JIANG Dong-xing,LIU Qi-xin,ZHENG Shu-liang

DOI: https://doi.org/10.16411/j.cnki.issn1006-7736.2010.01.028

2010-01-01

Abstract:A role and activity based on access control(R-ABAC) model with its infrastructure,component relationship and framework was proposed to build more dynamic,flexible and suitable access control model for the innate limitations of role-based access control(RBAC) model in university-level unified information system through extending the traditional RBAC model with the notion of participation,act and activity.Application results show that R-ABAC model can describe the authorization relationship of actions in teaching,research,administration and service exactly,and it can also implement identity and access management system in digital campus of information integrating stage.

Lin Yao,Xiangwei Kong,Zichuan Xu

DOI: https://doi.org/10.1109/NCM.2008.75

2008-01-01

Abstract:Although RBAC models have received broad support as a generalized approach to access control, the administration of roles in large organizations can become quite cumbersome. In this paper, we develop a new paradigm for access control and authorization management, called task-role based access control (TRBAC) with multi-constraint. The basic idea of this model different from traditional RBAC is that roles and permissions are not connected directly but are put together by tasks. It is a dynamic authorization model with fine-grained partition on users, roles, tasks and sessions. The unit of task becomes the permission granularity. It is more convenient for enterprise privilege management such as distributed application,C/S access control and workflow management. It can reduce the administrator's burden and avoid some potential safety hazards because of adopted dynamic authorization.

Cai E. Xu,Feng Xu,Xiaohua Li,Dongming Lu,Yanqi Cheng

DOI: https://doi.org/10.3969/j.issn.1000-436x.2013.z2.027

2013-01-01

Abstract:Considering access control with more card, scattered access flow data and poor scalability in current university building multi-system, the campus integrated access management platform triple frame design with the core of perception layer, transport layer and application layer was proposed. Campus card access control applications based on a unified data processing were realized, by method of Media and unified campus card authorization, implementing hierarchical management and access networking, comprehensively regulate access standards and centralized storage of data water. The design not only facilitates the management of school access control applications, but also carries out data mining based access control and lay the foundation for leadership decision-making support.

JIANG Jie,ZHANG Jie,CHEN De-ren

DOI: https://doi.org/10.3785/j.issn.1008-973x.2009.09.011

2009-01-01

Abstract:An extended context-aware role based access control(RBAC) based on reasoning(RC-RBAC) model was proposed by integrating the single context-aware RBAC and reasoning-based RBAC in order to solve the problems of the Absence of the adjustment and generation of the context-aware condition dynamically and the incapacity of updating the user authorization according to the adjusted constrain conditions in the existing RBAC.The extended model used the rule reasoning to adjust and generate the context constrains dynamically and start the common sensors and the self-defined sensors to collect the attribute values of the conditions.The access permission to the sensitive data was updated in real time based on the context-aware logic reasoning using the user rules and permission rules.The application results show that the extended RC-RBAC model can be employed in the distributed environment to satisfy the need of the dynamic authorization and reduce the real-time access control management complexity.

CH Fang,W Peng,XZ Ye,SY Zhang

DOI: https://doi.org/10.1109/cscwd.2005.194248

2007-01-01

Journal of Software

Abstract:Access control is one of the key steps to ensuring the availability, confidentiality and integrity of system resources. While it has been fully applied in various network systems, it's still relatively new for collaborative CAD. This paper provides a new framework of multi-level access control for collaborative CAD based on hierarchical product modeling. A layered privilege model (LPM) has been developed to provide multi-granularity access permissions in the part level and feature level. An extended hierarchy role-based access control (EHRBAC) is implemented, integrated with LPM and common Hierarchy RBAC, to provide hierarchical access control of collaborative feature modeling in the component/part level and design feature level. Mesh simplification techniques are used to create variable level-of-detail for individual features.

Xiyuan Chen,Miaoliang Zhu

DOI: https://doi.org/10.4028/www.scientific.net/kem.439-440.178

2010-01-01

Abstract:Semantic; Trust Management; RBAC; User-role Assignment Abstract. The application of RBAC in access management of the enterprise services and resources is very widely. With phenomenal growth of information interaction and cooperation between distributed systems, the number of users can be in the hundreds of thousands or millions. This renders manual user-to-role assignment a formidable task. In this paper, we propose a semantic and trust based framework to automatically assign users to roles based on a finite set of assignment rules defined by authorized people in the enterprise. These rules take into consideration the attributes users own and any constraints set forth by the enterprise including the assignment history and the credit of the requester. We choose OWL to specify the user attributes.

