CH Fang,W Peng,XZ Ye,SY Zhang

DOI: https://doi.org/10.1109/cscwd.2005.194248

2007-01-01

Journal of Software

Abstract:Access control is one of the key steps to ensuring the availability, confidentiality and integrity of system resources. While it has been fully applied in various network systems, it's still relatively new for collaborative CAD. This paper provides a new framework of multi-level access control for collaborative CAD based on hierarchical product modeling. A layered privilege model (LPM) has been developed to provide multi-granularity access permissions in the part level and feature level. An extended hierarchy role-based access control (EHRBAC) is implemented, integrated with LPM and common Hierarchy RBAC, to provide hierarchical access control of collaborative feature modeling in the component/part level and design feature level. Mesh simplification techniques are used to create variable level-of-detail for individual features.

Di Wu,Yabo Dong,Jian Lin,Miaoliang Zhu

DOI: https://doi.org/10.1007/11563952_52

2005-01-01

Abstract:The fast development of E-Commerce and information technology brings much higher requirements for enterprise informationization. Because of the differences in platforms, development languages and standards etc, enterprise application integration (EAI) has become the important form of enterprise informationization to support complex business processes. Web services have emerged as the next generation of integration technology which provides the power to support interoperability. However EAI doesn’t just present new interoperability challenges; it also presents serious privacy and security challenges. This paper presents security architecture of Web Services based EAI which uses distributed Single Sign On authentication and distributed Role-based Access Control authorization. The basic concept and prototype system of the security architecture are described in detail.

Yuansheng Zhong,Dongping Hu,Maojun Huang,Deren Chen

DOI: https://doi.org/10.1109/WI-IATW.2006.8

2006-01-01

Abstract:In order to overcome the deficiencies of current reputation management system (RMS) for P2P e-commerce communities (ECCs), a comprehensive RMS model is presented. This model is composed of a reference model, a directed graph of feedback relationship (DGFR), and a protocol for management of transaction among peers within the ECC. It provides the possibility for different pair of peers with different trust values between them at different time. The model also differentiates apparently between the feedback trust and trade trust. By the tool of DGFR, the model is integrated with the average transaction money per peer and average rating it receives. It gives a preferable solution to several ordinary trust cheat in the reputation-based ECC and help implement a practical RMS in an ECC

曾璎珞,潘雪增,陈健

DOI: https://doi.org/10.3969/j.issn.1000-3428.2010.10.052

2010-01-01

Abstract:This paper proposes a dynamic security access control model based on system reliability,so as to improve the flexibility of combination among multiple security access control strategies,and to ensure system security and practicality.The model can choose the proper kind of combination among the security access control strategies dynamically in order to deal with different system states and improve the whole system performance.Experimental results prove that this model makes the multiple strategies control more flexible,ensures the system security,and improves practicality of the system.

刘端阳,平玲娣,潘雪增

DOI: https://doi.org/10.3785/j.issn.1008-973x.2004.01.006

2004-01-01

Abstract:With the development of collaboration among enterprises, it is very desirable to securely exchange information between PDMs through Internet. The original user/password mechanism is very weak, unsecure and inflexible. And also,authorization based on PKC(public key certificate) cannot satisfy the temporary relations between enterprises. In order to satisfy the demand of secure information exchanges between enterprises, according with the genernal security management model of PDM system, This paper designed an AC(attribute certificate) model based on PKC. The model was based on TTP architecture to achieve trust between enterprises and automation of enterprises' collaboration, and reduced the startup cost. And it provides not only reliable authentication and data protection, but also flexible access control and secure audit, and effectively implements information exchanges between enterprises. The new model can be well used in the fields of automobile manufacture,electronics,mechanics and so on.

HL Hu,D Chen,CQ Huang

DOI: https://doi.org/10.1109/icsmc.2004.1401072

2004-01-01

Abstract:The idea of role has been widely applied to solving the authority, responsibility, function and interaction, which are associated with member station in organizations. Access control is a key security issue in distributed collaboration systems. After analyzing corresponding security requirements and the present status of security in distributed collaboration system, this paper presents an extensive role-based access control (ERBAC) architecture based on differentiated domain management. In this architecture, security management is classified into inter-domain one and infra-domain one, whilst, it can integrate new security policies. Based on definition of role permission type, the paper introduces a function of permission type change to make ERBAC architecture flexible. In addition, the authors discuss the methods by which the security can be implemented in an agent-based framework. The practices signify that this system can be flexibly applied various existing policy languages and protocols.

