卢建刚,方弿,许锋,王智,孙优贤

DOI: https://doi.org/10.3969/j.issn.1002-0411.2004.05.019

2004-01-01

Abstract:In order to solve the problems of applying OPC (OLE for process control) technology to remote supervision, this paper proposes a new framework of distributed fieldbus remote monitoring system based on the Windows DNA(distributed Internet applications architecture) developing model, which adopts the XML (extensible markup language) and SOAP (simple object access protocol) technology as communication mechanism of distributed components. This new framework not only has a favorable extension ability, but also solves the problems appearing in traditional monitoring systems and makes fieldbus remote supervision possible.

Zheng Xiao-lin,Lei Yu,Chen De-ren

DOI: https://doi.org/10.1007/s11460-006-0089-x

2006-01-01

Frontiers of Electrical and Electronic Engineering in China

Abstract:An integrated user access control method was proposed to address the issues of security and management in networked manufacturing systems (NMS). Based on the analysis of the security issues in networked manufacturing system, an integrated user access control method composed of role-based access control (RBAC), task-based access control (TBAC), relationship-driven access control (RDAC) and coalition-based access control (CBAC) was proposed, including the hierarchical user relationship model, the reference model and the process model. The elements and their relationships were defined, and the expressions of constraints authorization were given. The extensible access control markup language (XACML) was used to implement this method. This method was used in the networked manufacturing system in the Shaoxing spinning region of China. The results show that the integrated user access control method can reduce the costs of system security maintenance and management.

周珂,吕民,王刚,任秉银

DOI: https://doi.org/10.4236/jssm.2009.22014

2009-01-01

Computer Integrated Manufacturing Systems

Abstract:The deficiencies of current access control techniques in solving the problems of manufacturing process access conflict in networked manufacturing environment were analyzed. An information model of manufacturing process was con-structed, and a case XML Schema of manufacturing task model was given. Based on the characteristic analysis of the access control for the information model, an improved access control model of manufacturing process was constructed, and the access control model based on manufacture tasks, roles and time limits and the relationships among the ele-ments were defined. The implementation mechanisms for access control model were analyzed, in which the access case matching strategy based on manufacture tasks and time limits, the authorization assignment mechanism based on manufacture tasks, roles, correlation degrees and time limits, XML based access control for transaction security and integrity were included. And the two-level detection architecture of transaction conflict was designed to find the con-flicts both in application and in the database. Finally the prototype system was developed based on these principles. Feasibility and effectiveness of the method were verified by an enterprise application.

Xiyuan Chen,Yang OUYang,Miaoliang Zhu,Yan He

DOI: https://doi.org/10.1109/ICYCS.2008.407

2008-01-01

Abstract:The emerging grid infrastructure presents many challenging security issues that demand new access approach due to its inherent heterogeneity, multidomain characteristic and highly dynamic nature. In order to protect the secure sharing and coordinated use of diverse resources in distributed "virtual organizations", fine-grained access control in grid computing is therefore very necessary and important. In this paper, a semantic-aware access conrtol(SAAC) extending the RBAC with the semantic specification is proposed. Supplying semantic specification by the implementation of semantic inference engine (SIE), the administration for the applicability of users' role memberships to particular permissions is much more easy and precise. The enforcement of the SAAC model for grid application is presented. An experimental evaluation of its overheads is also described.

CH Fang,W Peng,XZ Ye,SY Zhang

DOI: https://doi.org/10.1109/cscwd.2005.194248

2007-01-01

Journal of Software

Abstract:Access control is one of the key steps to ensuring the availability, confidentiality and integrity of system resources. While it has been fully applied in various network systems, it's still relatively new for collaborative CAD. This paper provides a new framework of multi-level access control for collaborative CAD based on hierarchical product modeling. A layered privilege model (LPM) has been developed to provide multi-granularity access permissions in the part level and feature level. An extended hierarchy role-based access control (EHRBAC) is implemented, integrated with LPM and common Hierarchy RBAC, to provide hierarchical access control of collaborative feature modeling in the component/part level and design feature level. Mesh simplification techniques are used to create variable level-of-detail for individual features.

MENGXiao-feng,LUODao-feng,OUJian-bo

2004-01-01

Abstract:As XML has been increasingly important as the Data-change format of Internet and Intranet, acces-controlon-XML-properties rises as a new issue. Role-based access control (RBAC) is an access control method that has been widely used in Internet, Operation System and Relation Data Base these 10 years. Though RBAC is already relatively mature in the above fields, new problems occur when it is used in XML properties. This paper proposes an integrated model to resolve these problems, after the fully analysis on the features of XML and RBAC.

Wei Sun,Da-xin Liu,Tong Wang

DOI: https://doi.org/10.1007/11610496_109

2006-01-01

Abstract:XML becomes a standard format for data interchanges on Internet, especially in E-commerce. Although XML technology has been widely used, the research and development on XML security is still at the early stage. The control of XML access is important for protecting XML documents from being illegally modified or accessed. Most of available models utilize a single level check point. In this paper, we proposed an access control model with dual level access control: file-level and element-level (or attribute-level). The model allows adopt the XBLP policy with file-level security, while employs Hide-Node View for element-level security. The architecture framework of the access control model and implementation are briefly described.

