Danfeng Yan,Yuan Tian

DOI: https://doi.org/10.1109/ICBNMT.2013.6823964

2013-01-01

Abstract:Privacy has been acknowledged to be a critical requirement for composite services. In the previous research, we have introduced a privacy-preserving access model, but have no chance to detail the specifying of privacy policies for a composite service. However, the privacy policies in the services should be consistent with each other, and it decides the feasibility and effectiveness of the model. Therefore, this paper proposes a privacy policy composition mechanism that uses the existing policies of the atomic services. Through the definition of policies in the model, the rules to create the user profile and data profile have been derived and the profile samples are given. In the end, an application example is shown to explain that how to use the profiles in the composition engine of the model and then give the implementation of the approach.

Lin Yao,Xiangwei Kong,Zichuan Xu

DOI: https://doi.org/10.1109/NCM.2008.75

2008-01-01

Abstract:Although RBAC models have received broad support as a generalized approach to access control, the administration of roles in large organizations can become quite cumbersome. In this paper, we develop a new paradigm for access control and authorization management, called task-role based access control (TRBAC) with multi-constraint. The basic idea of this model different from traditional RBAC is that roles and permissions are not connected directly but are put together by tasks. It is a dynamic authorization model with fine-grained partition on users, roles, tasks and sessions. The unit of task becomes the permission granularity. It is more convenient for enterprise privilege management such as distributed application,C/S access control and workflow management. It can reduce the administrator's burden and avoid some potential safety hazards because of adopted dynamic authorization.

Tianyang Li,Ting He

DOI: https://doi.org/10.1109/ICSS.2014.26

2014-01-01

Abstract:Privacy protection is still a key challenge in the web service composition area. The user and web service provider frequently share their privacy data with other web service will increase the risk of misuse and disclosure of privacy. In this paper, we first analyze the privacy protection problem according to define four types shared data within web service composition, and then present web service composition and privacy models, our models allow user and web service provider to define user's privacy preference and web service's privacy policy specification. An algorithm is presented to check the policy compliance on the dependency edge and select a set of policy compliant web services with compositing a well privacy protection web service composition. Experiments demonstrate the applicability of our models and algorithm.

ZHANG Shuai,SUN Jian-ling,XU Bin,HUANG Chao

DOI: https://doi.org/10.3785/j.issn.1008-973X.2012.11.015

2012-01-01

Abstract:A dynamic multiple domains access control model base on role based access control(RBAC) was proposed in order to solve the problem that current single domain based access control model cannot fulfill the authorization requirements for service compositions crossing multiple enterprises.The process structures were analyzed and a role mining algorithm was proposed to find the role set with minimized permissions that meet the access requirements of composite services.Authorization negotiations were set up among relevant domains for each cross domain operation in composite services and cross domain role mappings were built according the mined role sets with minimized cost to fulfill the cross domain operations.Based on this model,a runtime framework aligned with current industry standard was proposed to authorize dynamically based on the current running status of composite services.Simulation experiments showed the effectiveness of key part of the role mining algorithm.

Di Wu,Xiyuan Chen,Jian Lin,Miaoliang Zhu

DOI: https://doi.org/10.1007/11836025_19

2006-01-01

Abstract:Today, the formulation, specification, and verification of adequate data protection policies in open distributed environment appear as the main challenge to address concerning authorization Role-based access control models have attracted considerable research interest in recent years due to their innate ability to model organizational structure and their potential to reduce administrative overheads This paper proposes ontology specification to describe Role-based Access Control model and extend it with a general context expression Based on these definitions, the specification for interoperation in distributed environment is introduced The works include a definition of ontology to describe the concepts and a declaration of rules to explicit the relationship between concepts The ontology based approach can express security policy with semantic information and provide a machine interpretation for descriptions of policy in open distributed environment.