王刚,宋执环

DOI: https://doi.org/10.3969/j.issn.1000-3428.2002.09.044

2002-01-01

Abstract:In this paper, the construction of role-based access control is discussed. Aiming at the complexity of the subjects, combined with the particularity of actions and objects in document management, considering the restriction of subject and the state of object, some improvement is made in the original RBAC and a new team-role-based document access control which is named TRBDAC model is presented. ;

Wang Zhenjiang,Liu Qiang

DOI: https://doi.org/10.3321/j.issn:1002-8331.2005.35.009

2005-01-01

Abstract:Authority Management is a most important aspect of Information Systems.A successful information system is always supported by a well-designed access control system.Role-based access control policy,which is the focus of access control study nowadays,is more flexible and less management burden.Based on Role-Based Access Control(RBAC) and Task-Role-based Access Control,this paper gives a flexible extended access contrl models,XRBAC,standing for Extended Role-Based Access Control,which extends the definition of role management and authority.

Zhang Xiantao,Li Qi,Qing Sihan,Zhang Huanguo,Zhang Liqiang

DOI: https://doi.org/10.1109/ISCIT.2007.4392214

2007-01-01

Abstract:Role-based Access Control (RBAC) become an important techniques to secure e-commerce systems during recent years. However, RBAC management issue is still an unresolved problem. Moreover, with the development of IT technologies in many departments, there emerge many group communications which require dynamic user-role assignments. In these scenarios it is infeasible for few security officers to administrate the assignment for local variant applications. In this paper, we propose a novel RBAC model for decentralized and distributed systems. We also present an administration model of our PBAC model to address the management issues in traditional RBAC systems. As one of the main contributions, this paper proposes a decentralized administration model by introducing a component of group assignment to implement a novel user authorization mechanism and a new user-role assignment (UA) approach which provides a two-level administration for user and role management through the concept of group. Our model can be applied for the current group communication applications with dynamic assignments where typically local administrators take charge of the dynamic assignments. In this way, many administrative tasks for different applications can spread over many different local administrators, and a fine-grained administration model of RBAC based on the local administration policies is realized. As a proof-of-concept we implemented a prototype in Xen virtualization environment based on our proposed model to secure real distributed applications.

Gao Yanyu,Li Shenghong,Xue zhi

DOI: https://doi.org/10.3969/j.issn.1009-8054.2006.03.022

2006-01-01

Abstract:This paper gives an improved model of "Role Based Access Control System Integrating Rating". The new model has advantages of both Role-based logic and Rating logic, and it implements the standardization and unification of policy management and access validation by the introduction of XACML, therefore, it implements the perfect integration of two logic on the basis of role definition.

Gang Liu,Lu Fang,Quan Wang,Xiaoqian Qi,Juan Cui,Jiayu Liu

DOI: https://doi.org/10.1007/978-3-030-15093-8_4

2018-01-01

Abstract:In information systems where there are a large number of different resources and the resource attributes change frequently, the security, reliability and dynamics of access permissions should be guaranteed. The changing raises security concerns related to authorization, and access control, but existing access control models are difficult to meet practical requirements. In this paper, a resource and attribute based access control model named RA-BAC was proposed. The model bases on attribute-based access control (ABAC) and links access control policy with resource, and redefines the access control rules. Besides, we compare RA-BAC and ABAC from the perspective of theory and simulation experiment respectively to show the advantage of RA-BAC model. We give a detailed analysis combining with instances to show the practicability of the RA-BAC model. RA-BAC solves the problems of policy conflict and policy library expansion in the ABAC model when there are too many resources and the attributes of resources are changed frequently in the system. Using RA-BAC model in system can makes permission query efficient and reduce workload of the system administrator of managing the policy library.

WEI Wei

DOI: https://doi.org/10.3969/j.issn.1006-4052.2010.20.038

2010-01-01

Abstract:Web Services brings lots of new security challenges for the traditional security model , in order to solve the security problem of Web services, we propose the RBAC model based on XACML and SAML,which through analyzing the XACML、SAML and RBAC, this model adopts XACML to control and interview the users, applies role to manage the authorization, uses RBAC to separate the users and authority, improves the flexibility of the authority management. Let the users which are different roles single sign -on successfully through SAML, the whole frame based on XML ensure the flexibility and expansibility of the model.

