Zy Xia,Yc Jiang,Yp Zhong,Sy Zhang

DOI: https://doi.org/10.1007/978-3-540-25952-7_4

2004-01-01

Abstract:In this paper, we describe the active network security model from access control and information flow model. We present an access control policy called family tree policy for active network. The family tree policy can correctly represent active network that cannot be correctly modeled by BLP and Chinese wall model. At the same time, we further research the information flow security properties of active network and present the novel methods to research the information flow based on inheriting classes. The properties of information flow are described by properties of the inheriting class inner flow and flow among the different inheriting classes. Research For the inheriting class flow, the classic information flow model can be used. For the flow among the inheriting classes, we present a novel method to research it based on the conception of timestamp and flow.

LI Ya-hong,WANG Jian-guo,PAN Xiao-yan

DOI: https://doi.org/10.3969/j.issn.1000-7180.2005.12.033

2006-01-01

Abstract:The mobile of active networks raise considerable safety and security problems,especially in active node.This paper analyses the access control research actuality and problems for active node resources,and designs the safety and security architecture of access control for active node resources.This paper describes the policy of resource access control with capability,so the policy has dynamic maintenance characteristic.The method for access control based on the roles is adopted in user management.After decoding the user role encapsuled in active packet,we can obtain the method describing policy of access control in policy store,called capability.Access control for active node can be completed by capability.

CH Fang,W Peng,XZ Ye,SY Zhang

DOI: https://doi.org/10.1109/cscwd.2005.194248

2007-01-01

Journal of Software

Abstract:Access control is one of the key steps to ensuring the availability, confidentiality and integrity of system resources. While it has been fully applied in various network systems, it's still relatively new for collaborative CAD. This paper provides a new framework of multi-level access control for collaborative CAD based on hierarchical product modeling. A layered privilege model (LPM) has been developed to provide multi-granularity access permissions in the part level and feature level. An extended hierarchy role-based access control (EHRBAC) is implemented, integrated with LPM and common Hierarchy RBAC, to provide hierarchical access control of collaborative feature modeling in the component/part level and design feature level. Mesh simplification techniques are used to create variable level-of-detail for individual features.

LIU Su-na,PAN Li,YAO Li-hong

2012-01-01

Abstract:N-BLP model for network access control was proposed based on the traditional BLP model.The new model can control the communication behavior between subjects by defining network elements and constructing new states transition rules.Also,the security validation of the model was given using the finite state machine theory.Further,an N-BLP access control prototype system based on LSM architecture and TCP/IP protocol was implemented.The results show that this system can fine-grainedly control the connection establishment and data flow transmission,and guarantee the security of information exchanging between multi-level network systems.

Qin Liu,Tinghuai Ma,Fan Xing,Yuan Tian,Abdullah Al-Dhelaan,Mohammed Al-Dhelaan

DOI: https://doi.org/10.32604/cmc.2020.04949

2020-01-01

Abstract:Nowadays, the scale of the user’s personal social network (personal network, a network of the user and their friends, where the user we call “center user”) is becoming larger and more complex. It is difficult to find a suitable way to manage them automatically. In order to solve this problem, we propose an access control model for social network to protect the privacy of the central users, which achieves the access control accurately and automatically. Based on the hybrid friend circle detection algorithm, we consider the aspects of direct judgment, indirect trust judgment and malicious users, a set of multi-angle control method which could be adapted to the social network environment is proposed. Finally, we propose the solution to the possible conflict of rights in the right control, and assign the rights reasonably in the case of guaranteeing the privacy of the users.

SUN Feixian,LIU Xiaojie,LI Tao,ZHAO Kui,HU Xiaoqin,ZENG Jinquan

DOI: https://doi.org/10.3969/j.issn.1000-3428.2007.12.013

2007-01-01

Abstract:Inspired by principles of the human immune system, a family-gene based model for network access control, referred to as FBAC, is proposed. With the concepts and formal definitions of network-family, family-gene, and gene-certificate of FBAC presented, the bionic mechanisms of gene-assignment, family-rule constitution, and gene-signature for gene-certificate generation are established. The algorithms of network-family construction and family-gene based access control are described. The access control problems, which result from the penetration of conventional authentication mechanisms, are solved, and the defect of ambiguity of subject information in X.509 certificates is overcome. FBAC has a better safety and efficiency than the traditional techniques. It provides an effective novel solution to network security.