Xiyuan Chen,Miaoliang Zhu

DOI: https://doi.org/10.4028/www.scientific.net/kem.439-440.178

2010-01-01

Abstract:Semantic; Trust Management; RBAC; User-role Assignment Abstract. The application of RBAC in access management of the enterprise services and resources is very widely. With phenomenal growth of information interaction and cooperation between distributed systems, the number of users can be in the hundreds of thousands or millions. This renders manual user-to-role assignment a formidable task. In this paper, we propose a semantic and trust based framework to automatically assign users to roles based on a finite set of assignment rules defined by authorized people in the enterprise. These rules take into consideration the attributes users own and any constraints set forth by the enterprise including the assignment history and the credit of the requester. We choose OWL to specify the user attributes.

Danfeng Yan,Junlin Huang,Yuan Tian,Yao Zhao,Fangchun Yang

DOI: https://doi.org/10.1109/ICWS.2014.81

2014-01-01

Abstract:In the Web services environment, RBAC (role-based access control) model is widely accepted as an efficient approach to manage the access control. By defining the authorization relationship between subject roles and object roles in the RBAC, authorization policies are utilized to simplify the authorization management on different Web services. But the scalability and complexity of composite Web services may cause authorization policy conflict. A new authorization policy added to the system may conflict with existing ones and result in authorization chaos and authorization leaking. And when implemented in the composite Web services, policy conflict detection would be of high cost with manually checking. That makes automatic policy conflict detection important to ensure the security of authorizations in the composited Web services. This paper analyzes the features of the authorization policy in the CWS-RBAC (RBAC for composite Web services) and presents methods of detecting policy conflict including subject role propagation conflict, object role composition conflict and context conflict. The experiment designed is to validate the efficiency of each conflict detection method.

Yiqun Zhu,Jianhua Li,Quanhai Zhang

DOI: https://doi.org/10.1007/s11859-008-0116-2

2008-01-01

Wuhan University Journal of Natural Sciences

Abstract:Growing numbers of users and many access policies in service-oriented environments cause various problems in protecting resource. In this paper we analyze the relationships of resource attributes to user attributes in all policies, and propose a general attribute based role-based access control (GARBAC) model. The proposed model introduces the notions of composition permission and single attribute expression and composite attribute expression, defines a set of rules based on different attribute expression to assign users to roles. The model is a general access control model, and can support many access control policies, and also can be used to wider application for service.

ZHU Yi-qun,LI Jian-hua,ZHANG Quan-hai

DOI: https://doi.org/10.3321/j.issn:1006-2467.2007.05.026

2007-01-01

Abstract:This paper reviews the existing research work of the security technology and access control for web services, and then presents a dynamic hierarchical role-based access control model for web services. In this paper, by introducing the notion of authorization group and mechanism of hierarchical access control, the model dynamically manages privileges and protects the parameters themselves. The model improves the flexibility and independence and expansion of access control for web services, and dynamically manages privileges, and provides a more perfect security mechanism for web services, and also effectively enhances the security for web services applications.

Sven Hartmann,Hui Ma,Panrawee Vechsamutvaree

DOI: https://doi.org/10.1007/978-3-662-54054-1_5

2016-01-01

Abstract:Web services have emerged as an open standard-based means for publishing and sharing data through the Internet. Whenever web services disclose sensitive data to service consumers, data privacy becomes a fundamental concern for service providers. In many applications, sensitive data may only be disclosed to particular users for specific purposes. That is, access to sensitive data is often restricted, and web services must be aware of these restrictions such that the required privacy of sensitive data can be guaranteed. Privacy preservation is a major challenge that has attracted much attention by researchers and practitioners. Hippocratic databases have recently emerged to protect privacy in relational database systems where the access decisions, allowed or denied, are based on privacy policies and authorization tables. In particular, the specific purpose of a data access has been considered. Ontologies has been used to represent classification hierarchies, which can be efficiently accessed via ontology query languages. In this paper, we propose an ontology-based data access model so that different levels of data access can be provided to web service users with different roles for different purposes. For this, we utilize ontologies to represent purpose hierarchies and data generalization hierarchies. For more complex service requests that require composite web services we discuss the privacy-aware composition of web services. To demonstrate the usefulness of our access control model we have implemented prototypes of financial web services, and used them to evaluate the performance of the proposed approach.

