Lin Yao,Xiangwei Kong,Zichuan Xu

DOI: https://doi.org/10.1109/NCM.2008.75

2008-01-01

Abstract:Although RBAC models have received broad support as a generalized approach to access control, the administration of roles in large organizations can become quite cumbersome. In this paper, we develop a new paradigm for access control and authorization management, called task-role based access control (TRBAC) with multi-constraint. The basic idea of this model different from traditional RBAC is that roles and permissions are not connected directly but are put together by tasks. It is a dynamic authorization model with fine-grained partition on users, roles, tasks and sessions. The unit of task becomes the permission granularity. It is more convenient for enterprise privilege management such as distributed application,C/S access control and workflow management. It can reduce the administrator's burden and avoid some potential safety hazards because of adopted dynamic authorization.

Chunhua Gu,Xueqin Zhang

DOI: https://doi.org/10.1109/isecs.2009.78

2009-01-01

Abstract:Virtual enterprise is a temporary alliance of enterprises that come together to share skills, core competencies or resources. The members in virtual enterprise need to collaborate in a distributed, dynamic, open and heterogeneous environment. Traditional Access control mechanisms, which serve the single enterprises, are not suitable for virtual enterprise. By incorporating task delegation, trust management and cryptography technology, we proposed a virtual enterprise oriented Access Control (VEOAC) mechanism. In VEOAC, a source of authority VECA is introduced and all member enterprises have their own access control system and they trust that source of authority. Using delegation logic the private access control rules are securely enforced. VEOAC can protect the resource of each member in virtual enterprise more efficiently.

XL Li,ZW Xu,XW Liu,N Yang

DOI: https://doi.org/10.1109/wi.2003.1241240

2003-01-01

Abstract:It is a challenge to integrate and share resources securely across multiple autonomous administrative domains environment. We introduce the community-based model of vega enterprise information grid and its operation mechanism. The individuals and/or institutes forming different communities can not only implement diverse policies and autonomous management of resource sharing without any impact on the other communities, but also achieve a globally shared goal. Based on the model, the access control technique, including framework and uniform formalizing, is presented in detail. The static or dynamic role binding is used for entitling user's request for accessing resources within or across communities, which ensures a globally unified view for user. A prototype describes how these techniques are useful in building an enterprise information grid. The evaluation and future continuing works are presented in the conclusion.

GAO Xiao-wu,GU Chun-hua,CHEN De-qing

DOI: https://doi.org/10.3969/j.issn.1000-7024.2007.12.012

2007-01-01

Abstract:Access control is one of the most difficult topics in the area of virtual enterprise.Based on the current research results of access control technology,VE-SAML model is proposed for the typical requirements of enterprise collaboration and seamless access among vir-tual enterprise.Because of using the XML form,the model is maintained and extended easily,and is used to realize the user management of VE.

ZHANG Shuai,SUN Jian-ling,XU Bin,HUANG Chao

DOI: https://doi.org/10.3785/j.issn.1008-973X.2012.11.015

2012-01-01

Abstract:A dynamic multiple domains access control model base on role based access control(RBAC) was proposed in order to solve the problem that current single domain based access control model cannot fulfill the authorization requirements for service compositions crossing multiple enterprises.The process structures were analyzed and a role mining algorithm was proposed to find the role set with minimized permissions that meet the access requirements of composite services.Authorization negotiations were set up among relevant domains for each cross domain operation in composite services and cross domain role mappings were built according the mined role sets with minimized cost to fulfill the cross domain operations.Based on this model,a runtime framework aligned with current industry standard was proposed to authorize dynamically based on the current running status of composite services.Simulation experiments showed the effectiveness of key part of the role mining algorithm.

Di Wu,Xiyuan Chen,Jian Lin,Miaoliang Zhu

DOI: https://doi.org/10.1007/11836025_19

2006-01-01

Abstract:Today, the formulation, specification, and verification of adequate data protection policies in open distributed environment appear as the main challenge to address concerning authorization Role-based access control models have attracted considerable research interest in recent years due to their innate ability to model organizational structure and their potential to reduce administrative overheads This paper proposes ontology specification to describe Role-based Access Control model and extend it with a general context expression Based on these definitions, the specification for interoperation in distributed environment is introduced The works include a definition of ontology to describe the concepts and a declaration of rules to explicit the relationship between concepts The ontology based approach can express security policy with semantic information and provide a machine interpretation for descriptions of policy in open distributed environment.