Meng Xiao-feng,Luo Dao-feng,Ou Jian-bo

DOI: https://doi.org/10.1007/BF02831673

2004-01-01

Wuhan University Journal of Natural Sciences

Abstract:As XML has been increasingly important as the Data-change format of Internet and Intranet, access-control-on-XML-properties rises as a new issue. Role-based access control (RBAC) is an access control method that has been widely used in Internet, Operation System and Relation Data Base these 10 years. Though RBAC is already relatively mature in the above fields, new problems occur when it is used in XML properties. This paper proposes an integrated model to resolve these problems, after the fully analysis on the features of XML and RBAC.

Shao Zhijiang,Wang Yongming

DOI: https://doi.org/10.1109/wcica.2004.1342196

2004-01-01

Abstract:The problem of heterogeneous data integration in industrial supervisory control is presented and analyzed. The demand and difficulties of complex lab data representing, storing and publishing are outlined and analyzed in this paper. It is pointed out that a self-descriptive data structure with clear organization of contents and easy connection to human-machine interface is needed. A solution based on XML (eXtended Mark-up Language) is proposed with combination of different layers of data storage, data logic and presentation, human-machine interface. An XML-based system is developed to meet the demands of laboratory data publishing with complex structure. Construction of user interface from XML schema, conversion of lab data into XML, algorithm of storing XML into RDBMS (relation database manager system), query and reconstruction of XML documents from the RDBMS are touched upon. The data structure is described in details and its unique advantage is presented.

Wei Sun,Da-xin Liu,Tong Wang

DOI: https://doi.org/10.1007/11599517_64

2005-01-01

Abstract:As large corporations and organizations increasingly exploit the Internet as a means of improving business-transaction efficiency and productivity, it is increasingly common to find operational data and other business information in XML format. Access control for XML database is non-trivial subjects. A number of recent research efforts have considered access control models for XML data[1−5]. Our first contribution is a novel model for specifying XML security access control. Given an XML document accompanied by a document DTD, we allow a two-stage access control policies to pledge to security access XML document at file-level and element-level respectively. On the element-level access control, our approach for these access control policies is based on the novel notion of hide-node views. While the hide-node view DTD is exposed to authorized users, neither the internal XPath annotations nor the full document DTD is visible. Authorized users can only operate data over the hide-node view, making use of the exposed view DTD to access data. Our hide-node view mechanism guarantees that unauthorized user cannot access sensitive data and protects the schema information from access by unauthorized users. We think that the schema information also is sensitive data and should be protected from gain through the data accessing.

Xiaolin Zheng,Deren Chen,Zigui Wu

DOI: https://doi.org/10.1109/ICSMC.2004.1401195

2004-01-01

Abstract:Networked manufacturing system meets the greater demand from customer, suppliers and partners in manufacturing industry to offer a full range of information and services collaboration. However, there are many security issues within the collaboration and communications, especially when the application service provider mode is adopted. Therefore, an integrated user access control model to overcome security challenges was provided. This model is composed of role authorization, task authorization, company relation authorization and coalition authorization. And we also presented a virtual private network (VPN)-based security solution for networked manufacturing system. These two security solutions help us to safeguard the networked manufacturing system.

LIANG Ce,XIAO Tian-yuan,ZHANG Lin-xuan

DOI: https://doi.org/10.3969/j.issn.1006-5911.2007.01.022

2007-01-01

Computer Integrated Manufacturing Systems

Abstract:Current access control models applied in the network-based manufacturing system and application characteristics of collaborative project were analyzed.Based on these analyses,a role-based access control model was applied in collaborative environment.ARBCA97 was extended and activities in collaborative environment were combined with operations in role models.Mapping rules for activities in collaborative environment and operation in role models were introduced to guarantee authorization consistence in the event-sequence.Finally,the architecture and implementation mechanism of the model were also discussed.The proposed studies were applied in practical production with satisfactory results.

Wang Baoyi,Zhang Shaomin,Zhilei Zhang

DOI: https://doi.org/10.1109/ICIT.2008.4608609

2008-01-01

Abstract:Role-based Access Control (RBAC) policy separates user and privilege logically by importing the concept of role, which can simplify the management of privilege in electric power enterprise. As the development and sustaining change of electric power system, unattended substations become the new developing direction. Unattended substation automation system will realize centralized management and remote control, so the use of RBAC access control method will aggravate the burden of the access control server. What is more, it adds the complexity of management. RBAC could not meet the needs of the system. This paper designs Distributed RBAC access control model, according to the substation automation system structure stated in IEC61850. Users obtain their roles in centralized server, and obtain their privilege dispersedly. The efficiency is improved. Management is more convenient. In the end, a practical example is presented to prove that the designed model and algorithm have high security, feasibility and effectiveness in unattended substation automation system. Because the model and algorithm are designed according to the ITU-T X.509 and IEC61850 international standards, the design has high currency, adaptability and expansibility. ©2008 IEEE.

