HE Tian-he,PAN Xue-zeng

DOI: https://doi.org/10.3969/j.issn.1671-7147.2007.03.016

2007-01-01

Abstract:SNMP provides a way to manage and monitor the computer network.By extending its access control model on the 3rd version,the paper offers two methods : view based access control model(vacm) and role based access control model.It enhances RBAC's power and function.In use SNMPv3 based on Time Enhanced RBAC is more efficient and useful.

Zhiwen Zou,Changqian Chen,Shiguang Ju,Jiming Chen

DOI: https://doi.org/10.1007/978-3-642-12189-0_26

2010-01-01

Abstract:The Spatial Role-Based Access Control (SRBAC) model was discussed in this paper. Firstly, the formal definition of SRBAC Model was given; then the region coverage constraint of spatial object, duration constraint of spatial object, various spatial object separations of duty constraints and spatial object cardinality constraint of role activation were researched; after extending the traditional session, the strategy of eliminating the conflictive session was presented; Finally, the role hierarchy has been discussed under the spatial environment. Combined with practical application, the theory of secure DBMS was optimized and afforded to build the stricter system.

Weili Han,Zheran Fang,Weifeng Chen,Wenyuan Xu,Chang Lei

DOI: https://doi.org/10.1145/2046707.2093491

2011-01-01

Abstract:Policy driven management is widely used to manage networked resources and protect sensitive resources. Existing policy-driven management strategies rely heavily on policy administrators to specify and validate policies, which not only require in depth understanding of policy languages and domain knowledge, but also are error-prone.To simplify the tasks of policy administration, this paper proposes a novel policy administration framework, named collaborative policy administration (CPA). Essentially, the idea is that applications with similar functionalities shall have similar policies. Thus, to specify or validate policies, CPA will examine policies already specified by other applications in the same category and perform collaborative recommendation. In this paper, we consider the Android systems as a case study and show that CPA can strengthen Android security.

CH Fang,W Peng,XZ Ye,SY Zhang

DOI: https://doi.org/10.1109/cscwd.2005.194248

2007-01-01

Journal of Software

Abstract:Access control is one of the key steps to ensuring the availability, confidentiality and integrity of system resources. While it has been fully applied in various network systems, it's still relatively new for collaborative CAD. This paper provides a new framework of multi-level access control for collaborative CAD based on hierarchical product modeling. A layered privilege model (LPM) has been developed to provide multi-granularity access permissions in the part level and feature level. An extended hierarchy role-based access control (EHRBAC) is implemented, integrated with LPM and common Hierarchy RBAC, to provide hierarchical access control of collaborative feature modeling in the component/part level and design feature level. Mesh simplification techniques are used to create variable level-of-detail for individual features.

黄益民,杨子江,平玲娣,潘雪增

DOI: https://doi.org/10.3785/j.issn.1008-973x.2004.04.005

2004-01-01

Abstract:The traditional role-based access control (RBAC) model was extended in this work aimed at studying practical ways to implement access control, enforce security administration, and acquire available information from real world to construct an access control model and establish security policies. A three-layered architecture for role-based security administration was proposed. And a practical way was presented to implement role-based access control and role-based security administration ,so that cross-platform role-based access control is implemented automatically and systematically in the security administration system.

Di Wu,Xiyuan Chen,Jian Lin,Miaoliang Zhu

DOI: https://doi.org/10.1007/11836025_19

2006-01-01

Abstract:Today, the formulation, specification, and verification of adequate data protection policies in open distributed environment appear as the main challenge to address concerning authorization Role-based access control models have attracted considerable research interest in recent years due to their innate ability to model organizational structure and their potential to reduce administrative overheads This paper proposes ontology specification to describe Role-based Access Control model and extend it with a general context expression Based on these definitions, the specification for interoperation in distributed environment is introduced The works include a definition of ontology to describe the concepts and a declaration of rules to explicit the relationship between concepts The ontology based approach can express security policy with semantic information and provide a machine interpretation for descriptions of policy in open distributed environment.

Wu Di,Jian Lin,Yabo Dong,Miaoliang Zhu

DOI: https://doi.org/10.1109/PDCAT.2005.247

2005-01-01

Abstract:Role-based access control (RBAC) models have generated a great interest in the security community as a powerful and generalized approach to security management. One of important aspects in RBAC is constraints that constrain what components in RBAC are allowed to do. There are lots of research have been achieved to specify constraints for secure system developers. However more work is need urgently to met requirements for interoperability of machine and people understandable constraints specification in open and distributed environment. In this paper we propose another approach to specify constraints using Semantic Web technologies. The Web Ontology Language (OWL) specification of basic RBAC components and constraints are described in detail.

