Lin Yao,Xiangwei Kong,Zichuan Xu

DOI: https://doi.org/10.1109/NCM.2008.75

2008-01-01

Abstract:Although RBAC models have received broad support as a generalized approach to access control, the administration of roles in large organizations can become quite cumbersome. In this paper, we develop a new paradigm for access control and authorization management, called task-role based access control (TRBAC) with multi-constraint. The basic idea of this model different from traditional RBAC is that roles and permissions are not connected directly but are put together by tasks. It is a dynamic authorization model with fine-grained partition on users, roles, tasks and sessions. The unit of task becomes the permission granularity. It is more convenient for enterprise privilege management such as distributed application,C/S access control and workflow management. It can reduce the administrator's burden and avoid some potential safety hazards because of adopted dynamic authorization.

MA Chen-hua,WANG Jing,QIU Jiong,LU Guo-dong

DOI: https://doi.org/10.3785/j.issn.1008-973x.2010.12.011

2010-01-01

Abstract:Access control models proposed so far provide no support for context-based dynamic authorization and flexible authorization policy definition for tasks.To address these issues,a flexible context-constraint-based access control model was proposed for workfolws.The concepts of contextconstraint-based role assignment policy and context-constraint-based role authorization policy were defined.The interrelationships between policies were analyzed and the conflicts exhibited by policies were classified.Static and dynamic conflict detection methods were provided to maintain the consistency of policies.By the introduction of two new concepts,priority rule and conflict resolution policy,a flexible approach to resolve conflicts were provide.The security administrator can choose the method of resolving conflicts flexibly according to system requirements by defining priority rules and conflict resolution policies.Furthermore,the role assignment algorithm and the authorization decision algorithm based on the minimum sets of role assignment policies and role authorization policies were given.The model provides support for context-based dynamic authorization,automatic user-role and role-permission assignment.

WL Han,JJ Zhang,XB Yao

DOI: https://doi.org/10.1109/cit.2005.92

2005-01-01

Abstract:Context is a key factor in making make access control decision in modern information system. But a formal context model is needed to guide research of implementation of Context-sensitive Access Control (CSAC) model. This paper formally defines a Context-sensitive Access Control, which consists Of extendible context model, authorization policy model, request. model, authorization algorithm, revoke algorithm, access control decision algorithm, and so on. Then the paper introduces some related algorithms and CSAC implementation. Finally, the paper introduces an access control service for enterprise applications which centralizes all access control functions into one service.

Tao Peng,Minghua Jiang,Ming Hu

DOI: https://doi.org/10.4028/www.scientific.net/amr.121-122.558

2010-01-01

Advanced Materials Research

Abstract:A multi-polices access control model is proposed, with the model, access control based on policy regulation and XML based policy description is given. At the same time, We use the XSD(XML Schema Definition) to describe the content and the structure of the xml documents, and check the validity of the xml documents. Based on the description of the access control, an application system is realized we construct the runtime platform and choose some access control polices to test our system. The result is well.

Tao Peng,Jiang Minghua,Hu Ming

2008-01-01

Abstract:Nowaday, the status of XML as a standard for storing and exchanging data in Internet and XML documents is becoming a de facto standard for storing and exchanging information. So, access control of XML documents is a key in network environment. In this paper, we propose an approach that exploits the semantics associated with subject and information in XML documents to facilitate automatic access control policies while resource sharing occurs among coalition members. Our approach relies on identifying the necessary attributes required by users to gain access to specific XML documents information. Specifically, it consists of extracting user attribute sets that semantically mach with the attributes of the information in XML documents. This relies on a closer examination of why a user is assigned a specific role.

XL Li,ZW Xu,XW Liu,N Yang

DOI: https://doi.org/10.1109/wi.2003.1241240

2003-01-01

Abstract:It is a challenge to integrate and share resources securely across multiple autonomous administrative domains environment. We introduce the community-based model of vega enterprise information grid and its operation mechanism. The individuals and/or institutes forming different communities can not only implement diverse policies and autonomous management of resource sharing without any impact on the other communities, but also achieve a globally shared goal. Based on the model, the access control technique, including framework and uniform formalizing, is presented in detail. The static or dynamic role binding is used for entitling user's request for accessing resources within or across communities, which ensures a globally unified view for user. A prototype describes how these techniques are useful in building an enterprise information grid. The evaluation and future continuing works are presented in the conclusion.

Yun-qing Fu,Chun-xiao Ye

DOI: https://doi.org/10.1049/cp:20070238

2007-01-01

Abstract:Access control is widely used in most information systems. XML or other languages are usually adopted to define access control policy. In this paper, we examine an approach to employ user and role's attribute expression as a part of access control policy. In our approach, a XACML-based policy language named A-XACML is defined and used as a simple, flexible way to express and enforce access control policies in a variety of environments. The language and schema support include data types, functions, and combining logic which allow simple and complex rules to be defined. Finally, we illustrate how to define access control policies of product document management (PDM) system by using XACML.

