Lin Yao,Xiangwei Kong,Zichuan Xu

DOI: https://doi.org/10.1109/NCM.2008.75

2008-01-01

Abstract:Although RBAC models have received broad support as a generalized approach to access control, the administration of roles in large organizations can become quite cumbersome. In this paper, we develop a new paradigm for access control and authorization management, called task-role based access control (TRBAC) with multi-constraint. The basic idea of this model different from traditional RBAC is that roles and permissions are not connected directly but are put together by tasks. It is a dynamic authorization model with fine-grained partition on users, roles, tasks and sessions. The unit of task becomes the permission granularity. It is more convenient for enterprise privilege management such as distributed application,C/S access control and workflow management. It can reduce the administrator's burden and avoid some potential safety hazards because of adopted dynamic authorization.

曾璎珞,潘雪增,陈健

DOI: https://doi.org/10.3969/j.issn.1000-3428.2010.10.052

2010-01-01

Abstract:This paper proposes a dynamic security access control model based on system reliability,so as to improve the flexibility of combination among multiple security access control strategies,and to ensure system security and practicality.The model can choose the proper kind of combination among the security access control strategies dynamically in order to deal with different system states and improve the whole system performance.Experimental results prove that this model makes the multiple strategies control more flexible,ensures the system security,and improves practicality of the system.

Xuanmei Qin,Yongfeng Huang,Zhen Yang,Xing Li

DOI: https://doi.org/10.1109/ict.2019.8798859

2019-01-01

Abstract:Attribute-based encryption describes the access policy with the attribute information of users. In practice, attributes usually have a certain lifespan. The existing time-based access control methods directly relate attribute keys to time. Thus, under the constraint of fine-grained time, when the attribute expires, the update of key and policy adds a large additional burden to the data user and owner. In this paper, we propose a dynamic attribute-based access control scheme to set a fine-grained valid time period for each attribute, which not only facilitates dynamic data sharing, but also enables flexible attribute revocation. We use smart contract to set valid time period for attributes. It provides smart management on users' attributes and avoids the waiting time of CSP caused by manual operations. We also introduce trapdoor that are indirectly related to time and proxy decryption method to reduce computational cost on data owners and users. Extensive security and performance analysis shows the security strength and effectiveness of the proposed scheme.

Jason Crampton,Charles Morisset

DOI: https://doi.org/10.48550/arXiv.1204.2342

2014-07-31

Abstract:There have been many proposals for access control models and authorization policy languages, which are used to inform the design of access control systems. Most, if not all, of these proposals impose restrictions on the implementation of access control systems, thereby limiting the type of authorization requests that can be processed or the structure of the authorization policies that can be specified. In this paper, we develop a formal characterization of the features of an access control model that imposes few restrictions of this nature. Our characterization is intended to be a generic framework for access control, from which we may derive access control models and reason about the properties of those models. In this paper, we consider the properties of monotonicity and completeness, the first being particularly important for attribute-based access control systems. XACML, an XML-based language and architecture for attribute-based access control, is neither monotonic nor complete. Using our framework, we define attribute-based access control models, in the style of XACML, that are, respectively, monotonic and complete.

Cryptography and Security,Logic in Computer Science

He Huang,Shuzhen Yao

2007-01-01

Abstract:In order to counteract the implicit information leakage problems caused by illegal information flows in internal network environment, a new access control model suitable for inside document protection was proposed, which introduced dynamic rules into traditional access control and authorization mechanisms. The implementation of the proposed model was based on XACML (extensible access control markup language) and its obligation condition, and thus the information leakage problem in multiple users environment can be addressed. The algorithm analysis and its scenario simulation show that the security capability of the traditional access control model is enhanced through the treatments.

Jun Zheng,Yu-an Tan,Qikun Zhang,Chunxiao Gao,Siyuan Wang

DOI: https://doi.org/10.1007/978-3-642-23226-8_70

2011-01-01

Abstract:By studying the multiple granularities of time constraints' descriptions and consistency problems, in this paper, we establish a dynamic fine-grained access control model, thereby improve the access control precision, quality and efficiency. This paper describes the related concepts of time and the time constraints of multi-granularity. It proposes a kind of TRBAC model with multiple granularities of time constraints by extending the time dimension of the RBAC model. At the same time, it discusses and analyzes the maintenance of the state of the consistency of the system, which enhances the ability of system portray authority in reality and brings it with stronger, more comprehensive description of system security capabilities.