Wenan TAN -,Yicheng XU -,Ting ZHANG -,Xiang WEN -,Linshan Cui -,Chuanqun JIANG -

DOI: https://doi.org/10.4156/jdcta.vol5.issue7.16

2011-01-01

International Journal of Digital Content Technology and its Applications

Abstract:Currently, the security issues of Web services are hot area in information system (IS). This research mainly discusses the key technologies of information access control focusing on following works: After analyzing the dynamic characteristic of application nature for Web services, a Dynamic Role-Based Access Control using Context and Trust model (abbreviated as CT-DRBAC) for Web services is proposed. During Web services, both the subject of invoking request and object of providing service resources are dynamic nature. So, access policies are needed to consider the dynamic nature. The proposed model has been developed and the authorization framework is discussed detail. In order to implement the dynamic trust management mechanism, a dynamic user role authorization algorithm which considers the user lifecycle contexts in the open systems is proposed and designed to meet the dynamic characteristic of subject and object effectively, and achieve intelligent and scientific user role assignments. The proposed access control module can be used in intelligent information systems to grant dynamically roles to users according to the current context.

Mang Su,Anmin Fu,Yan Yu,Guozhen Shi

DOI: https://doi.org/10.1109/trustcom.2016.0299

2016-01-01

Abstract:More and more people prefer to obtain information from cloud. Different users tend to access different resources they interested at anytime across different networks by a variety of equipments. As same as the traditional management of file, the lifecycle theory is still suitable the electronic data in cloud computing. Firstly, we analyze the motivation of access control in cloud, and summarize the security requirements for the data management in the whole lifecycle. Second, we propose a resource-centric dynamic adaptive access control model (RCDA), which is extended from the action-based access control (ABAC). RCDA is able to describe other access control models through the way of customization. Furthermore, we give the scheme for implementation of RCDA. Finally, we make the comparisons between the RCDA and other existing models, and the results indicate that RCDA is able to satisfy the security requirements for the whole lifecycle of data by adaptively adjusting the access control policies.

Lu Chen,Qing Zhou,Gaofeng Huang,Liqiang Zhang

DOI: https://doi.org/10.1109/CIS.2014.47

2014-01-01

Abstract:Resource sharing is one of the main applications of network. How to establish a trust relationship between resources requestor and provider, and enforce authority is the key issue of efficient resource sharing. Existing models and methods are mostly focus on identity, recommendation and other information, but lack of the considering of resource requestor's conduct and environment of computing. And once authorized, it will not be able to track and control user behavior dynamically. It may cause more risks when sharing resources. Aiming to resolve the above problems, a trust-role based context aware access control model is proposed relying on the measurement and verification of the \"trust credentials and evidences\" which embody the context information of user behavior and platform environment to achieve the security, dependable and dynamic access control for resource sharing.

Zheng Xiao-lin,Lei Yu,Chen De-ren

DOI: https://doi.org/10.1007/s11460-006-0089-x

2006-01-01

Frontiers of Electrical and Electronic Engineering in China

Abstract:An integrated user access control method was proposed to address the issues of security and management in networked manufacturing systems (NMS). Based on the analysis of the security issues in networked manufacturing system, an integrated user access control method composed of role-based access control (RBAC), task-based access control (TBAC), relationship-driven access control (RDAC) and coalition-based access control (CBAC) was proposed, including the hierarchical user relationship model, the reference model and the process model. The elements and their relationships were defined, and the expressions of constraints authorization were given. The extensible access control markup language (XACML) was used to implement this method. This method was used in the networked manufacturing system in the Shaoxing spinning region of China. The results show that the integrated user access control method can reduce the costs of system security maintenance and management.

Xiuli Ma,Zehao Wang

DOI: https://doi.org/10.1016/j.heliyon.2024.e28571

IF: 3.776

2024-03-25

Heliyon

Abstract:The global e-commerce market is expanding rapidly as the big data era advances and the e-commerce industry thrives. This paper aims to discuss the application of computer security technology in constructing an e-commerce platform business model. The research aims to find effective security technology solutions to strengthen the security of e-commerce platforms, protect user information and rights, and enhance the sustainable development of business models. Big Data-assisted E-Commerce Business Model (BD-ECBM) construction is discussed to overcome the e-commerce platform issues and positively impact marketing strategy decision-makers by raising their level of awareness. The business decision-making process is a series of steps that help businesses overcome obstacles by collecting relevant data, analyzing all relevant alternatives, and settling on a course of action. Big data analytics can improve business management with data fusion technology in many ways. The system's framework of the information service layer, the application-level layer, and the client session layer was developed using the Business model paradigm for accounting for e-past, commerce's capabilities of the platform, and an analysis of supply and demand. It can monitor its rivals in near real-time, adjusting prices, offering more attractive deals, and analyzing negative customer comments to see if it can outperform its rivals. The trial results demonstrate the effectiveness of this method of making marketing decisions and formulating a strategy. Hence, the BD-ECBM technique improves customers' overall satisfaction and experience with the brand while raising the latter's profile.