Wu Di,Jian Lin,Yabo Dong,Miaoliang Zhu

DOI: https://doi.org/10.1109/PDCAT.2005.247

2005-01-01

Abstract:Role-based access control (RBAC) models have generated a great interest in the security community as a powerful and generalized approach to security management. One of important aspects in RBAC is constraints that constrain what components in RBAC are allowed to do. There are lots of research have been achieved to specify constraints for secure system developers. However more work is need urgently to met requirements for interoperability of machine and people understandable constraints specification in open and distributed environment. In this paper we propose another approach to specify constraints using Semantic Web technologies. The Web Ontology Language (OWL) specification of basic RBAC components and constraints are described in detail.

Kuangyi ZENG,Jinxiang ZHANG,Jiahai YANG

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.11.050

2006-01-01

Abstract:A new model for policy refinement is presented at the application background of CERNET.Using the properties of access control list(ACL) in this model,the policies described in different specification languages are mapped into access control lists,which are distributed to different network devices to enforce.Thus,the complex transformation logic in traditional policy refinement fashion is simplified,especially,security and access control configuration management can be automated

Kuang Y. Zeng,Jinxiang Zhang,Jiahai Yang

2006-01-01

Abstract:A new model for policy refinement is presented at the application background of CERNET. Using the properties of access control list (ACL) in this model, the policies described in different specification languages are mapped into access control lists, which are distributed to different network devices to enforce. Thus, the complex transformation logic in traditional policy refinement fashion is simplified, especially, security and access control configuration management can be automated.

袁平鹏,陈刚,董金祥

DOI: https://doi.org/10.3321/j.issn:1003-9775.2004.04.006

2004-01-01

Abstract:An access control paradigm composed of basic model and role model is proposed for collaborative applications. Basic model specifies the relationship among privileges and the way of ranking privileges. It relates privilege with operations on the objects, so the model appears more straightforward. Moreover, if Brokers' implementation permits, the model can support any grained access control. Role model re-defines the role concept of RBAC96, divides the permissions of role into public permissions, protect permissions and private permissions. It allows user to define roles more flexibly, prevents private permissions of roles from being inherited and reduces the definition of ancillary roles.

Dongliang Jiao,Liu Lianzhong,Li Ting,Ma Shilong

DOI: https://doi.org/10.1109/icfcsa.2011.27

2011-01-01

Abstract:Usage control model is presented and has been considered as the next generation control model which is used to access digital objects. in order to achieve full functionality of UCON, this paper puts forward a realization of UCON Model Based on extended-XACML-CeXUCON. First, We extended the policy decision point in XACML to support administrate conditions obligations and attributions of subject or object. Second, we established a eXUCON context model and find the differents between eXUCON context model and XACML context model. Finally, the potential of our realization for improving the convenience of enforcement mechanisms is illustrated using a small, but representative example.

Tao Peng,Minghua Jiang,Ming Hu

DOI: https://doi.org/10.1109/iih-msp.2008.310

2008-01-01

Abstract:In a dynamic coalition environment, organizations should be able to exercise their own local fine-grained access control policies while sharing resources with external entities. At the same time, the status of XML as a standard for storing and exchanging data in Internet and XML documents is becoming a de facto standard for storing and exchanging information. So, access control of XML documents is a key in dynamic coalition environment. In this paper, we propose an approach that exploits the semantics associated with subject and information in XML documents to facilitate automatic access control policies while resource sharing occurs among coalition members. Our approach relies on identifying the necessary attributes required by users to gain access to specific XML documents information. Specifically, it consists of extracting user attribute sets that semantically mach with the attributes of the information in XML documents. This relies on a closer examination of why a user is assigned a specific role.

Bs Liao,J Gao,J Hu,Jj Chen

DOI: https://doi.org/10.1007/978-3-540-30483-8_42

2004-01-01

Abstract:The integration of web services and intelligent agents is promising for automated service discovery, negotiation, and cooperation. But due to the dynamic and heterogeneous nature of web services and agents, it is challenging to guide the behaviors of underlying agents to meet the high-level business (changeful) requirements. Traditional Policy-driven methods (Ponder, Rei, KAoS, etc) are not adaptable to direct the discovery, negotiation and cooperation of dynamic agents who may join in or leave out of a specific community or organization (virtual organization) at run time. The purpose of this paper is to model an ontology-based, policy-driven control framework that is suitable to supervise the dynamic agents according to high-level policies. On the basis of federated multi-agents infrastructure and ontologies of policies, domain concepts, and agent federations, a model of role-based policy specification framework is presented in this paper.