HU Ying-song,CHEN Gang,ZHU A-ke,CHEN Zhong-xin

2006-01-01

Abstract:A new access control model based on roles and departments is proposed,which extends the traditional RBAC model. The new model abstracts the department from the property of roles,and becomes an important factor of permission control. Furthermore,this paper designs a three-layered architecture for this cross-platform security administration and one of the access control policies is described in detail.

shaomin zhang,hongbian yang,baoyi wang

DOI: https://doi.org/10.1007/978-3-642-27287-5_94

2012-01-01

Abstract:For the problems of attribute elements maintenance difficulty and heterogeneous attribute of multi-domain in ABAC model, we propose the method of using ontology to maintain access control elements and distributed attribute management, which describe the logical relationships among attributes with OWL and introduce attribute mapping technology in access control decision-making. It can reduce the complexity of attribute management and raise the security of the cross-domain access. It makes up the defects in original ABAC model, and has a good reference to research the cross-domain access control.

ZHANG Shuai,SUN Jian-ling,XU Bin,HUANG Chao

DOI: https://doi.org/10.3785/j.issn.1008-973X.2012.11.015

2012-01-01

Abstract:A dynamic multiple domains access control model base on role based access control(RBAC) was proposed in order to solve the problem that current single domain based access control model cannot fulfill the authorization requirements for service compositions crossing multiple enterprises.The process structures were analyzed and a role mining algorithm was proposed to find the role set with minimized permissions that meet the access requirements of composite services.Authorization negotiations were set up among relevant domains for each cross domain operation in composite services and cross domain role mappings were built according the mined role sets with minimized cost to fulfill the cross domain operations.Based on this model,a runtime framework aligned with current industry standard was proposed to authorize dynamically based on the current running status of composite services.Simulation experiments showed the effectiveness of key part of the role mining algorithm.

BAO Zhigang,HU Yanjun,GU Xinjian

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.01.059

2006-01-01

Abstract:Firstly making reference to role based access control(RBAC)model,this paper proposes the basic idea about access control.Then it introduces database design of two realizing methods about access control and two methods’ realization in program,it also presents visual effect.Finally it analyzes and compares one to another in detail from two aspects of applicability and reusability.

姚立红,李振东,谢立

DOI: https://doi.org/10.3969/j.issn.1002-137X.2002.11.027

2002-01-01

Computer Science

Abstract:The manner of permission management in Role-Based Access Control is similar to the actual one in application fields, and it greatly simplifies system management. How to define and manage hundreds of permissions, roles,users and relations among them ( all are called RBAC special framework in this article)in large systems is one key problem that models for RBAC must resolve. This article studies the management of RBAC special frameworks, takes the management relations among roles into frameworks, and puts forward Management-Enhanced Model for RBAC. Special frameworks created according to this model are very similar to the management structures in application fields, and can manage themselves. This model also supports dynamic maintenance of management formwork while it is working.

Chunhua GU,Xueqin ZHANG,Guoxin SONG

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.12.063

2006-01-01

Abstract:The paper puts forward a delegation logic based access control model (DLBAC). It translates the credentials, RBAC elements and access policies into unified delegation logic rules. An access unit (AU) wraps an AC system. The standard interface of AU is also defined. Then, the external access control is transformed into internal access control. This AC model can protect the assets and share the resource in collaborative environment.

Q Li,JP Shi,SH Qing

DOI: https://doi.org/10.1109/icebe.2005.23

2005-01-01

Abstract:Role-based access control (RBAC) model has been widely deployed for Web security. In some large-enterprise-wide situations, however, this model is difficult to manage due to huge amount of users, roles and interrelationships. As a result, the applications of this model are greatly limited. To address this problem, we present in this paper a decentralized RBAC model (DRBAC) by proposing a new concept of groups and by introducing non-trivial modifications to the user-role assignment of the existing models

Xu Guangwei,Yin Jianwei,CHEN Gang,Dong Jinxiang

DOI: https://doi.org/10.3969/j.issn.1000-3428.2005.09.026

2005-01-01

Abstract:Current RBAC models have gained general recognition, but the realization of traditional RBAC is divorced from the organizational structure of enterprises, and the tight coincidence of authentication modules and applications causes troubles to maintenance and realization of the system. A principal-based authentication , authorization model and algorithm are introduced and they are based on the realized RBAC models, as well as a J2EE-based realization is presented.