袁平鹏,陈刚,董金祥

DOI: https://doi.org/10.3321/j.issn:1003-9775.2004.04.006

2004-01-01

Abstract:An access control paradigm composed of basic model and role model is proposed for collaborative applications. Basic model specifies the relationship among privileges and the way of ranking privileges. It relates privilege with operations on the objects, so the model appears more straightforward. Moreover, if Brokers' implementation permits, the model can support any grained access control. Role model re-defines the role concept of RBAC96, divides the permissions of role into public permissions, protect permissions and private permissions. It allows user to define roles more flexibly, prevents private permissions of roles from being inherited and reduces the definition of ancillary roles.

Yang Luo,Qingni Shen,Zhonghai Wu

DOI: https://doi.org/10.48550/arXiv.1903.09756

2019-03-23

Abstract:Access control is an important component for web services such as a cloud. Current clouds tend to design the access control mechanism together with the policy language on their own. It leads to two issues: (i) a cloud user has to learn different policy languages to use multiple clouds, and (ii) a cloud service provider has to customize an authorization mechanism based on its business requirement, which brings high development cost. In this work, a new access control policy language called PERM modeling language (PML) is proposed to express various access control models such as access control list (ACL), role-based access control (RBAC) and attribute-based access control (ABAC), etc. PML's enforcement mechanism is designed in an interpreter-on-interpreter manner, which not only secures the authorization code with sandboxing, but also extends PML to all programming languages that support Lua. PML is already adopted by real-world projects such as Intel's RMD, VMware's Dispatch, Orange's Gobis and so on, which proves PML's usability. The performance evaluation on OpenStack, CloudStack and Amazon Web Services (AWS) shows PML's enforcement overhead per request is under 5.9us.

Cryptography and Security

Kuangyi ZENG,Jinxiang ZHANG,Jiahai YANG

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.11.050

2006-01-01

Abstract:A new model for policy refinement is presented at the application background of CERNET.Using the properties of access control list(ACL) in this model,the policies described in different specification languages are mapped into access control lists,which are distributed to different network devices to enforce.Thus,the complex transformation logic in traditional policy refinement fashion is simplified,especially,security and access control configuration management can be automated

Junbiao Wang,Jianxin Zhang,Jianjun Jiang,Shichao Zhang

DOI: https://doi.org/10.3969/j.issn.1000-2758.2008.04.005

2008-01-01

Xibei Gongye Daxue Xuebao/Journal of Northwestern Polytechnical University

Abstract:Aim. Existing access control models are, in our opinion, not sufficiently effective. We now propose a novel access control model based on RBAC (Role-Based Access Control), which, we believe, is sufficiently effective. In the full paper, we explain our model in some detail. In this abstract, we just add some pertinent remarks to listing the two topics of explanation. The first topic is: the analysis of RBAC-based access control model. In the first topic, with the help of Fig.1 in the full paper, we explain in some detail how the FICS (Flexible Information Coding System) controls access. The second topic is: the implementation of our novel and effective RBAC-based access control model. Its three subtopics are: the concepts of traditional RBAC model that we utilize (subtopic 2.1), the restrictions we impose on accessing our novel and effective model (subtopic 2.2), and the access assignment strategy of FICS (subtopic 2.3). A large Chinese aircraft manufacturing enterprise has made use of our novel and effective RBAC-based access control model and has gradually widened and continues to widen the scope of its application. How the large enterprise utilizes our novel and effective model are briefly described in Fig.4 and Table 1 in the full paper.

Kuang Y. Zeng,Jinxiang Zhang,Jiahai Yang

2006-01-01

Abstract:A new model for policy refinement is presented at the application background of CERNET. Using the properties of access control list (ACL) in this model, the policies described in different specification languages are mapped into access control lists, which are distributed to different network devices to enforce. Thus, the complex transformation logic in traditional policy refinement fashion is simplified, especially, security and access control configuration management can be automated.

Yun-qing Fu,Chun-xiao Ye

DOI: https://doi.org/10.1049/cp:20070238

2007-01-01

Abstract:Access control is widely used in most information systems. XML or other languages are usually adopted to define access control policy. In this paper, we examine an approach to employ user and role's attribute expression as a part of access control policy. In our approach, a XACML-based policy language named A-XACML is defined and used as a simple, flexible way to express and enforce access control policies in a variety of environments. The language and schema support include data types, functions, and combining logic which allow simple and complex rules to be defined. Finally, we illustrate how to define access control policies of product document management (PDM) system by using XACML.

XIE Dong-wen,LIU Min,WU Cheng

DOI: https://doi.org/10.3969/j.issn.1006-5911.2005.04.020

2005-01-01

Computer Integrated Manufacturing Systems

Abstract:To guarantee the information security in information acquisition and management in enterprises, an Policy-Based Access Control (PBAC) model was proposed. Definition and compositions of PBAC model were introduced. 9 kinds of rules of PBAC in enterprise information system were provided for enterprises to follow. In addition, a universal and extensible solution was advanced. The solution has been successfully applied in some large project management software. Application has indicated that the proposed solution can greatly lessen software development cycle and improve maintainability.