X Feng,L Guoyuan,H Hao,X Li

DOI: https://doi.org/10.1109/cit.2004.1357221

2004-01-01

Abstract:This paper first briefly reviews the state of the security technology research and access control in the Web Services environment, and then presents a service-orient role-based access control model and security architecture model for Web Services. In this Security Architecture model, SOAP Proxy is employed to enforce access control for Web Services and security mechanisms are separated from the business logic. In this paper, a new technology is presented to implement the RBAC on the Web Services by designing the secure cookies and secure SOAP messages. Finally, the conclusion is given and the problems are pointed out, which should be resolved in further research.

Li Li,Wu Chou

DOI: https://doi.org/10.1007/978-3-642-12436-5_4

2010-01-01

Abstract:This paper presents an extended Role-Based Access Control (RBAC) model for efficient authorization of rich presence using secure web services composed with an abstract presence data model. Following the information symmetry principle, the standard RBAC model is extended to support context sensitive social relations and cascaded authority. In conjunction with the extended RBAC model, we introduce an extensible presence architecture prototype using WS-Security and WS-Eventing to secure rich presence information exchanges based on PKI certificates. Applications and performance measurements of our presence system are presented to show that the proposed RBAC framework for presence and collaboration is well suited for real-time communication and collaboration.

Yi-qun Zhu,Jian-hua Li,Quan-hai Zhang

DOI: https://doi.org/10.5220/0002100404710474

2006-01-01

Abstract:A key challenge in Web services security is the design of effective access control schemes that can adequately satisfy Web services security requirements. Despite the recent advances in Web based access control, there remain issues that impede the development of effective access control models for Web services environments. One of them is the lacks of dynamic role management and attributes access control for Web services. In this paper, we present a dynamic attribute-based role-based access control model (DARBAC) to address the issues. The proposed approach introduces authorization group, which is used to dynamically manages roles and privileges, and attribute based access control mechanism which is used to protect the services and services parameters. We outline the configuration mechanism needed to apply our model to the Web services environments.

Qi Li,Xinwen Zhang,Mingwei Xu,Jianping Wu

DOI: https://doi.org/10.1016/j.cose.2008.12.004

IF: 5.105

2009-01-01

Computers & Security

Abstract:Role-Based Access Control (RBAC) has become a popular technique for security purposes with increasing accessibility of information and data, especially in large-scale enterprise environments. However, authorization management in dynamic and ad-hoc collaborations between different groups or domains in these environments is still an unresolved problem. Traditional RBAC models cannot solve this problem because they cannot support security policy composition from different groups, and lack efficient administrative models for dynamic collaborations. In this paper, we propose a group-based RBAC model (GB-RBAC) for secure collaborations which is based on RBAC96 and extended with group concept to capture dynamic users and permissions. We propose a decentralized security administrative model for GB-RBAC to address the management issues of RBAC in collaborations. As a unique property, our model supports two levels of authorization management: global or system level management by system administrators and local or group level management by group administrators. In this way, our model implements the principles of management autonomy and separation of duty (SoD) in security administrations. We apply our model for authorization management in collaborations by introducing the concept of virtual group. A virtual group is built for a collaboration between multi-groups, where all members build trust relation within the group and are authorized to join and perform operations for the collaborative work. Compared with existing work, our model supports dynamic and ad-hoc collaborations in large-scale systems with the properties of controllable, decentralized, and fine-grained security management.

Wenan TAN -,Yicheng XU -,Ting ZHANG -,Xiang WEN -,Linshan Cui -,Chuanqun JIANG -

DOI: https://doi.org/10.4156/jdcta.vol5.issue7.16

2011-01-01

International Journal of Digital Content Technology and its Applications

Abstract:Currently, the security issues of Web services are hot area in information system (IS). This research mainly discusses the key technologies of information access control focusing on following works: After analyzing the dynamic characteristic of application nature for Web services, a Dynamic Role-Based Access Control using Context and Trust model (abbreviated as CT-DRBAC) for Web services is proposed. During Web services, both the subject of invoking request and object of providing service resources are dynamic nature. So, access policies are needed to consider the dynamic nature. The proposed model has been developed and the authorization framework is discussed detail. In order to implement the dynamic trust management mechanism, a dynamic user role authorization algorithm which considers the user lifecycle contexts in the open systems is proposed and designed to meet the dynamic characteristic of subject and object effectively, and achieve intelligent and scientific user role assignments. The proposed access control module can be used in intelligent information systems to grant dynamically roles to users according to the current context.