Suyun Jiao,Yanheng Liu,Haiyan Hu,Da Wei,Yanzhi Zhang

DOI: https://doi.org/10.1109/WiCom.2008.1211

2008-01-01

Abstract:Formal concept analysis was creatively used in policy based network management in this study. It takes much time for a conflict detection routine to search every policy in policy repository with conventional policy access models to see if conflict occurs before a new dynamic policy is added to the policy repository. A novel access model for dynamic policies was proposed based on classification concept lattice to address this problem. Dynamic policies were organized into a concept lattice to be grouped effectively and stably. Then a conflict detection pre-process algorithm based on the concept lattice was proposed after a policy deployment procedure was designed. The algorithm greatly reduces the number of policies necessary for conflict detection, and increases efficiency of conflict detection. Performance analysis and simulation show that the proposed model is effective.

Kuang Y. Zeng,Jinxiang Zhang,Jiahai Yang

2006-01-01

Abstract:A new model for policy refinement is presented at the application background of CERNET. Using the properties of access control list (ACL) in this model, the policies described in different specification languages are mapped into access control lists, which are distributed to different network devices to enforce. Thus, the complex transformation logic in traditional policy refinement fashion is simplified, especially, security and access control configuration management can be automated.

LIN Chuang,FENG Fu-Jun,LI Jun-Shan

DOI: https://doi.org/10.1360/jos180955

2007-01-01

Abstract:Access control is an important technology for system security, and its mechanism is different for different networks. This paper first introduces the characteristics and applications of three traditional access control policies which are DAC (discretionary access control), MAC (mandatory access control) and RBAC (role-based access control), introduces the UCON (usage control) model, and then analyzes access control technology and current researches in Grid, P2P and wireless environment respectively. In addition, this paper proposes that trustworthy networks as the developing goal of the next generation Internet require using trust-based the access control model to assure security. This paper investigates on the trust and reputation model in detail, and finally gives the prospects of access control.

Kuangyi ZENG,Jinxiang ZHANG,Jiahai YANG

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.11.050

2006-01-01

Abstract:A new model for policy refinement is presented at the application background of CERNET.Using the properties of access control list(ACL) in this model,the policies described in different specification languages are mapped into access control lists,which are distributed to different network devices to enforce.Thus,the complex transformation logic in traditional policy refinement fashion is simplified,especially,security and access control configuration management can be automated

Cheng Zang,Zhongdong Huang,Gang Chen,Jinxiang Dong

DOI: https://doi.org/10.1109/CSCWD.2006.253234

2006-01-01

Abstract:The access control architecture using state-transfer-based dynamic policy is proposed to make access control more flexible and dynamic. This architecture can dynamically change the policy according to a state-transfer composed of a previous state and a current state. It can indicate the tendency of the system by using both previous and current information in order to decide a more appropriate policy to the current system and future condition. And there are two steps in this dynamic policy method, one is deciding a partial-state and the other one is deciding a state, two dynamic policy decision layers are included into this architecture in order to manage these two steps

ZENG Kuang-yi,YANG Jia-hai

DOI: https://doi.org/10.3969/j.issn.1000-1220.2007.02.006

2007-01-01

Abstract:Policy refinement and policy conflict resolution are two of the toughest issues in implementing a policy-based network management (PBNM) system. Based on a brief review of general PBNM theories and specific access control technologies, the paper proposed a novel policy-based network management model, which adopts XML as the high level policy description language, and uses the generalized access control list(ACL) as an intermediate refining mechanism, focusing on network security and QoS management. Some critical issues and their solutions, including policy representation, policy refinement, and policy conflict policy detection, are discussed. A formula representation of the policy conflict issue is given with several important inferences. The effectiveness and efficiency of the model is verified by the implemented prototype.

JIAO Su-yun,LIU Yan-heng,WEI Da

DOI: https://doi.org/10.3969/j.issn.1000-436x.2011.02.004

2011-01-01

Abstract:A new access model for dynamic polices was proposed after disadvantages of other access models and advantages of concept lattice in getting the intersection set of attribute values for two policies was analyzed.The new access model was based on classification concept lattice.Dynamic policies were organized into a concept lattice according to the partial order relation among their attribute values.A novel conflict detection algorithm was proposed based on concept lattice to greatly increase efficiency of conflict detection.The intersection set of attribute values for two policies was got by searching parent-child concepts in the lattice,meanwhile the conflict detection space was reduced.The performance of the conflict detection algorithm was analyzed.Results of simulation show that the algorithm is effective.

