曾璎珞,潘雪增,陈健

DOI: https://doi.org/10.3969/j.issn.1000-3428.2010.10.052

2010-01-01

Abstract:This paper proposes a dynamic security access control model based on system reliability,so as to improve the flexibility of combination among multiple security access control strategies,and to ensure system security and practicality.The model can choose the proper kind of combination among the security access control strategies dynamically in order to deal with different system states and improve the whole system performance.Experimental results prove that this model makes the multiple strategies control more flexible,ensures the system security,and improves practicality of the system.

Cui Yan-Li,Zhang Xing

DOI: https://doi.org/10.1109/cnmt.2009.5374540

2009-01-01

Abstract:In the distributed environment, one important security issue is how to apply further security control to the object that is released to other terminals. The appearance of trusted computing technology has provided an effective solution for this issue in the distributed environment. At the same time, through combining trusted computing technology with the strong isolation and sharing characteristic provided by virtual machine technology has further increased the security and the flexibility of distributed access control. Therefore, this paper uses trusted computing technology to improve the security of the terminal in carrying out the distributed access control, designs a trusted terminal architecture that bases on the trusted computing technology and the virtual machine technology as well as a enhanced mode that suits in distributed access control, and on this basis, analyzes the security of system design.

Yuanchao Shu,Jiming Chen,Fachang Jiang,Yu Gu,Zhiyu Dai,Tian He

DOI: https://doi.org/10.1145/2070942.2071025

2011-01-01

Abstract:To bridge the gap between insufficiency of existing proximity authentication solutions and the increasing demand of high security guarantee for access control systems, we develope a WISP-based access control system combing electronic and mechanical authentication methods. In our authentication, encryption complexity is changeable and trusted users can share privileges with each other. During experiments, our system has achieved 95% authentication accuracy rate with up to 3 different users.

ZHANG Run-lian,WU Xiao-nian

DOI: https://doi.org/10.3969/j.issn.1009-8054.2007.08.035

2007-01-01

Abstract:According to the information security for campus grid in resource sharing and cooperation wit each other, this paper proposes an access control model based on PMI. The model supports distributed authorit based on delegation, and supports role delegation and partial role delegation based on delegation constraint and temporary delegation role. It follows the least privilege principle and avoids conflict of the authority an exceeding the authority.

Lijun Wu,Zili Chen,Jinshu Su,Xiangyu Luo

DOI: https://doi.org/10.1109/iccda.2010.5541099

2010-01-01

Abstract:T Because of the complexity of netware and its environment, how to ensure security of large scale netware systems is a longstanding key problem. The access control is always one of the important guarantees of security of large scale netware systems. The paper introduces the general AC(attribute certificate) and the role specification AC and the role assignment AC, and discusses the role-based PMI architecture, then combines the role-based PMI architecture with the PKI architecture to present a new access control model based on role PMI. The model has advantages of flexibility, convenience, less storage space and less network consumption etc. At present, we are going to use the model in management information systems of the large scale netware to realize access control for systems.

刘端阳,平玲娣,潘雪增

DOI: https://doi.org/10.3785/j.issn.1008-973x.2004.01.006

2004-01-01

Abstract:With the development of collaboration among enterprises, it is very desirable to securely exchange information between PDMs through Internet. The original user/password mechanism is very weak, unsecure and inflexible. And also,authorization based on PKC(public key certificate) cannot satisfy the temporary relations between enterprises. In order to satisfy the demand of secure information exchanges between enterprises, according with the genernal security management model of PDM system, This paper designed an AC(attribute certificate) model based on PKC. The model was based on TTP architecture to achieve trust between enterprises and automation of enterprises' collaboration, and reduced the startup cost. And it provides not only reliable authentication and data protection, but also flexible access control and secure audit, and effectively implements information exchanges between enterprises. The new model can be well used in the fields of automobile manufacture,electronics,mechanics and so on.

LE Zhen-hu,JIANG Xing-hao,SUN Tan-feng

DOI: https://doi.org/10.3969/j.issn.1009-8054.2011.01.031

2011-01-01

Abstract:The existing PMI access control models have the static problem that the right of the user is fixed after the user is authenticated. However,when the reliable user becomes unreliable and does harm to the system,his right could not be adjusted dynamically. So the feedback mechanism based on the PMI access control model is introduced and the concept of reliable factor is raised. This could overcome the static problem of the former access control model,and thus some new thought is provided for the access control.

