe efficient, scalable and being able to handle complex access control policies. This paper analyzes the requirement of authorization services for VO and proposes the use of threshold scheme as a basic mechanism for implementing authorization services in large scale distributed computing systems. While pointing out the desirable features of threshold schemes for complex authorization policies, the paper also discusses the practical limitations of threshold schemes in such an environment. The main contribution of this paper is that it suggests a practical approach for deploying threshold closure, an optimal form of threshold schemes, for implementing authorization of VO. In essence, we suggest segregating the policy and mechanism aspects of threshold closure so that complex policies may be specified using threshold closure which are implemented conveniently using existing authentication-based enforcement mechanisms available in traditional security infrastructure.

Tao Li,Jianrong Tan,Lingfeng Li,Jiayin Gu

DOI: https://doi.org/10.3321/j.issn:1002-8331.2001.02.001

2001-01-01

Abstract:Virtual Enterprise(VE) has been used in articulating the mode of 21st manufacturing enterprises.Plan reengineering within Virtual Enterprise alliances,Virtual Enterprise is based on the global enterprises＇ resource and realizes flexibility in the alliances.The most important problem of agile manufacturing enterprises is How to constitute the Virtual Enterprise rapidly.On account of Internet＇s development,the basis of realizing Virtual Enterprise is provided.This paper presents an project of Virtual Enterprise constitution which is Virtual Enterprise Service Agent.The application framework of VESA and business processing are also presented.

F. Liang,R. Y. K. Fung,Z. Jiang,T. N. Wong

DOI: https://doi.org/10.1080/00207540601100916

IF: 9.018

2008-01-01

International Journal of Production Research

Abstract:The concept of Virtual Enterprise (VE), a special organization of manufacturing units and enterprises, has attracted considerable attention in recent years. Unlike traditional enterprise, VE is most suitable in production environments that experience frequent changes in product mix. To complete a complex task composed of some sub-tasks, traditional control architecture is not versatile enough to coordinate and schedule multi-site and multi-type resources, especially in resolving resource conflicts during operations. Using hybrid control architecture, VE can execute the effective control on multi-site enterprises to support the rapid response to customer demands. Coordination mechanism running through the total life cycle of VE is applied to coordinating and scheduling the requests from different tasks and resources, which make VE flexible, adaptive and robust. In this paper, the hybrid control architecture based on multi-agent technology that supports the cooperation of enterprises is presented. Coordination mechanism and the corresponding optimal models are discussed. Finally a case study is used as an illustration to present the detailed coordination mechanism.

Dejun CHEN,Mei HUANG,Zude ZHOU

DOI: https://doi.org/10.3969/j.issn.1671-8844.2006.05.030

2006-01-01

Abstract:The organization structure of virtual enterprise is analyzed in detail;and then a functional structure of virtual enterprise is proposed based on Multi-agent;of which the construction process is described.Based on this,the architecture of Multi-agent virtual enterprise based on simplified public key infrastructure(PKI) is designed;of which the security mechanism such as login/logoff,access control,security communication between agent and security recovery,is researched.This architecture and related security mechanism can guarantee the validation and non-reputation the activity of agent in virtual enterprise.

Jianxin Li,Jinpeng Huai,Chunming Hu

DOI: https://doi.org/10.1109/srds.2007.12

2007-01-01

Abstract:The increasing complexity and dynamics of grid environments have posed great challenges for secure and privacy-preserving collaboration in a virtual organization. In this paper, we propose PEACE-VO, a secure policy-enabled collaboration framework for virtual organizations. PEACE-VO employs role mapping to define trust relationships across autonomous domains. Nevertheless, a critical issue emerges when the system applies role mapping, which is potential policy conflict in a local domain. We first develop two concepts to depict such possible conflicts within the collaboration policy. Next, we propose a fully distributed evaluation algorithm to detect potential policy conflicts, which does not require domains to disclose their full local security policies and therefore preserves critical domain privacy. Finally, we design two dedicated protocols for virtual organization management and authorization services, respectively. We have successfully implemented the PEACE-VO framework with two fundamental protocols, i.e., VO management protocol and service authorization protocol, in the CROWN Grid. Comprehensive experimental study shows our approach is scalable and efficient.