HU Zhao-wei,JIN Rui-fang,YU Wan-jun,YANG Bo

DOI: https://doi.org/10.3321/j.issn:1002-8331.2007.25.021

2007-01-01

Computer Engineering and Applications Journal

Abstract:Mutability is a new concept,although its features can be found in traditional access control models and policies.Usage control has been surveyed to extend traditional access control,its composition and property have been analyzed.Mutability has been discussed in usage control’s point of view,and temporary and persistent attribute have been identified.Mutability has been embodied by attribute updates,which occures on both authorizations and obligations models,and which has been realized by adding update procedures within the model definition,and which makes history-based access decision to be executed easily.Several attribute mutability variations of mutability have been discussed.

shaomin zhang,hongbian yang,baoyi wang

DOI: https://doi.org/10.1007/978-3-642-27287-5_94

2012-01-01

Abstract:For the problems of attribute elements maintenance difficulty and heterogeneous attribute of multi-domain in ABAC model, we propose the method of using ontology to maintain access control elements and distributed attribute management, which describe the logical relationships among attributes with OWL and introduce attribute mapping technology in access control decision-making. It can reduce the complexity of attribute management and raise the security of the cross-domain access. It makes up the defects in original ABAC model, and has a good reference to research the cross-domain access control.

Junhao Geng,Sumei Zhang

DOI: https://doi.org/10.1109/cis.2009.260

2009-01-01

Abstract:To meet the requirements that full business model of complex information system needs simplified, precise and consistent access control method, analyzing meta-model of full business model, granularities of access control elements, Full Business Model Oriented Access Control (FBMOAC) model is proposed and built, and an algorithm of permission consistency control is presented based on the formal description. Through building access subject granularities, access object granularities, permission assignment control granularities and the dependency, contradiction, delegation, nesting relationships between granularities, FBMOAC supports simplifying the authorization process, controlling access objects precisely and implementing the consistency control of permissions.

袁平鹏,陈刚,董金祥

DOI: https://doi.org/10.3321/j.issn:1003-9775.2004.04.006

2004-01-01

Abstract:An access control paradigm composed of basic model and role model is proposed for collaborative applications. Basic model specifies the relationship among privileges and the way of ranking privileges. It relates privilege with operations on the objects, so the model appears more straightforward. Moreover, if Brokers' implementation permits, the model can support any grained access control. Role model re-defines the role concept of RBAC96, divides the permissions of role into public permissions, protect permissions and private permissions. It allows user to define roles more flexibly, prevents private permissions of roles from being inherited and reduces the definition of ancillary roles.

Binyong Li,Fan Yang,Shaowei Zhang

DOI: https://doi.org/10.3390/math12162541

IF: 2.4

2024-08-19

Mathematics

Abstract:Traditional access control systems exhibit limitations in providing flexible authorization and fine-grained access in the face of increasingly complex and dynamic access scenarios. This paper proposes a context-aware risk access control model to address these challenges. By developing a multi-level contextual risk indicator system, the model comprehensively considers real-time contextual information associated with access requests, dynamically evaluates the risk level of these requests, and compares the outcomes with predefined risk policies to facilitate access decisions. This approach enhances the dynamism and flexibility of access control. To improve the accuracy and reliability of risk assessments, we propose a combination weighting method grounded in game theory. This method reconciles subjective biases and the limitations of objective data by integrating both subjective and objective weighting techniques, thus optimizing the determination process for risk factor weights. Furthermore, smart contracts are introduced to monitor user behavior during access sessions, thereby preventing malicious attacks and the leakage of sensitive information. Finally, the model's performance and authorization granularity are assessed through empirical experiments. The results indicate that the model effectively addresses the requirements of dynamic and fine-grained access scenarios, improving the system's adaptability to risk fluctuations while safeguarding sensitive information.

mathematics

Gang Liu,Lu Fang,Quan Wang,Xiaoqian Qi,Juan Cui,Jiayu Liu

DOI: https://doi.org/10.1007/978-3-030-15093-8_4

2018-01-01

Abstract:In information systems where there are a large number of different resources and the resource attributes change frequently, the security, reliability and dynamics of access permissions should be guaranteed. The changing raises security concerns related to authorization, and access control, but existing access control models are difficult to meet practical requirements. In this paper, a resource and attribute based access control model named RA-BAC was proposed. The model bases on attribute-based access control (ABAC) and links access control policy with resource, and redefines the access control rules. Besides, we compare RA-BAC and ABAC from the perspective of theory and simulation experiment respectively to show the advantage of RA-BAC model. We give a detailed analysis combining with instances to show the practicability of the RA-BAC model. RA-BAC solves the problems of policy conflict and policy library expansion in the ABAC model when there are too many resources and the attributes of resources are changed frequently in the system. Using RA-BAC model in system can makes permission query efficient and reduce workload of the system administrator of managing the policy library.

Fujun Feng,Chuang Lin,Junshan Li

DOI: https://doi.org/10.1109/NSWCTC.2009.405

2009-01-01

Abstract:Trustworthy network is the inevitable trend in the development of high trusted computing and Internet. It is beyond the traditional information security including confidentiality, integrity and availability, but on the survivability and controllability. Trustworthiness of users on identity and behaviors is very important for trustworthy network, which can be realized by access control technology. Firstly, we discuss the security requirements of access control in trustworthy network. Then we propose a Trust and Context based Access Control (TCAC) model, and describe the core, hierarchical and constrained TCAC in detail. Finally, a trust evaluation mechanism is presented.