黄益民,平玲娣,潘雪增

DOI: https://doi.org/10.3785/j.issn.1008-973x.2001.06.005

2001-01-01

Abstract:After study of existing security models; analysis of information flow model, Bell-LaPadula(BLP) access control model and Biba access control model; and collation and comparison of their advantages and disadvantages, an improved model is put forward that satisfies the actual demands of information security. An implementation strategy is put forward that ensures information security, reliability, practicality and compatibility in the designed security system. An implementation scheme of this security system and its components and functions is provided. This system combines the following functions: mandatory access contro1, privilege separation, security audit, identity authentication and self-protection. It achieves the level 3 of national information security standard and level B1 of TCSEC standard. It was implemented in the Windows NT and Linux operating system and has yielded good resultsin application.

刘晓冰,白朝阳,王霄,李忠凯

DOI: https://doi.org/10.3969/j.issn.1000-3428.2010.03.050

2010-01-01

Abstract:Aiming at the problems of Privilege Management Infrastructure(PMI) model application in the work flow system that data redundancy, weakly dynamic adaptability, this paper proposes a PMI model based on Task-Role Based Access Control(T-RBAC). The model can make the relationship between access right and task by adding task specification access certificate, task assignments access certificate and task management agent. Application result proves that the model can support information security management with three ways of access control in dynamic work flow systems, it consists of access control based on role, task and role and task.

Tang Jie,Lu Quan-fang,Wen Hong

DOI: https://doi.org/10.3969/j.issn.1674-9456.2013.03.005

2013-01-01

Abstract:With the development of mobile communications technology and terminal technology,mobile intelligent terminal has been widely used in people's daily life and will be integrated into a variety of information system in the future.Therefore,the mobile intelligent terminal system security risk assessment is necessary.This article unifies the related standards and the security threats of current mobile intelligent terminal,which aimed to propose a concept of intelligent terminal system safety risk assessment.Because the intelligent terminal system safety assessment lacks of necessary model description,we design a model based on AHP algorithm to evaluate the security risk of intelligent terminal by calculated each evaluation elements of relative risk aversion and the grade of whole intelligent terminal security risk,which will play an important tool to establish the grade system of risk evaluation.

Xiao Zhiting,Yue Yingying,Long Xinyu

DOI: https://doi.org/10.3969/j.issn.1007-7820.2008.03.004

2008-01-01

Abstract:Presently the terminal security protection of classified intranets has several weak links,such as non-security of terminal itself,no checkup of terminal access,and no control of user action,which result in the malicious code attack through the terminal.To address these issues,vulnerability repair systems,the anti- viruses systems,and the host firewalls must be taken into consideration;the terminal security management sys- tem must be deployed;and the trusted terminal must be developed.

Ying Lei

2006-01-01

Abstract:Privilege management infrastructure is the research hotspot in the field of network security at present. How to improve the PMIsystem’s efficiency and how to standardize the access control policies are the main questions now. A condition based on access control policy and itsimplementation mechanism is improved by using XACML technology. Combined with J2EE technology, a PMI system based on the policy model isdesigned and implemented. The improved system resolves the questions above, provides convenient privilege management and fine-grained accesscontrol.

刘尊,李伟华,王涛

DOI: https://doi.org/10.3724/sp.j.1087.2009.02319

2009-01-01

Abstract:A Usable Security Protected Model(USPM)for operating system was proposed and implemented.This model provided enough security for operating system with good compatibility and less special configuration.With this model,one can keep the secret of confidential documents and protect important files from being damaged even after a successful attack.The authors used a rule that limited the activities of processes who communicated with the remote system to ensure the security of the operating system and a number of exceptions that permitted particular activities of particular process to improve the usability of the system.A set of tests show that the model is easy to use,and it has good security,lower costs and good compatibility.

Jiang Jun,Zhai Zhengjun,Wang Ji

DOI: https://doi.org/10.16526/j.cnki.11-4762/tp.2008.08.026

2008-01-01

Abstract:By analysis of the current popular method of access control,point out their deficiencies.Based on the visit of the remote testing and diagnosis system requirement,design a kind of multi-element mixed access control model(MMAC) which is mixed with role-based access control,task-control and time-control.Describe the definition and improved strategy of access control model.Finally,give the performance comparison between MMAC and RBAC under the result of the experiment.