CG Xu,H Yan,FG Liu

DOI: https://doi.org/10.1109/icii.2001.983827

2001-01-01

Abstract:Role-based access control (RBAC) is a promising technology for managing and enforcing security in large-scale enterprise-wide system. We were motivated by the need to manage and enforce the strong access control technology of RBAC in large-scale Web environments. Majority of traditional access control models were passive data-protections, which were not suitable for large and complex multi-user interactive applications. In this paper, we develop a general model to control users' behaviors based on their roles actively. In the model, users' behavior specifications are built on their roles. Role-playing is introduced to denote activated role in particular context. Role-playing is modeled as an active class, and its object interacts with user and controls user's behaviors actively. Cookies can be used to support RBAC on the Web, holding users' role information. However, it is insecure to store and transmit sensitive information in cookies. Cookies are stored and transmitted in clear text, which is readable and easily forged. In this paper, we describe an implementation of role-based access control on the Web by secure cookies.

P Liu,Z Chen

DOI: https://doi.org/10.1109/cec-east.2004.17

2005-01-01

Abstract:Web services are widely accepted and adopted to provide business functionality in business world. Especially, Web service is chosen to compose business process by companies to achieve their business objectives. Business process contains a set of activities, which represent business interactions between Web services spanning company boundaries. As Web services are built in open distributed environment, it is apt to cause security concerns. Security problems mainly prevent many companies from implementing Web services. This paper proposes an extended RBAC model, called WS-RBAC4BP, to protect Web services in business process. In this model, companies and Web services are considered as subjects and protected objects, respectively. New types of constraints are introduced. Furthermore, the system architecture of WS-RABC4BP is presented. This paper also gives examples to illustrate the model

Wu Di,Jian Lin,Yabo Dong,Miaoliang Zhu

DOI: https://doi.org/10.1109/PDCAT.2005.247

2005-01-01

Abstract:Role-based access control (RBAC) models have generated a great interest in the security community as a powerful and generalized approach to security management. One of important aspects in RBAC is constraints that constrain what components in RBAC are allowed to do. There are lots of research have been achieved to specify constraints for secure system developers. However more work is need urgently to met requirements for interoperability of machine and people understandable constraints specification in open and distributed environment. In this paper we propose another approach to specify constraints using Semantic Web technologies. The Web Ontology Language (OWL) specification of basic RBAC components and constraints are described in detail.

Yingjie Wang,Zhihong Zhou,Jianhua Li

DOI: https://doi.org/10.1007/978-3-642-54924-3_106

2014-01-01

Abstract:Now, organizations are required to comply with existing privacy protection regulations on data collection, use, and disclosure. Privacy preservation in a data-sharing computing environment is becoming a challenging problem. The core part of privacy protection is purposes for and circumstances under which the data can be accessed. It must be ensured that data can only be used for its intended purposes, so the access purpose should be compliant with the intended purposes. In this paper, the role-based access control (RBAC) model is extended to incorporate the notion of purpose. Relationships between purposes are defined. It is investigated that how different components in the RBAC model are related to purpose and how the purpose information can be used to determine whether a subject has access to a given object. The model can suit for applications consisting of static and dynamic objects, where both access purpose and intended purpose are needed for consideration before granting access.

Huang Lanying,Xiong Zenggang,Zhang Xuemin,Wang Guangwei,Ye Conghuan

DOI: https://doi.org/10.2174/1874110x01509010669

2015-01-01

The Open Cybernetics & Systemics Journal

Abstract:With the emergence of the era of big data, big data not only helps production, it also exposes us to uncertain risks.How to ensure a secure and private big data against current technical conditions is an urgent issue subject to answer.Facing the challenges of subscriber privacy protection and access control and others, the paper mainly studied the Role-Based Access Control (RBAC) and analyzed the demand for data item control from the point of view of data security and privacy protection and then established an access control model based on data item to achieve multiple control of the data item in the interface based on roles when various subscribers operate the same function.The practical application further proved its value.