BAO Zhigang,HU Yanjun,GU Xinjian

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.01.059

2006-01-01

Abstract:Firstly making reference to role based access control(RBAC)model,this paper proposes the basic idea about access control.Then it introduces database design of two realizing methods about access control and two methods’ realization in program,it also presents visual effect.Finally it analyzes and compares one to another in detail from two aspects of applicability and reusability.

Sifang Liu,Gaofeng Pan,Yong Xie,Pei Li

DOI: https://doi.org/10.1142/9789814719391_0101

2015-01-01

Abstract:Extensible Markup Languages(XML) is a structured data model, which can easily realize the interactive operation data. This paper introduces the application of XML in real-time monitoring system for measurement and control equipment, and put forward that XML file as a transparent data source, is used for data storage and reading, realizes the real-time monitoring of ship-board working state of terminal equipment.

Lei Feng

2008-01-01

Abstract:XML document may include information of different sensitivity levels.To prevent XML document from non-authorization querying and modifying,a control mechanism need to be developed to define access to some parts of XML document.Based on RBAC model,multi-grained authorized mechanism for XML document defined by XML schema is discussed,XML access control architecture on RBAC is described,and a non-recursion algorithm of XML access control is presented.

Qin Xia,Lu Liu

DOI: https://doi.org/10.1109/cyber.2011.6011794

2011-01-01

Abstract:Home network is a residential local area network where digital home appliances are connected with each other. In a home network, access control is an essential factor to provide a proper service to an authorized user. In this environment, there is a home server, which manages user's accesses to external sources. It prevents unauthorized users from accessing home appliances on the network. In this paper, we propose a role-based access control (RBAC) framework using mobile agents in home network environments. This framework controls the users' authorities based on RBAC so that it manages the access control list in each device independently. Also, it guarantees secure role assignment using the role tickets introduced in the proposed framework.

Lu-jiong WANG,Ai-ping LI,Li-yun XU

DOI: https://doi.org/10.3969/j.issn.1006-5911.2007.11.008

2007-01-01

Abstract:A multi-user authentication model for the networked manufacturing system based on Application Service Provider (ASP) mode was designed. Single sign-on technology was used in users' authentication in which different authentication and account management functions in various application systems were integrated. Different authentication methods including password authentication, one-time password authentication and Kerberos authentication were introduced to different users' level. A role-based access control model with time character was discussed in which time constraints were applied to the traditional access control model to enable dynamic authorization constrains. For time constraints affecting more than one session, Analytical Hierarchy Process (AHP) was used to calculate the weight of each session, according to which the time limit for each session was set. The above model guaranteed secure access to ASP applications for remote users.

Wei ZHOU,Xiao-an CHEN,Tian-hong LUO,Dong-mei SUN

DOI: https://doi.org/10.13196/j.cims.2007.01.90.zhouw.014

2007-01-01

Abstract:To resolve sensitive information protection in collaborative assembly design, a role- based viewing technique oriented to collaborative assembly design was proposed. In this technique, to control the users' accesses, the Role-Based Access Control (RBAC) and the Mandatory Access Control (MAC) were integrated to construct access matrix. According to the access privilege of roles and the security level of features, the feature-based genus reduction and continuous multi-resolution model was put forward, and record metric α was defined to control assembly models with different resolutions achieved by different roles. The prototype system of Role-based Viewing in Computer Supported Collaborative Design (RVCSCD) was given to reveal the effectiveness of the role-based viewing technique.

Jia Tian,He Guo,Yu-Xin Wang,Zheng Wang

DOI: https://doi.org/10.1109/EmbeddedCom-ScalCom.2009.36

2009-01-01

Abstract:Due to the rapid increasing of system users, it is becoming a tiresome task for the administrator to assign roles and maintain permissions in traditional RBAC model. In order to simplify the administrator’s work and standardize security strategy, human’s fuzzy decision-making capability is required. In this paper, an optimized RBAC model based on fuzzy theory is proposed. Bitmap matrix is used for computing role's trustworthiness(RT); Variance is applied to adjust attribute weight vector to improve max-min operation's limitation; Similar users are clustered to share group experience to improve the accuracy of the model; Historical and mutually exclusive permission table for each user is enforced to implement fuzzy RBAC model with separation of duty constraint. Experimental results demonstrate that the optimized model has greater accuracy and avoids the invalidation under special conditions. Additionally, aiming at the limitation of role inheritance and constraint in traditional XML-described RBAC model, a new XML-graph method is introduced. In this method, multi-inheritance is implemented by referencing attributes and private permission is protected by private inheritance. Using XML-graph to describe the improved fuzzy RBAC model, access control strategy can be easily deployed in different systems and the model’s application range is largely expanded.