He Guo,Guoji Lu,Yuxin Wang,Han Li,Xin Chen

DOI: https://doi.org/10.1007/978-3-642-16515-3_25

2010-01-01

Abstract:Access control comprises different kinds of access control policies. This paper proposed an RBAC-based access control integration framework to achieve and manage various access control policies during legacy system integration. Permission is defined as tasks, and tasks are extracted and organized as tree structure for each system. Then, a global task tree and an integrated policy library are generated for the integrated system to reorganize access control policies of different legacy systems. Additionally rules for authorization management are given to carry out further authorization. A case study is demonstrated to depict the proposed framework is a feasible and flexible solution for access control integration.

Lin Yao,Xiangwei Kong,Zichuan Xu

DOI: https://doi.org/10.1109/NCM.2008.75

2008-01-01

Abstract:Although RBAC models have received broad support as a generalized approach to access control, the administration of roles in large organizations can become quite cumbersome. In this paper, we develop a new paradigm for access control and authorization management, called task-role based access control (TRBAC) with multi-constraint. The basic idea of this model different from traditional RBAC is that roles and permissions are not connected directly but are put together by tasks. It is a dynamic authorization model with fine-grained partition on users, roles, tasks and sessions. The unit of task becomes the permission granularity. It is more convenient for enterprise privilege management such as distributed application,C/S access control and workflow management. It can reduce the administrator's burden and avoid some potential safety hazards because of adopted dynamic authorization.

黄益民,杨子江,平玲娣,潘雪增

DOI: https://doi.org/10.3785/j.issn.1008-973x.2004.04.005

2004-01-01

Abstract:The traditional role-based access control (RBAC) model was extended in this work aimed at studying practical ways to implement access control, enforce security administration, and acquire available information from real world to construct an access control model and establish security policies. A three-layered architecture for role-based security administration was proposed. And a practical way was presented to implement role-based access control and role-based security administration ,so that cross-platform role-based access control is implemented automatically and systematically in the security administration system.

LI Han,GUO He,FENG Xin,WANG Yu-xin,YANG Yuan-sheng

DOI: https://doi.org/10.3969/j.issn.1000-1220.2012.07.025

2012-01-01

Abstract:Role-based access control is currently accepted as the most commonly used and advanced access control policy.Since it is primarily applied to ensure the security of new software systems rather than legacy systems,an approach is proposed to reengineering legacy access control policies.The approach defines a transformation oriented access control policy language,studies the method of exacting legacy access control policies and gives a set of transformation rule and an algorithm to achieve access control policy reorganization.A case study is demonstrated to depict the proposed approach is a feasible approach to improve the performance of legacy access control policies by introducing roles and role hierarchy.

任魁,王普,李亚芬

DOI: https://doi.org/10.3969/j.issn.1671-0428.2008.09.012

IF: 5.105

2008-01-01

Computers & Security

Abstract:In developing and application of information systems, there are some disadvantages in classic access control based-on role of the real application system. This paper shows a application based on the RBAC model and improves the classic model. Then we use this model in the management of resources. In realizing the whole access control, this paper analyzes and realizes the permission management and access control policy in two dimensions, functional permission dimension and resource permission dimension. Via this analyzing and designing, we separated the whole access control from the business process of systems, including the separation of functional permission and the separation of resource permission. It helps to improve the flexibility and expansibility of systems.

Han Li,Hongji Yang,Feng Chen,He Guo,Yuansheng Yang

DOI: https://doi.org/10.1504/IJCAT.2011.045410

2011-01-01

International Journal of Computer Applications in Technology

Abstract:Role-Based Access Control (RBAC) is accepted as the most commonly used access control policy; however, it is mainly used during the development of new software systems. In this paper, an approach to reengineering RBAC into legacy systems by applying program transformation is proposed. Wide Spectrum Language (WSL) and MetaWSL are extended. Transformation rules, algorithm and operations for further authorisation management are defined to support access control reorganisation. A case study is demonstrated on a prototype tool FermaT-based Access Control Reorganisation (F-ACR). The result shows that it is a feasible and promising approach to enforcing RBAC in legacy systems.

Wang Zhenjiang,Liu Qiang

DOI: https://doi.org/10.3321/j.issn:1002-8331.2005.35.009

2005-01-01

Abstract:Authority Management is a most important aspect of Information Systems.A successful information system is always supported by a well-designed access control system.Role-based access control policy,which is the focus of access control study nowadays,is more flexible and less management burden.Based on Role-Based Access Control(RBAC) and Task-Role-based Access Control,this paper gives a flexible extended access contrl models,XRBAC,standing for Extended Role-Based Access Control,which extends the definition of role management and authority.

