Lin Yao,Xiangwei Kong,Zichuan Xu

DOI: https://doi.org/10.1109/NCM.2008.75

2008-01-01

Abstract:Although RBAC models have received broad support as a generalized approach to access control, the administration of roles in large organizations can become quite cumbersome. In this paper, we develop a new paradigm for access control and authorization management, called task-role based access control (TRBAC) with multi-constraint. The basic idea of this model different from traditional RBAC is that roles and permissions are not connected directly but are put together by tasks. It is a dynamic authorization model with fine-grained partition on users, roles, tasks and sessions. The unit of task becomes the permission granularity. It is more convenient for enterprise privilege management such as distributed application,C/S access control and workflow management. It can reduce the administrator's burden and avoid some potential safety hazards because of adopted dynamic authorization.

Xuezeng Pan

DOI: https://doi.org/10.3785/j.issn.1008-973x.2009.08.005

2009-01-01

Abstract:To resolve the problem that the simple combination of BLP and Biba models will lead to poor availability,a confidentiality and integrity dynamic union model based on multi-level security(MLS) policy was presented.The two dimensions of secure model are composed of confidentiality and integrity,on which the security label is separated into write privilege range and read privilege range respectively,whereupon subject's access range is adjusted dynamically according to the security label of related objects and the history situation of the subject's access,improving the agility and practicability of the model.The formal definition of this model was given,and the security was also analyzed with proof.Finally,examples were illuminated to show the effectiveness and usability of this model.

CHEN Jin,LV Hongbing,PAN Xuezeng

DOI: https://doi.org/10.3778/j.issn.1002-8331.2011.05.021

2011-01-01

Computer Engineering and Applications Journal

Abstract:The BLP can guarantee the security of information by allowing downward information flow from the low security level to high security level.However,under some circumstances,the upward information flow is also necessary.Clark-Wilson model is used to control and audit subject’s state transition and run time adjustment of low-water-mark policy parameters.This paper proposes a model that allows the upward information flow in the control of Clark-Wilson model.The model is proved secure and applicable.

Wu Di,Jian Lin,Yabo Dong,Miaoliang Zhu

DOI: https://doi.org/10.1109/PDCAT.2005.247

2005-01-01

Abstract:Role-based access control (RBAC) models have generated a great interest in the security community as a powerful and generalized approach to security management. One of important aspects in RBAC is constraints that constrain what components in RBAC are allowed to do. There are lots of research have been achieved to specify constraints for secure system developers. However more work is need urgently to met requirements for interoperability of machine and people understandable constraints specification in open and distributed environment. In this paper we propose another approach to specify constraints using Semantic Web technologies. The Web Ontology Language (OWL) specification of basic RBAC components and constraints are described in detail.

Dongliang Jiao,Liu Lianzhong,Li Ting,Ma Shilong

DOI: https://doi.org/10.1109/icfcsa.2011.27

2011-01-01

Abstract:Usage control model is presented and has been considered as the next generation control model which is used to access digital objects. in order to achieve full functionality of UCON, this paper puts forward a realization of UCON Model Based on extended-XACML-CeXUCON. First, We extended the policy decision point in XACML to support administrate conditions obligations and attributions of subject or object. Second, we established a eXUCON context model and find the differents between eXUCON context model and XACML context model. Finally, the potential of our realization for improving the convenience of enforcement mechanisms is illustrated using a small, but representative example.

CH Fang,W Peng,XZ Ye,SY Zhang

DOI: https://doi.org/10.1109/cscwd.2005.194248

2007-01-01

Journal of Software

Abstract:Access control is one of the key steps to ensuring the availability, confidentiality and integrity of system resources. While it has been fully applied in various network systems, it's still relatively new for collaborative CAD. This paper provides a new framework of multi-level access control for collaborative CAD based on hierarchical product modeling. A layered privilege model (LPM) has been developed to provide multi-granularity access permissions in the part level and feature level. An extended hierarchy role-based access control (EHRBAC) is implemented, integrated with LPM and common Hierarchy RBAC, to provide hierarchical access control of collaborative feature modeling in the component/part level and design feature level. Mesh simplification techniques are used to create variable level-of-detail for individual features.

LIN Chuang,FENG Fu-Jun,LI Jun-Shan

2007-01-01

Abstract:Access control is an important technology for system security, and its mechanism is different for different networks. This paper first introduces the characteristics and applications of three traditional access control policies which are DAC (discretionary access control), MAC (mandatory access control) and RBAC (role-based access control), introduces the UCON (usage control) model, and then analyzes access control technology and current researches in Grid, P2P and wireless environment respectively. In addition, this paper proposes that trustworthy networks as the developing goal of the next generation Internet require using trust-based the access control model to assure security. This paper investigates on the trust and reputation model in detail, and finally gives the prospects of access control.