ZENG Kuang-yi,YANG Jia-hai

DOI: https://doi.org/10.3969/j.issn.1000-1220.2007.02.006

2007-01-01

Abstract:Policy refinement and policy conflict resolution are two of the toughest issues in implementing a policy-based network management (PBNM) system. Based on a brief review of general PBNM theories and specific access control technologies, the paper proposed a novel policy-based network management model, which adopts XML as the high level policy description language, and uses the generalized access control list(ACL) as an intermediate refining mechanism, focusing on network security and QoS management. Some critical issues and their solutions, including policy representation, policy refinement, and policy conflict policy detection, are discussed. A formula representation of the policy conflict issue is given with several important inferences. The effectiveness and efficiency of the model is verified by the implemented prototype.

Andrea Margheri,Massimiliano Masi,Rosario Pugliese,Francesco Tiezzi

DOI: https://doi.org/10.48550/arXiv.1612.09339

2016-12-30

Abstract:Access control systems are widely used means for the protection of computing systems. They are defined in terms of access control policies regulating the accesses to system resources. In this paper, we introduce a formally-defined, fully-implemented framework for specification, analysis and enforcement of attribute-based access control policies. The framework rests on FACPL, a language with a compact, yet expressive, syntax for specification of real-world access control policies and with a rigorously defined denotational semantics. The framework enables the automatic verification of properties regarding both the authorisations enforced by single policies and the relationships among multiple policies. Effectiveness and performance of the analysis rely on a semantic-preserving representation of FACPL policies in terms of SMT formulae and on the use of efficient SMT solvers. Our analysis approach explicitly addresses some crucial aspects of policy evaluation, as e.g. missing attributes, erroneous values and obligations, which are instead overlooked in other proposals. The framework is supported by Java-based tools, among which an Eclipse- based IDE offering a tailored development and analysis environment for FACPL policies and a Java library for policy enforcement. We illustrate the framework and its formal ingredients by means of an e-Health case study, while its effectiveness is assessed by means of performance stress tests and experiments on a well-established benchmark.

Software Engineering

Yi Zong,Yao Guo,Xiangqun Chen

DOI: https://doi.org/10.1109/sose.2019.00062

2019-01-01

Abstract:With the wide application of modern robots, more concerns have been raised on security and privacy of robotic systems and applications. Although the Robot Operating System (ROS) is commonly used on different robots, there have been few work considering the security aspects of ROS. As ROS does not employ even the basic permission control mechanism, applications can access any resources without limitation, which could result in equipment damage, harm to human, as well as privacy leakage. In this paper we propose an access control mechanism for ROS based on an extended policy-based access control (PBAC) model. Specifically, we extend ROS to add an additional node dedicated for access control so that it can provide user identity and permission management services. The proposed mechanism also allows the administrator to revoke a permission dynamically. We implemented the proposed method in ROS and demonstrated its applicability and performance through several case studies.

Wei Zhang,Zuoquan Lin

DOI: https://doi.org/10.1109/skg.2012.5

2012-01-01

Abstract:The ANSI RBAC standard provides no mechanism for access policies. This paper employs answer set programming (ASP) as the policy language and presents a new logic-based RBAC formalization framework. The powerful expression ability of ASP ensures the representation of various policies, while high-efficient answer set solvers help our framework suit for reasoning in industrial level applications. We show that properties of the proposed framework support flexible policies well. Furthermore, systems based on the proposed framework are proved to be safe and available.

Huiying Li,Xiang Zhang,Honghan Wu,Yuzhong Qu

2005-01-01

Abstract:Access control is an important issue among the security problems of resources in distributed systems. In order to enable entities in distributed systems to understand and interpret policies correctly, common concern is drawn to the problem of expressing access control policies with semantic information. In this paper, we introduce how to express access control policies based on OWL and SWRL. It includes a definition of OWL ontology to describe the terms and a declaration of SWRL rules to explicit the relationship between properties. Finally some use cases are given to explain how to express policies in form of rule using the terms defined beforehand.

Ziyi Su,Frederique Biennier

DOI: https://doi.org/10.48550/arXiv.1305.1727

2013-05-08

Cryptography and Security

Abstract:In an open information systems paradigm, real-time context-awareness is vital for the success of cooperation, therefore dynamic security attributes of partners should considered in coalition for avoiding security conflicts. Furthermore, the cross-boundary asset sharing activities and risks associated to loss of governance call for a continuous regulation of partners' behavior, paying attention to the resource sharing and consuming activities. This paper describes an attribute-based usage control policy shceme compline to this needs. A concise syntax with EBNF is used to summarize the base policy model. The semantics of negotiation process is disambiguated with abductive constraint logic programming (ACLP) and Event Calculus (EC). Then we propose a policy ratification method based on a policy aggregation algebra that elaborate the request space and policy rule relation. This method ensures that, when policies are aggregated due to resource sharing and merging activities, the resulting policy correctly interprets the original security goals of the providers' policies.