Jianxin Wang

2009-01-01

Abstract:Application services in accordance with the number of campus and more active user groups, security, management features such as loose,The article Proposed an access and unified security platform design based on PKI/PMI technology. In this paper, the system design model and system workflow, and this model the main functional modules has been designed.

WU Hao,PAN Hui,WANG Yong,JIANG Xiangtao,LIU Gangchang

DOI: https://doi.org/10.3969/j.issn.1671-1815.2006.01.024

2006-01-01

Abstract:Sizeable enterprise usually have several applicable information platform, but each system run independently. There is lack of a mechanism of authorization management for the user to access the system resource,but the import ation of PMI provids a tool for the question. Mainly based on the PERMIS project, aim at establishing unified authorization policies, and realized the management of authorization integration in multi-platform system.

Jian Wang,Haihang Wang,Chengxiang Tan

2009-01-01

Journal of Computational Information Systems

Abstract:The wireless way that terminal devices connected to mobile networks communicate with fixed-IP networks brings serious hidden trouble to security. To ensure the security of mobile access, a mobile security access system (SMAS) based on IPSec VPN is designed and implemented. This system adopts multi-factor authentication mechanism based on both smart card and X. 509 certificates to meet security requirement, and adaptive VPN dial-up policy and hardware encryption card to improve system efficiency. Test results show that the system can ensure the communications security between mobile devices and fixed-IP networks perfectly with a high efficiency. Copyright © 2009 Binary Information Press.

Gang YANG,Guangzhou Zeng

DOI: https://doi.org/10.3969/j.issn.1000-3428.2005.16.055

2005-01-01

Abstract:An access control framework using fast table for PKI and PMI is presented in this paper. The fast table mechanism with the temporarystorage function is introduced into the framework and it makes the Web server with PKI+PMI facility validate the certificates' status and distributeauthority in local place. Thereby Web server can do lots of validating work of CA and can reduce the burden of network.

LUO Jun,Jiayong Liu,GONG Xun,HU Yong

DOI: https://doi.org/10.15961/j.jsuese.2011.06.022

2011-01-01

Abstract:An access control model based on the security evaluation of subject and object was proposed.At first,some important concepts and their relationships,such as user(subject) security degree,resource(object) security degree,user security level,resource security level,and operation level were defined.Then a formula to qualify the condition that the user must satisfy when he accessed a certain system resource by a certain operation was provided from the angle of security.The object security degree was decided by the security evaluation value of the device that the accessed resource lied in,which equaled the weighting sum of the evaluation values of the threat,the vulnerability and the environment security.The user security degree was decided by five factors,such as the security of physical device used by the user,compliance of the use of the resources,the history behavior of the user,the evaluation of the user by a third party,and the identity certificate class.The methods to compute the values of these five factors were discussed and the subject security degree was equal to the weighting sum.At last,the proposed access control model based on the security evaluation of subject and object was verified in practical application.The statistics of experiment showed that,compared with the access control system depended on firewall and IDS,the total number and severity of security events of the system based on the proposed access control model decrease obviously.

Jian Gao,Licheng Wang,Chao Huo,Ganghong Zhang,Jianan Yuan,Yujie Xu

DOI: https://doi.org/10.1109/icccbda49378.2020.9095639

2020-01-01

Abstract:Based on the analysis of the security requirements of power internet of things and the idea of security solution provided by trusted computing, this paper studied the power Internet of things information security interaction model and key technologies to realize the information security interaction of power internet of things, and proposed a real-time evaluation model of terminal entities based on global trusted. Punishment factor and time factor were introduced to upgrade the evaluation method from single evaluation to global evaluation. Taking the power distribution system as an example, the information security intersection model of power internet of things based on behavioral trusted measurement mechanism was simulated. The simulation results showed that the model had continuous trusted measurement ability in dynamic uncertain network environment, and could make trustworthiness decision in real time and accurately. It is more practical and laid a good foundation for the research of trustworthiness connection, trustworthiness management and trustworthiness decision-making based on trusted measurement.