Kai Ouyang,Lijun Dong,Jingli Zhou

DOI: https://doi.org/10.3321/j.issn:1671-4512.2008.04.016

2008-01-01

Abstract:Periodic time theory and RBAC model were considered.Conditional temporal role-based access control(CT-RBAC) model is proposed,in which the symbolic representation of conditional periodic time is brought forward,and the temporal mechanism is controlled by the conditional set.The time control dimension was extended to the control plane 〈condition,time〉 and the plane 〈time,constraint〉 was done to the three-dimensional control space 〈condition,time,constraint〉 so that the flexibility and variety of the control mechanism was improved.The definitions of the conditional periodic expression were described formally and the concurrent transaction logic was used to picture the concurrent execution of the condition set.The control mechanism of the conditional temporal constraint and the computing complexity of the conditional set in the CT-RBAC model were also detailed.

高亮,张斌,蔡力钢,刘向军

DOI: https://doi.org/10.3969/j.issn.1001-3695.2004.08.035

2004-01-01

Abstract:Effective control of access for resource is key to make users work collaboratively.It is also important to ensure information security.Having analyzed traditional access control technologies,a new access control model,eXtensible Access Control Model (XACM),is proposed in this paper.An extensible access control system based on XACM is successfully implemented for control of access to information in Tongda Group's workflow-based office automation system.It proves the characteristics of XACM such as flexibility and generalization.

LI Chang-cheng,LIU Cheng-ying,HONG Ming-song,CAI Wei

DOI: https://doi.org/10.3969/j.issn.1006-5911.2005.03.008

2005-01-01

Computer Integrated Manufacturing Systems

Abstract:Based on study of the role-based access control (RBAC) model and the team-based access control (TMAC) model, combined with the characteristics of the technological process information management, an object-based multi-subject access control model was proposed. In this model, object's access control strategy could be inherited through the object's inheritance hierarchies and the type of access subject was expanded to more types. The model implemented a fine-grained security administration at the level of individual users and individual objects. And the access permissions were assigned effectively and were easy to be expressed. As an active security model, it considered the context of objects and users when activating the permissions. Finally, an application example was introduced to prove the feasibility and advantages of this model.

ZHONG Jiang,HOU Su-juan

DOI: https://doi.org/10.3724/sp.j.1087.2010.02632

2010-01-01

Journal of Computer Applications

Abstract:Concerning the limitations of the application of traditional access control model in new generation credible Internet environment,such as the inefficiency in user-role assignment and the difficulty in cross-domain access control,a universal attribute-based access control framework was proposed.It took a unified method to dispose the attributes of users,resources,operations and running context,simplified the complex way of permissions determination in traditional RBAC and other access control modes,thus enhancing the versatility and flexibility of access control system.At the same time,authentication based on attribute certificates was applied in cross-domain access,policy evaluation and evaluation algorithm were also discussed,which could dynamically realize resource management and access control for users from different domains.In addition,the mechanism of the running context makes the framework more suitable to be applied in complex and dynamic Internet environment.

Fujun Feng,Chuang Lin,Dongsheng Peng,Junshan Li

DOI: https://doi.org/10.1109/HPCC.2008.37

2008-01-01

Abstract:In order to overcome the limitations in traditional access control models such as identity-based access control and meet the access requirements in distributed systems, we propose a Trust and Context based Access Control model called TCAC, it extends the traditional RBAC (role based access control) model with the notion of trust and context. Role assignment in TCAC is based on the trustworthiness and context information of users. The TCAC model is flexible, scalable, and well suitable for the dynamic and distributed systems. Then we provide a trust evaluation mechanism based on the local and global reputation to compute the trust value of a user in distributed system, which can avoid malicious nodes behave correctly in order to get the highest possible trust value. Finally an implementation framework of the access control system based on TCAC is described.

JIANG Xinghao,LI Jianhua

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.16.051

2006-01-01

Abstract:The security problem including confidentiality,integrity,nonrepudiation,authentication,authorization and access control has become the main obstacle for WS before its large scale application.This paper presents an attribute certificate based authorization mechanism for WS and analyzes the characteristics of access control model for WS aiming at the authorization and access control problem WS faces.

Yang Xu,Wuqiang Gao,Quanrun Zeng,Guojun Wang,Ju Ren,Yaoxue Zhang

DOI: https://doi.org/10.1007/978-3-319-72389-1_27

2017-01-01

Abstract:Attribute-Based Access Control (ABAC) is a promising approach for addressing intricate management requirements in dynamic and distributed environments. Nevertheless, because of lacking flexible access exception handling mechanism, rigid rules in ABAC influence the resource availability and ultimately the working efficiency. In this paper, we propose a novel fuzzy ABAC model (FABAC) that extends the ABAC with better usability. We introduce the fuzzy mechanism into decision-making process. Based on the membership grades of requests to rules and the spare credits of respective subjects, our framework permits additional requests failing in rule matching, thus enhancing the information flows in business processes. Furthermore, we develop the credit system with history-based recovery mechanism, wherein the subject’s credits and corresponding recovery rate are impacted by the past authorizations on substandard requests, for maintaining the risk of abuse under control. The analysis reveals that our model contributes to attaining better tradeoff between security and usability.