Nuermaimaiti·Heilili,LUO Zhen-xing,LIN Zuo-quan

DOI: https://doi.org/10.3969/j.issn.1000-3428.2008.08.007

2008-01-01

Abstract:Constraints are considered to be the principal motivation for Role-Based Access Control(RBAC).This paper analyzes XML based access control language XACML and points out some shortcomings of the XACML profile for RBAC.It provides role enablement authority to extend this profile,in this way,several kinds of constraints of RBAC such as separation of duty constraints and cardinality constraints can be enforced and implemented using XACML.

Rui Zhang,Fausto Giunchiglia,Bruno Crispo,Lingyang Song

DOI: https://doi.org/10.1007/s11277-009-9782-4

IF: 2.017

2009-01-01

Wireless Personal Communications

Abstract:Context-aware computing is an important aspect of the pervasive computing environment and its various dynamic context information brings new challenges to access control systems. In this paper a new access control model, relation based access control (RelBAC), is provided for context-aware environment with a domain specific Description Logic to formalize the model. The novelty of RelBAC is that permissions are formalized as binary relations between subjects and objects which could evolve with the dynamic contexts. The expressive power of RelBAC is illustrated in a case study of a project meeting event.

Liu Yimin,Wang Zhihui,Wang Wei

2013-01-01

Abstract:In this paper,we propose to construct the purpose-based privacy access control policy model for XML data mode,and to solve the problem of query-leakage of privacy data incurred by path transfer.In our approach,the policy is a minimum secure access tree model.And the minimum secure access tree is a group of path expressions expressed by XPath{/,//,} fragments without redundant paths,while the XPath{/,//,} points to a set of privacy nodes path with access permission.Experimental results show that the generation time of minimum secure tree depends on the labelling time of the private nodes in an XML documents and the discriminating time of redundant paths,and the labelling time is pertinent to the position of privacy data distributed in XML documents.The minimum secure access tree model is able to control the query leakage of private data.

Jason Crampton,Charles Morisset

DOI: https://doi.org/10.48550/arXiv.1204.2342

2014-07-31

Abstract:There have been many proposals for access control models and authorization policy languages, which are used to inform the design of access control systems. Most, if not all, of these proposals impose restrictions on the implementation of access control systems, thereby limiting the type of authorization requests that can be processed or the structure of the authorization policies that can be specified. In this paper, we develop a formal characterization of the features of an access control model that imposes few restrictions of this nature. Our characterization is intended to be a generic framework for access control, from which we may derive access control models and reason about the properties of those models. In this paper, we consider the properties of monotonicity and completeness, the first being particularly important for attribute-based access control systems. XACML, an XML-based language and architecture for attribute-based access control, is neither monotonic nor complete. Using our framework, we define attribute-based access control models, in the style of XACML, that are, respectively, monotonic and complete.

Cryptography and Security,Logic in Computer Science

李晓东,朱皓,杨卫东

DOI: https://doi.org/10.3778/j.issn.1673-9418.2010.01.008

2010-01-01

Abstract:XML(extensive makeup language)keyword search is easy to use,and users do not have to understand the schema,recently is widespreadly concerned by the people.Current researches about the keyword search are mainly focused on the algorithms and the sort of the results,but ignore the security issues.Combining with XML keyword search and XML security control,for the first time,this paper researches the XML keyword search method based on secure access control,including identifying the XML keyword search results based on the secure access control rules,establishing keyword index using security view as well as keyword search algorithm based on the above two aspects,and the three aspects above are on the basis of the XML keyword's smallest lowest common ancestors(SLCA) and view-based secure access control rules.The experimental result shows that in order to satisfy the secure access control rules,this algorithm although needs extra time to get the correct results but is generally efficient.

Li Xiaodong,Huang Hao,Zhu Hao,Yang Weidong

DOI: https://doi.org/10.3969/j.issn.1000-386X.2011.12.002

2011-01-01

Abstract:Keyword search of XML database is simple and easy to use,and the users do not have to understand the pattern of the database.Recently it is widely concerned by the people.Current researches on this issue mainly focus on the algorithms of the keyword search and the organisation and sorting of the returned results,but the issue of secure access control of the keywords is ignored.Combining XML keyword search and XML secure access control,in this paper we put forward a new Role-based Access Control Policy which is built based on XML Schema(SRACP),and on the basis of SRACP,we built a secure index for XML keyword search(SRACP-Index) including the data structure of the SRACP-Index,the construction and algorithm of the SRACP-Index,and the way to carry out SSLCA search using the SRACP-Index.At the end,we proved the validity of our index and SSLCA search algorithm through experiments.