Lihua Yu,Gang Chen,Ke Chen,Jinxiang Dong

DOI: https://doi.org/10.1109/cscwd.2006.253101

2006-01-01

Abstract:Collaborative design and application integration emphasize the demand for database security. Database encryption is widely adopted to ensure data privacy, which can prevent attacks from both outside intruders and inside malicious users. Current researches on this area are mainly focusing on encryption algorithms, key management and encryption efficiency. However, data sharing nature of database system is usually neglected. In this paper, we propose an access control model, 3S-RBAC, which enables data sharing while guaranteeing privacy. The model has many features: the novel concept of strong permission and weak permission; the hierarchy of database objects and keys; the permission and key inheritance; the binding of keys and permissions. Implementation in OSCAR Secure DBMS shows that the model is flexible, secure, practical, and can be integrated easily into existing enterprise applications.

Hongzhi Li,Dun Li,Wei Liang

DOI: https://doi.org/10.1007/s10586-024-04524-1

2024-05-30

Cluster Computing

Abstract:The application of healthcare systems has led to an explosive growth in personal electronic health records (EHRs). These EHRs are generated from different healthcare institutions and stored in cloud data centers, respectively. However, data owners lose the authority to control and track their private and sensitive EHRs. In fact, data owners cannot establish rules for EHRs exchanging and sharing, nor can they verify the integrity of EHRs stored in semi-trusted clouds. Hence, an individual-centric access control framework is required to realize data access control. In this study, we construct a data access control framework, which integrates decentralized smart contracts and role-based access control (RBAC) to provide fine-grained data access control services. The key ideas of this schme includes: (1) a fine-grained access control framework for EHRs is proposed to achieve trusted access control; (2) a personalized policies definition mechanism is adopted to achieve patient-centric data access control; (3) a integrity checking mechanism for the shared EHRs is implemented to ensure the availability of medical records. Finally, we analyze the security properties of this scheme and develop a prototype system to evaluate its performance. Both theoretical analysis and experiment results demonstrate that this scheme can provide fine-grained access control and efficient integrity checking services for EHRs.

computer science, information systems, theory & methods

LIN Chuang,FENG Fu-Jun,LI Jun-Shan

DOI: https://doi.org/10.1360/jos180955

2007-01-01

Abstract:Access control is an important technology for system security, and its mechanism is different for different networks. This paper first introduces the characteristics and applications of three traditional access control policies which are DAC (discretionary access control), MAC (mandatory access control) and RBAC (role-based access control), introduces the UCON (usage control) model, and then analyzes access control technology and current researches in Grid, P2P and wireless environment respectively. In addition, this paper proposes that trustworthy networks as the developing goal of the next generation Internet require using trust-based the access control model to assure security. This paper investigates on the trust and reputation model in detail, and finally gives the prospects of access control.

Rui Zhang,Fausto Giunchiglia,Bruno Crispo,Lingyang Song

DOI: https://doi.org/10.1007/s11277-009-9782-4

IF: 2.017

2009-01-01

Wireless Personal Communications

Abstract:Context-aware computing is an important aspect of the pervasive computing environment and its various dynamic context information brings new challenges to access control systems. In this paper a new access control model, relation based access control (RelBAC), is provided for context-aware environment with a domain specific Description Logic to formalize the model. The novelty of RelBAC is that permissions are formalized as binary relations between subjects and objects which could evolve with the dynamic contexts. The expressive power of RelBAC is illustrated in a case study of a project meeting event.

Wang Haoyu

DOI: https://doi.org/10.1109/iccis.2012.213

2012-01-01

Abstract:There has been increasing challenges in the effective structure of crucial information for effectual information security, personal privacy and data protection. Especially, when in an age of e-commerce, risks and threats from e-commerce transaction have been keeping rising up. Both new ways of cyber information security and security breach, which have affected people's life in some particular aspects, are stated and renewed all the time. Because of the specific characteristics of carrying out online transaction, data transition plays a very heavy role in personal information security, and also, it incurs security breaches.

Xiao Yu,Yueting Chai,Yi Liu

DOI: https://doi.org/10.1109/ISECS.2009.184

2009-01-01

Abstract:With the rapid development of e-commerce, electronic contracts are not secure enough for both businessmen and government, due to the absence of authentication, integrality, non-repudiation, uniform specification and centralized management. We propose that e-contract should involve digital signature as its primary element, and the E-Contract Record Center should be introduced into the management of e-contract. In this paper, we present a model for electronic contract enactment, monitoring and management based on the security view. Additional, a framework for e-contract management is presented with the purpose of regularizing the e-commerce market, protecting businessmen’s right and interests, and facilitating governmental monitoring of the e-commerce market, where we define a lifecycle of e-contract and recounted the establishment process of e-contract. Finally, we present implement architecture for the model and framework given above, which give the service and module design of two systems: e-contract system and ECRC system.