袁平鹏,陈刚,董金祥

DOI: https://doi.org/10.3321/j.issn:1003-9775.2004.04.006

2004-01-01

Abstract:An access control paradigm composed of basic model and role model is proposed for collaborative applications. Basic model specifies the relationship among privileges and the way of ranking privileges. It relates privilege with operations on the objects, so the model appears more straightforward. Moreover, if Brokers' implementation permits, the model can support any grained access control. Role model re-defines the role concept of RBAC96, divides the permissions of role into public permissions, protect permissions and private permissions. It allows user to define roles more flexibly, prevents private permissions of roles from being inherited and reduces the definition of ancillary roles.

Chenghua Tang,Changzhen Hu

2006-01-01

Abstract:Based on analyzing the new characteristics of the access control requirement,the paper proposed the uniform extensible and transplantable rule,policy and decision,making algorithm to realize the access and control of the fine-grained network resources.

LIU Li,LI Jin-sheng,HONG Pei-lin,ZHU Wen-tao

DOI: https://doi.org/10.3969/j.issn.0255-8297.2005.02.023

2005-01-01

Journal of Applied Sciences

Abstract:The current multicast model provides no access control mechanism. Any host can send data directly to a multicast address or join a multicast group to become a member. After analyzing the different types of multicast participants and the requirements of access control, a multicast access control system based on policy ACL is put forword. And after the model of this system is given, the process of requesting, replying and ACL configuration of the host access is also elucidated in this paper.

LIN Chuang,FENG Fu-Jun,LI Jun-Shan

2007-01-01

Abstract:Access control is an important technology for system security, and its mechanism is different for different networks. This paper first introduces the characteristics and applications of three traditional access control policies which are DAC (discretionary access control), MAC (mandatory access control) and RBAC (role-based access control), introduces the UCON (usage control) model, and then analyzes access control technology and current researches in Grid, P2P and wireless environment respectively. In addition, this paper proposes that trustworthy networks as the developing goal of the next generation Internet require using trust-based the access control model to assure security. This paper investigates on the trust and reputation model in detail, and finally gives the prospects of access control.

Jue Wang,Li Zhou,Chengxiang Tan

DOI: https://doi.org/10.1109/WCSE.2009.709

2009-01-01

Abstract:A model based on Bell-LaPadula model is proposed for access control in hierarchical organizations which have hierarchical units. These units include departments, staff and a new concept named post. In the model proposed by this paper, relationships among units in organization are built, and security tags can be assigned to subjects and objects simply. The interoperation among different departments is implemented through assigning multiple security tags to one post, and the more departments are closed on the organization tree, the more secret objects can be exchanged by the staff of the departments. The access control matrices of the department, post and staff are defined. By using the three access control matrices, a multi granularity and flexible discretionary access control policy is implemented. The outstanding merit of the BLP model is inherited, and the new model can guarantee that all the information flow is under control. Finally, the study shows that the proposed model is more flexible.

Feixian Sun,Xiaojie Liu,Tao Li,Jinquan Zeng Ji Lu,Lingxi Peng

DOI: https://doi.org/10.3969/j.issn.1000-1220.2007.04.003

2007-01-01

Abstract:Inspired by the natural trust principle of mankind, a family-gene based model, referred to as FBNA, for network authentication is proposed. With the concepts and formal definitions of network-family, family-gene, aberrance-gene, and family-member of the model presented, the algorithms of network-family construction, gene-assignment, gene-certificate generation, and authentication based on family-gene are described. Simulation results show that the proposed method has a better safety and efficiency than traditional techniques. Thus, it provides an effective novel solution to network security.

Peisheng Han,Li Guo,Luyao Liu

DOI: https://doi.org/10.1109/eiecs53707.2021.9588053

2021-01-01

Abstract:Aiming at the problem of illegal access in cross domain access control in multi-level system, this paper proposes a D-BLP dynamic cross domain access control model by improving the BLP access control model. The set of secure labels is used to track the information flow in the system to ensure that the information can't be flowed to non-authorized subjects. Finally, the security of the model is proved by using the non-interference theory.