Di Wu,Yabo Dong,Jian Lin,Miaoliang Zhu

DOI: https://doi.org/10.1007/11563952_52

2005-01-01

Abstract:The fast development of E-Commerce and information technology brings much higher requirements for enterprise informationization. Because of the differences in platforms, development languages and standards etc, enterprise application integration (EAI) has become the important form of enterprise informationization to support complex business processes. Web services have emerged as the next generation of integration technology which provides the power to support interoperability. However EAI doesn’t just present new interoperability challenges; it also presents serious privacy and security challenges. This paper presents security architecture of Web Services based EAI which uses distributed Single Sign On authentication and distributed Role-based Access Control authorization. The basic concept and prototype system of the security architecture are described in detail.

ZHENG Lan,CHEN Qi

DOI: https://doi.org/10.3969/j.issn.1000-7024.2005.07.058

2005-01-01

Abstract:With the rapid growth of internet and enterprises on a global scale, the use of directories as accessible repositories providesa flexible and various solution for gathering, storage and accessing information. The design and implementation of an unified accesscontrol system supporting single-sign-on areintrodueed, whichis based on LDAPdirectory and combines access controls ofall applicationsystems to realize security access system of unified users management. The system used middleware technology to efficiently resolvethe bottleneck problem when a lot of users accesed LDAP database.

Beibei Shao

2009-01-01

Abstract:The service-oriented architecture (SOA),which is utilized for application system integration for group enterprises, can adapt to the heterogeneous and distributed features of the systems, but has problems that challenge the system security. A cross-domain access control scheme is presented for enterprise applications to resolve the SOA security problems. The core idea is to build a uniform agent-based authentication and authorization system based on the conventional SOA implement model, which achieves shared management and access control of the service resources on the enterprise service bus (ESB) to ensure safe, reliable access across the security domains. This scheme enhances the syetem security, scalability and alterability in the informatization construction of large group enterprises.

ZJ He,T Phan,TD Nguyen

DOI: https://doi.org/10.1109/reldis.2005.17

2006-01-01

Journal of Computers

Abstract:We propose and evaluate a novel framework for enforcing global coordination and control policies over interacting software components in enterprise computing environments. This framework combines a per-node reference monitor with two existing coordination and control systems to enforce policies that, among other properties, are stateful and communal. Each reference monitor filters messages exchanged between the interacting software components similar to a firewall, passing only messages that are allowed by the policies in effect. This filtering approach decouples coordination and control from application implementation, allowing the coordination and control mechanism and application implementations to evolve independently of each other. We demonstrate the power of our framework by using it to specify and enforce an RBAC policy with delegation, revocation, and separation-of-duty over accesses to a cluster of NFS and SMB file servers without changing any client or server implementations. Measurements show that our framework imposes acceptable overheads when enforcing this policy.

Yunfei Meng,Zhiqiu Huang,Senzhang Wang,Yu Zhou,Guohua Shen,Changbo Ke

DOI: https://doi.org/10.48550/arXiv.1908.10201

2019-08-23

Cryptography and Security

Abstract:Service-oriented architecture (SOA) system has been widely utilized at many present business areas. However, SOA system is loosely coupled with multiple services and lacks the relevant security protection mechanisms, thus it can easily be attacked by unauthorized access and information theft. The existed access control mechanism can only prevent unauthorized users from accessing the system, but they can not prevent those authorized users (insiders) from attacking the system. To address this problem, we propose a behavior-aware service access control mechanism using security policy monitoring for SOA system. In our mechanism, a monitor program can supervise consumer's behaviors in run time. By means of trustful behavior model (TBM), if finding the consumer's behavior is of misusing, the monitor will deny its request. If finding the consumer's behavior is of malicious, the monitor will early terminate the consumer's access authorizations in this session or add the consumer into the Blacklist, whereby the consumer will not access the system from then on. In order to evaluate the feasibility of proposed mechanism, we implement a prototype system. The final results illustrate that our mechanism can effectively monitor consumer's behaviors and make effective responses when malicious behaviors really occur in run time. Moreover, as increasing the rule's number in TBM continuously, our mechanism can still work well.

Wei Meng,Fengmin Li,Juchen Pan,Song,Jiali Bian

DOI: https://doi.org/10.1117/12.2265215

2017-01-01

Abstract:The development of mobile computing, cloud computing and distributed computing meets the growing individual service needs. Facing with complex application system, it's an urgent problem to ensure real-time, dynamic, and fine-grained data access control. By analyzing common data access control models, on the basis of mandatory access control model, the paper proposes a service-oriented access control model. By regarding system services as subject and data of databases as object, the model defines access levels and access identification of subject and object, and ensures system services securely to access databases.