吴江栋,李伟华,安喜锋

DOI: https://doi.org/10.3969/j.issn.1000-3428.2008.20.019

2008-01-01

Abstract:A method of finely granular access control based on RBAC is brought forward after the discussion of the access control model based on role.This paper proposes the idea about finely granular access control,decomposes the access privilege of sources to less granularity,and the privilege is assigned to role,then access control can be managed easily by defining the user of the role and the inherit of roles.The validity of method is proved by the successful system of finely granular access control based on RBAC.Design and implementation process of the method have referenced value to similar software's development.

LI Bo,HUANG Dong-jun

DOI: https://doi.org/10.3969/j.issn.1006-8937-B.2006.04.001

2006-01-01

Abstract:The paper analyzes and compares several primary ways to distribute privileges during the current design process of access system such as Discretionary Access Control(DAC), Mandatory Access Control (MAC) and Role-Based Access Control (RBAC), points out their respective characteristics and limitations of their applicability. By taking the new characteristics of modern enterprise management into consideration and combining with the existing access control model, the authors discuss the access control technology of the multi-users information system, present and realize the security control model based on role level, department level and user level in the application. Practical application makes clear that it enhances the security and maintainability of information system.

Lu Pengyu,Song Hui,He Liangjun

2010-01-01

Abstract:To satisfy the requirements of secure among enterprise information system, access control seemed as an information security technology has been used in more and more modern enterprises. Administration of an RBAC system using role based approach has become very appealing because of the benefits that a role-based approach typically brings. In this paper, the scope of traditional RBAC models is carried out and requirements of privilege management based on B/S mode are analyzed. The persistence layer, business layer and control layer of system are implemented under the framework of integration of spring and Hibernate by Struts2.0. Compared with the current privilege management infrastructures, because the struts2.0 framework is integrated with different kinds of frameworks, the interoperability of the system has been achieved. Based on the Filter mechanism, the authorized authentication is implemented conveniently. And the flexibility of permission maintenance has been provided by the design of resource entity.

JING Dong-sheng,YANG Ji-wen

DOI: https://doi.org/10.3969/j.issn.1673-629x.2006.02.071

2006-01-01

Abstract:The research work of RBAC(role-based access control) and TBAC(task-based access control) is greatly emphasized in recent years.This paper compares the characteristics and applicability spectrum of some recent models.To the deficiency of the existing model,in order to improve the security,compatibility and practicability of application systems,through combining the advantages of RBAC and TBAC model,a new-type model,T-RBAC(task-role based access control),is discussed.The configuration and characteristics of the model is described.The support of least privilege,separation of duties,data abstraction and roles hierarchies in the model is explained.An application of the model in computer supported cooperative system and the main goal of future research is presented.

Yan Chen,Chao Luo,Can Ying Huang,Shang Ping He

DOI: https://doi.org/10.4028/www.scientific.net/aef.6-7.273

2012-01-01

Advanced Engineering Forum

Abstract:As a key access control mode that multiple characters application system is presently used , RBAC(Role-Based Access Control) can solve the problem of dynamic multi-users and multiple characters excellently, but when facing complicated resource types and business processes, it must be expanding on that basis. The article has put forward and realized a permissions model which can solve complicated resource system and business processes—resource model.

Lei Jun

DOI: https://doi.org/10.3969/j.issn.1008-5483.2006.03.014

2006-01-01

Abstract:The implementation of RBAC(Role-Based Access Control) security policies was introduced,including RBAC control flow and datasheets of implementing RBAC,etc.Parts of RBAC policies were presented to meet the system requirements,and the attentive problems were pointed out.Finally,Java codes of implementing role capability constraint were given.

Wei REN,Jin QIN

DOI: https://doi.org/10.14004/j.cnki.ckt.2015.3195

2015-01-01

Abstract:The authors present some kinds of technology regarding as access control of management based on RBAC[1](role-based access control).In the advanced educational management system,we use RBAC to solve privilege problem,and the model-RBAC can enforce the security of the system.RBAC has realized the logic separation of the users and the access permission and re-duced the complexity of the authorization management as well as the cost of the management.The model implemented by Java using S2SH framework[2].The entire system based on 3-tier architecture[2].