Saiyu Qi,Yuanqing Zheng,Mo Li,Yunhao Liu,Jinli Qiu

DOI: https://doi.org/10.1109/ICNP.2014.28

2016-01-01

Abstract:By attaching RFID tags to products, supply chain participants can identify products and create product data to record the product particulars in transit. Participants along the supply chain share their product data to enable information exchange and support critical decisions in production operations. Such an information sharing essentially requires a data access control mechanism when the product data relate to sensitive business issues. However, existing access control solutions are ill-suited to the RFID-enabled supply chain, as they are not scalable in handling a huge number of tags, introduce vulnerability to the product data, and perform poorly to support privilege revocation of product data. We present a new scalable industry data access control system that addresses these limitations. Our system provides an item-level data access control mechanism that defines and enforces access policies based on both the participants’ role attributes and the products’ RFID tag attributes. Our system further provides an item-level privilege revocation mechanism by allowing the participants to delegate encryption updates in revocation operation without disclosing the underlying data contents. We design a new updatable encryption scheme and integrate it with ciphertext policy-attribute-based encryption to implement the key components of our system.

Saurav Ghosh,Reshmi Mitra,Indranil Roy,Bidyut Gupta

2024-12-05

Abstract:Ensuring security for highly dynamic peer-to-peer (P2P) networks has always been a challenge, especially for services like online transactions and smart devices. These networks experience high churn rates, making it difficult to maintain appropriate access control. Traditional systems, particularly Role-Based Access Control (RBAC), often fail to meet the needs of a P2P environment. This paper presents a blockchain-based access control framework that uses Ethereum smart contracts to address these challenges. Our framework aims to close the gaps in existing access control systems by providing flexible, transparent, and decentralized security solutions. The proposed framework includes access control contracts (ACC) that manage access based on static and dynamic policies, a Judge Contract (JC) to handle misbehavior, and a Register Contract (RC) to record and manage the interactions between ACCs and JC. The security model combines impact and severity-based threat assessments using the CIA (Confidentiality, Integrity, Availability) and STRIDE principles, ensuring responses are tailored to different threat levels. This system not only stabilizes the fundamental issues of peer membership but also offers a scalable solution, particularly valuable in areas such as the Internet of Things (IoT) and Web 3.0 technologies.

Cryptography and Security,Distributed, Parallel, and Cluster Computing,Networking and Internet Architecture,Systems and Control

Jinlu Liu,Jing Qin,Wenchao Wang,Lin Mei,Huaxiong Wang

DOI: https://doi.org/10.1016/j.csi.2023.103800

IF: 3.721

2023-10-18

Computer Standards & Interfaces

Abstract:Cloud computing has become the priority for users to store and share data due to its numerous tempting advantages. The "encryption-before-outsourcing" mechanism is necessary to protect data privacy against the semi-trusted cloud server. Key-Aggregate Cryptosystem (KAC) is a novel encryption paradigm for cloud data sharing. It enables users to decrypt multiple data encrypted with different keys using a constant size aggregate key. When selectively sharing data, the KAC effectively addresses the challenges of expensive key management in symmetric encryption (SE) and eliminates the need for multiple copies of ciphertexts in public key encryption (PKE). However, previous KAC schemes can only control what data users are allowed to receive by distributing aggregate keys, but not what data users can send. This limitation could potentially allow a malicious data owner to leak sensitive information by distributing aggregate keys to unauthorized users. Therefore, this paper aims to design the key-aggregate cryptosystem with bidirectional access control, which can control both what the user can receive and what the data owner can send. Inspired by access control encryption (ACE), we first propose a key-aggregate based access control encryption with user level (KA-ACE-UL) system that can control whether a sender can share his data with a receiver. Then, we investigate a finer-grained access control policy and propose a key-aggregate based access control encryption with user-data level (KA-ACE-UDL) system that can control the data classes a sender can share with a receiver. We instantiate the KA-ACE-UL and KA-ACE-UDL schemes based on Chu et al.'s KAC scheme. We prove our proposed schemes can achieve both secure data storage and controlled data sharing, ensuring security against unauthorized receivers and malicious senders. Finally, theoretical performance analysis and practical experiments show the efficiency of our proposed schemes.

computer science, software engineering, hardware & architecture