Chen Zhao,Yang Chen,Dawei Xu,NuerMaimaiti Heilili,Zuoquan Lin

DOI: https://doi.org/10.1007/11563952_54

2005-01-01

Abstract:In enterprise environment, security becomes increasingly important and costly. Enterprises are struggling to protect the increasing amount of disparate resources. Simple patchwork of security controls no longer suffices. Enterprises require a comprehensive solution that provides centralized security management, from authentication, to authorization and to auditing. To this end, we present a design and implementation of an integrative security management solution for Web-based enterprise applications, WebDaemon. It provides Single Sign-On to multiple Web applications. It also provides restricted access to Web-based content, portals, and Web applications based on Role-Based Access Control (RBAC) policies. The WebDaemon can help enterprises secure all Web resources with consistency of policy management and reduced administrative costs.

ZHANG Jian-jun,ZHANG Qun,ZHANG Li

DOI: https://doi.org/10.3969/j.issn.1003-5060.2006.07.028

2006-01-01

Abstract:How to build an effective access control is very important to the security and reliability of the enterprise information management system(EIMS).In this paper,a kind of flexible object-oriented access control(FOOAC) model is presented based on the analysis of requirements of real access control and access control models of related information management systems,especially the role-based access control model.An access controller based on the FOOAC model is given to demonstrate the application of the model.

XIE Dong-wen,LIU Min,WU Cheng

DOI: https://doi.org/10.3969/j.issn.1006-5911.2005.04.020

2005-01-01

Computer Integrated Manufacturing Systems

Abstract:To guarantee the information security in information acquisition and management in enterprises, an Policy-Based Access Control (PBAC) model was proposed. Definition and compositions of PBAC model were introduced. 9 kinds of rules of PBAC in enterprise information system were provided for enterprises to follow. In addition, a universal and extensible solution was advanced. The solution has been successfully applied in some large project management software. Application has indicated that the proposed solution can greatly lessen software development cycle and improve maintainability.

Xu Guangwei,Yin Jianwei,CHEN Gang,Dong Jinxiang

DOI: https://doi.org/10.3969/j.issn.1000-3428.2005.09.026

2005-01-01

Abstract:Current RBAC models have gained general recognition, but the realization of traditional RBAC is divorced from the organizational structure of enterprises, and the tight coincidence of authentication modules and applications causes troubles to maintenance and realization of the system. A principal-based authentication , authorization model and algorithm are introduced and they are based on the realized RBAC models, as well as a J2EE-based realization is presented.

BS Liao,J Gao,J Hu,JJ Chen

DOI: https://doi.org/10.1109/icmlc.2004.1380585

2004-01-01

Abstract:Presently, resource sharing and integration within or cross enterprises (organizations) based on Web services, semantic Web and agents, are developing rapidly. However, different level of requirements of enterprise applications, and dynamic nature of Web services and application requirements, result in increasing complexities of management of Web services and related agents. This paper proposes a federated multi-agent system for autonomic Web services control. The main point of this paper is to propose an approach based on hierarchical architecture-oriented agent federations to control the internal cooperation and external coordination and transaction of Web services. In addition, an agent infrastructure to realize this system was developed and a simulated test was conducted successfully.

白佳,黄罡,刘钊,刘天成,郑子瞻,梅宏

2004-01-01

Abstract:Reflective middleware opens up the implementation details of middleware platform and applications at runtime to improve the adaptability of traditional middleware.However,such openness brings new threats to security of middleware platform and applications.This paper studies how to protect a reflective J2EE application server with a set of access control mechanisms.At first,a computation model of reflective middleware is built up and illustrates that the access control of reflective middleware is far more complex and difficult to implement than that of traditional middleware.With the model,all potential access control points are identified while only some of the points require access control mechanisms.It reveals that the complexity and cost of the access control framework are mainly related to the concrete implementation of reflective mechanisms.At last,the framework is implemented mainly by reusing the access control mechanisms existing in traditional middleware and the performance is evaluated.

Lianshan Sun,Gang Huang,Yanchun Sun,Hui Song,Hong Mei

DOI: https://doi.org/10.1109/qsic.2008.4

2008-01-01

Abstract:Access control of sensitive resources is a widely used means to achieve information security. When building large-scale systems based on popular commercial component middleware, such as J2EE, a usual way to enforce access control is to define access control configurations for components in a declarative manner. These configurations can be interpreted by the J2EE security service to grant or deny access requests to components. However, it is difficult for the developers to define correct access control configurations according to complex and sometimes ambiguous real-world access control requirements. The difficulties come from mainly the complexity of configuring voluminous component methods in large-scale component based systems and some quality constraints on the configurations, for example, the completeness, consistency and performance overhead of configurations. In this paper, we propose a requirements model driven approach for automatic generation of J2EE access control configurations and demonstrate the approach in a J2EE blueprint application.