LIN Chuang,FENG Fu-Jun,LI Jun-Shan

DOI: https://doi.org/10.1360/jos180955

2007-01-01

Abstract:Access control is an important technology for system security, and its mechanism is different for different networks. This paper first introduces the characteristics and applications of three traditional access control policies which are DAC (discretionary access control), MAC (mandatory access control) and RBAC (role-based access control), introduces the UCON (usage control) model, and then analyzes access control technology and current researches in Grid, P2P and wireless environment respectively. In addition, this paper proposes that trustworthy networks as the developing goal of the next generation Internet require using trust-based the access control model to assure security. This paper investigates on the trust and reputation model in detail, and finally gives the prospects of access control.

LIU Su-na,PAN Li,YAO Li-hong

2012-01-01

Abstract:N-BLP model for network access control was proposed based on the traditional BLP model.The new model can control the communication behavior between subjects by defining network elements and constructing new states transition rules.Also,the security validation of the model was given using the finite state machine theory.Further,an N-BLP access control prototype system based on LSM architecture and TCP/IP protocol was implemented.The results show that this system can fine-grainedly control the connection establishment and data flow transmission,and guarantee the security of information exchanging between multi-level network systems.

Peisheng Han,Li Guo,Luyao Liu

DOI: https://doi.org/10.1109/eiecs53707.2021.9588053

2021-01-01

Abstract:Aiming at the problem of illegal access in cross domain access control in multi-level system, this paper proposes a D-BLP dynamic cross domain access control model by improving the BLP access control model. The set of secure labels is used to track the information flow in the system to ensure that the information can't be flowed to non-authorized subjects. Finally, the security of the model is proved by using the non-interference theory.

LENG Chun-xia,YU Hui-qun,HAN Jian-min

2009-01-01

Abstract:The access control mechanism in open systems can not only respond to the access requirement of a large amount of users whose identities are not recognizable in advance, but also reflect context information in user's access requirements. We propose a trustworthiness- and context-based access control model (TC-RBAC) and give a method of evaluating the trustworthiness of users. By means of trustworthiness, the applicable roles are assigned to the users whose identities are not recognizable in advance. Besides, context constraint contributes to the decisions of authorization according to context information in user's access requirements. These satisfy the design demands of the access control mechanism in open systems.

Gang Liu,Guofang Zhang,Runnan Zhang,Juan Cui,Quan Wang,Shaomin Ji

DOI: https://doi.org/10.1109/ISNCC.2017.8071977

2017-01-01

Abstract:Bell-LaPadula model is the most classical multilevel security access control model, however, the existence of the response blind area in Bell-LaPadula model is a great threat for system. In this paper we propose an improved Bell-LaPadula model combining with obligation mechanism. Response mechanism is also introduced in the improved model which can resolve the disadvantage of response blind area. Furthermore, the security of the improved model and covert channel is analyzed in detail.

shaomin zhang,hongbian yang,baoyi wang

DOI: https://doi.org/10.1007/978-3-642-27287-5_94

2012-01-01

Abstract:For the problems of attribute elements maintenance difficulty and heterogeneous attribute of multi-domain in ABAC model, we propose the method of using ontology to maintain access control elements and distributed attribute management, which describe the logical relationships among attributes with OWL and introduce attribute mapping technology in access control decision-making. It can reduce the complexity of attribute management and raise the security of the cross-domain access. It makes up the defects in original ABAC model, and has a good reference to research the cross-domain access control.

Chen-hua Ma,Guo-dong Lu,Jiong Qiu

DOI: https://doi.org/10.1631/jzus.c0910564

2010-01-01

Journal of Zhejiang University SCIENCE C

Abstract:Collaborative access control is receiving growing attention in both military and commercial areas due to an urgent need to protect confidential resources and sensitive tasks. Collaborative access control means that multiple subjects should participate to make access control decisions to prevent fraud or the abuse of rights. Existing approaches to access control cannot satisfy the requirements of collaborative access control. To address this concern, we propose an authorization model for collaborative access control. The central notions of the model are collaborative permission, collaboration constraint, and collaborative authorization policy, which make it possible to define the collaboration among multiple subjects involved in gaining a permission. The implementation architecture of the model is also provided. Furthermore, we present effective conflict detection and resolution methods for maintaining the consistency of collaborative authorization policies.