Li Qi,Xu Mingwei,Zhang Xinwen

DOI: https://doi.org/10.1109/ICDCS.Workshops.2008.26

2008-01-01

Abstract:Role-based Access Control (RBAC) has been widely deployed in many distributed systems in recent years. However, in many large-scale enterprise environments, it is difficult to manage RBAC because of the huge number of users and roles, and complex interrelationships between them. Moreover, with the development of information and communication technologies, many temporal and ad hoc collaborations between groups and departments are emerging, which require dynamic user-role and permission-role assignments. In thesescenarios it is infeasible, if not impossible, for few security officers to administrate the assignment for various applications. In this paper, we propose a novel RBAC model for decentralized and distributed systems. As one of the main contributions, we also propose a decentralizedadministration model to address the management issues in traditional RBAC systems, Our model can be used for group-based applications with dynamic assignments where typically local (group-level) administrators take charge of the dynamic assignments. In this way, many administrativetasks for different applications can spread over many different local administrators, and a fine-grained administration model of RBAC based on the local administration policies is realized. As a proof-of-conceptsystem, we implemented a secure Spread prototype based on our proposed model to show the feasibility in the real applications.

XIA Ming-chao,WU Jun-yong,WU Ming-li

DOI: https://doi.org/10.3969/j.issn.1003-8930.2008.02.007

2008-01-01

Abstract:According to the requests of access control in power supervisory control systems,three common access control strategies are compared and an access control strategy using RBAC(role based access control) in power supervisory control system is presented.Basic concepts,characteristics and advantages of RBAC are introduced,and the structures of power supervisory control systems are analyzed and the resource models of them are formed.The resource management and access control in power supervisory control systems is designed base on these models,and the whole access control strategy is formed.In this strategy,scales of resource are detailed,efficiency of resource management is improved,user authority management is simplified,security and reliability of power supervisory control systems are improved.

刘伟,刘嘉勇

DOI: https://doi.org/10.3969/j.issn.1672-2892.2009.01.019

2009-01-01

Abstract:As a way to defend information's confidentiality and integrity,access control takes a quite important role in military system and commercial system.Role-Based Access Control(RBAC) Model has been generally used in morden sofeware systems,and it has become one of the hotspots in the field of information.On the basis of RBAC,an Extended Role-Based Access Control(ERBAC) model is introduced against the imperfections of the famous RBAC model.Then the applying process of this model is illuminated.In the improved model,the concepts of role and permission are extended,which makes RBAC model be applied to systems freely and efficiently,and strengthens the security of access control.

HU He-ping,XU Wei

DOI: https://doi.org/10.3969/j.issn.1007-130x.2007.06.033

2007-01-01

Abstract:By means of roles, the access control model of role-based access control links an user with his permissions, which greatly reduces the complexity and cost of authorization management.This paper presents a RBAC framework which can be used for the domain of J2EE. The framework which uses the design patterns of software and the method of aspect-oriented programming shows strong expansibility and maintainability.

Meisong CAI,Hongming CAI

DOI: https://doi.org/10.3969/j.issn.1671-8844.2006.04.025

2006-01-01

Abstract:The network security polices in terms of users personal,role and temporary attributes are introduced;and then the access and control mechanism for the three security polices are put forward.An adoption of server-pull and LDAP structure is discussed to perform access and control for the enterprise fundamental information platform based on RBAC.The system employs LDAP directory server as the role server and users can obtain required information in certain secure mode(e.g.SSL),so as to implement the relevant RBAC strategy to achieve the access control purpose.The structure's feature is simple and flexible.

Dancheng Li,Cheng Liu,Qiang Wei,Zhiliang Liu,BinSheng Liu

DOI: https://doi.org/10.1109/ICIECS.2010.5678213

2010-01-01

Abstract:SaaS (Software as a Service) deliver software as a service over the Internet, eliminating the need to install and run the application on the customers' own computers and simplifying maintenance and support. Access control is an important information security mechanism, according to user identity and the attribution of a predefined group of users to restrict access to certain information items, and limit the use of certain functions. In view of the features of multi-tenant, if we apply existing access control methods to SaaS systems directly, the following problems will appear: (1) role name conflicts (2) cross-level management (3) the isomerism of tenants' access control. This paper propose the S-RBAC model which can be applied to SaaS systems, this model extends from the RBAC model and ARBAC97 model, it uses layered structures to achieve system-level and tenant-level access control, solves the SaaS system access control problems. And we put forward a way to implement the access control module for SaaS systems based on S-RBAC model.