Jingfan Tang,Zhijun He

DOI: https://doi.org/10.1109/cscwd.2006.253075

2006-01-01

Abstract:This paper presents a novel model to support security in dynamic cooperation of cross-enterprise services. With the extended WSDL description and through the replication technique, the service replica can be dynamically deployed and executed on the optimum cross-enterprise server, which is selected from the registered servers in the enhanced UDDI center according to the server evaluation function. In order to ensure the safety and dynamically sharing of the cross-enterprise resources among the Web services, a security mechanism of trusted right delegation is introduced

丁勇,孙静,祁国宁,顾新建,陈芨熙

DOI: https://doi.org/10.3969/j.issn.1009-0134.2002.11.008

2002-01-01

Abstract:The computer applications of enterprises become deeper and wider with the developmentof the network. The conventional application architecture has not satisfied the need ofenterprises already. So J2EE (Java 2 Enterprise Edition) comes out. The architecture ofJ2EE and the advantage for using it to realize the enterprise application system arepresented in the paper. A networked modeling system based on J2EE has been developedin the paper. The key technologies and developing process of the system are discussed.The functions of the transforming from model to code and the analyzing of cost havedeveloped in this modeling system besides some conventional modeling functions whichinclude the management of users and models、the building of models、the simulationof models and so on.

Feng Xiang,Gan Ling,Ni Kai,Zhang Chao

DOI: https://doi.org/10.3969/j.issn.1000-386X.2007.10.022

2007-01-01

Abstract:Authorization access control is an essential and important module in MIS.Traditional authorization control needs to be improved on coupling and reusability.A Web service based authorization access control method is designed.By abstracting the basic functions in the field of authorization access control,and setting the authorization intonation into a five-tuple table in database,the functions of authorizatin access control are separated.The authorization access control method is made to run as Web Service,and thus the model is of low coupling,high reusability,and can be easily used in different applications running on isomerism environment.

Yuan Shuhong,Zhu Miaoliang,Yun Xia,Wu Di

DOI: https://doi.org/10.3969/j.issn.1000-386X.2008.01.048

2008-01-01

Abstract:Traditional Enterprise Application Integration(EAI) solutions lacking the support of the united standard have difficulties in resolving the main security problems such as authentication and authorization.To solve these problems,a brand new application integration security architecture based on Web Services WSSA-EAI is proposed.Web Services are applied to create general access interface,and SSO(Single Sign On) authentication and RBAC(Role-based Access Control)authorization are combined.A united EAI security architecture which is easy for maintenance is presented..

WU Jing,PENG Qi-rui,LI Qing,LIU Yong-qing

DOI: https://doi.org/10.19304/j.cnki.issn1000-7180.2010.08.002

2010-01-01

Abstract:To overcome the universal challenge of distributed application integration for Chinese enterprise groups and solve the problem of shared management and cross-domain access control of the service resources under SOA, a whole web service management method is presented. By designing an infrastructure based on Service-Access-Agent and a global authentication and authorization mechanism, the security of the integrated system is ensured with low cost. Meanwhile, by using a registration service based on global unique ID and dynamic invocation mechanism, the agility and loose coupling of SOA are improved. The good adaptability and practical value of the method has been shown by engineering application in a typical group enterprise.

Lianshan Sun,Gang Huang,Hong Mei

DOI: https://doi.org/10.1007/978-3-540-87891-9_5

2008-01-01

Abstract:Access control is a means to achieve information security. When we build large-scale systems based on commercial component middleware platforms, such as those compliant to J2EE, a usual way to enforce access control is to define Access Control Configurations (ACCs) for components in a declarative manner. These ACCs can be enforced by the J2EE security service to grant or deny access requests to components. However, it is difficult for the developers to define correct ACCs according to complex and sometimes ambiguous real-world access control requirements. Faults of ACCs in large-scale J2EE applications may inevitably occur due to various reasons, for example ad hoc mistakes of the developers. This paper identifies three kinds of faults specific to ACCs of J2EE applications as incompleteness, inconsistency, and redundancy, presents validation algorithms for identifying these faults according to access control requirements, illustrates these faults and the validation algorithms with an online bank application.

BAO Zhigang,HU Yanjun,GU Xinjian

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.01.059

2006-01-01

Abstract:Firstly making reference to role based access control(RBAC)model,this paper proposes the basic idea about access control.Then it introduces database design of two realizing methods about access control and two methods’ realization in program,it also presents visual effect.Finally it analyzes and compares one to another in detail from two aspects of applicability and reusability.