Yizhong Liu,Meikang Qiu,Jianwei Liu,Meiqin Liu

DOI: https://doi.org/10.1109/cscloud-edgecom52276.2021.00032

2021-01-01

Abstract:In this paper, we study the existing blockchain consensus mechanisms that can be applied to access control scenarios and analyze advantages and disadvantages for each category. Besides, we divide access control procedures into policy formulation, storage, and request processing. For each procedure, we summarize existing methods and analyze possible problems. Finally, we give the potential future research directions. This paper provides a clear framework for access control, on which researchers can explore new types of blockchain-based access control solutions to solve the existing security and performance problems.

Huanchun Peng,Jun Gu,Xiaojun Ye

DOI: https://doi.org/10.4304/jcp.4.6.494-501

2009-01-01

Journal of Computers

Abstract:Over the last twenty years, there has been a tremendous growth in the amount of data collected about individuals. Most existing privacy enhancing technologies could not prevent privacy breach effectively, since the real threat is not the control of private data access but the control of usage. While "access control" is well understood, how to achieve "usage control" is still unclear. In the online environment, information is easily copied or delivered. UCONABC, as the next generation of access control, is inadequate to cover the entire privacy information life cycle. As an alternative, accountability may become a candidate means to judge the correctness of individual data's usage. In this paper, we give a framework with the goal of privacy promise compliance and accountability, which may help to such kind of situation before sound privacy answers may be realized. Besides, we discuss some relevant technical and non-technical components which are needed in the privacy scenario. In the end, we state several research challenges towards the implementation of our framework.

Jinhua Ma,Shengmin Xu,Jianting Ning,Xinyi Huang,Robert H. Deng

DOI: https://doi.org/10.1109/tsc.2023.3324736

IF: 11.019

2023-01-01

IEEE Transactions on Services Computing

Abstract:Bilateral access control model, emerging as a novel paradigm in access control, has garnered extensive deployment within the domain of fog computing. This model offers on-demand data services, enabling the efficient identification of sensitive data without resorting to resource-intensive decryption procedures. Nonetheless, prevailing solutions exhibit impracticalities. Specifically, they fall short in supporting adaptive security, while presuming unwavering trustworthiness of the central authority. In this paper, we introduce a pioneering fine-grained and adaptively secure bilateral access control system through enhancements to the matchmaking attribute-based encryption (MABE) framework. We give a formalized definition of MABE, incorporating desirable security features such as blindness and unlinkability, aimed at capturing potential misconduct by the central authority. We propose a generic construction of MABE, drawing upon attribute-based encryption (ABE) and anonymous credential schemes (ACS), with provable security via formal security reduction in the adaptive model. We present an efficient instantiation of the MABE framework by introducing a practical ACS solution, wherein a cryptographic accumulator is employed to enhance performance. Experimental simulations substantiate that our solution not only has superior functionalities but also demonstrates performance on par with state-of-the-art solutions.

ZHANG LUQIAO,CHEN AIDONG,QIN ZHIGUANG

DOI: https://doi.org/10.3969/j.issn.1008-0570.2007.01.124

2007-01-01

Abstract:Since the proposal of RBAC96, a lot of RBAC model appeared. However, when applied to practical systems, they do not work effectively as they supposed to do. The results always come to an end that people returned to simple access control model using the concept of user- group. In this passage, several effective models are described, and then UARBAC model is proposed based on them. After that, a prototype of file access control system using UARBAC model is proposed.

Guo-yuan LIN,Shan HE,Hao HUANG,Ji-yi WU,Wei CHEN

2012-01-01

Abstract:In view of the current popular cloud computing technology,some security problems were analyzed.Based on BLP(Bell-LaPadula) model and Biba model,using the access control technology based on behavior to dynamic adjusting scope of subject's visit,it put forward the CCACSM ( cloud omputing access control security model).The model not only guarantees the cloud computing environment information privacy and integrity,and makes cloud computing environment with considerable flexibility and practical.At last,it gives the model's part,safety justice and realization process.

Peng Liu,Jian-bin Hu,Zhong Chen

DOI: https://doi.org/10.1109/WI.2005.2

2005-01-01

Abstract:Although several access control policies have been proposed for securing access to resources, they focused on security of distributed environments that were rather static. Nowadays distributed environment becomes open and dynamic. In this paper, we propose a formal language for access control policies in open and dynamic environment. The language is based on description logic program and generalized courteous logic program supporting classical negation, prioritized conflict handling and mutual exclusion constraints. The language allows the specification of positive and negative authorization, privilege delegation and revocation, prioritized conflict resolution and mutual authorization exclusions.