Xu Guangwei,Yin Jianwei,CHEN Gang,Dong Jinxiang

DOI: https://doi.org/10.3969/j.issn.1000-3428.2005.09.026

2005-01-01

Abstract:Current RBAC models have gained general recognition, but the realization of traditional RBAC is divorced from the organizational structure of enterprises, and the tight coincidence of authentication modules and applications causes troubles to maintenance and realization of the system. A principal-based authentication , authorization model and algorithm are introduced and they are based on the realized RBAC models, as well as a J2EE-based realization is presented.

HU Ying-song,CHEN Gang,ZHU A-ke,CHEN Zhong-xin

2006-01-01

Abstract:A new access control model based on roles and departments is proposed,which extends the traditional RBAC model. The new model abstracts the department from the property of roles,and becomes an important factor of permission control. Furthermore,this paper designs a three-layered architecture for this cross-platform security administration and one of the access control policies is described in detail.

Wang Zhenjiang,Liu Qiang

DOI: https://doi.org/10.3321/j.issn:1002-8331.2005.35.009

2005-01-01

Abstract:Authority Management is a most important aspect of Information Systems.A successful information system is always supported by a well-designed access control system.Role-based access control policy,which is the focus of access control study nowadays,is more flexible and less management burden.Based on Role-Based Access Control(RBAC) and Task-Role-based Access Control,this paper gives a flexible extended access contrl models,XRBAC,standing for Extended Role-Based Access Control,which extends the definition of role management and authority.

Chunhua Gu,Jing Gu,Xueqin Zhang

2006-01-01

Abstract:Virtual enterprise is a kind of distributed environment in which the members need to dynamically collaborate each other. An access model is essential in order to control the access to shared resources among member enterprises in a virtual enterprise. We researched the existing traditional access models, which serve the single enterprise and collaborative environments. By incorporating trust management with layer based access control (LBAC) and task based access control (TBAC), we put forward a Task Delegation-based Access Model (TDBAM). In TDBAM, member enterprises are connected by task assignments. Using delegation logic the inter-organizational control rules are enforced among member enterprises. Thus we can protect the resources of each enterprise in distributed environment efficiently and flexibly. And the needs of access control among enterprises are met.

LI Lingfeng,TAN Jianrong,QI Guoning,JIAN Zhengfeng

DOI: https://doi.org/10.3321/j.issn:1004-132x.2001.z1.044

2001-01-01

Abstract:Part information online access system facilitates the members of a virtual enterprise to share data agilely and instantaneously. This paper presents the architecture that support sharing data and service between departments in an enterprise, or between enterprises. The components, such as data maintenance, publishing, search, presentation, user management, administration of the part information online access system are introduced. The part classification method, the data model for part information, the user scenario and the supplier scenario are described.

Cuiyu Fu,Aiping Li,Liyun Xu

DOI: https://doi.org/10.1109/ICIME.2010.5477976

2010-01-01

Abstract:This paper proposes a hierarchical and dynamic security access control we call RTBAC (role and task-based access control) model for cooperation in a virtual enterprise. A multi-level privilege model is developed to simplify the process of permission definition and assignment for enriching the expression ability and helping to realize fine-gained access control. Role hierarchy and the task stat migration are brought into RTBAC for dynamic authorization management. Based on the practice, RTBAC model is more efficient to control collaborative operations. It meets the characters of design tasks. Different designers with different roles in different tasks have multi-level privileges to the components; the designers see only the data they are allowed to see, at the level of detail they are permitted to see it, which avoids the shortcoming of "all-or-nothing" permissions. © 2010 IEEE.

YANG Liu,WEI Ren-yong,CHEN Chua-nbo

DOI: https://doi.org/10.3969/j.issn.1007-130x.2006.09.042

2006-01-01

Abstract:By analysing the Role-Based Access Control model and the characteristics of the modern enterprise management,the article presents an extended role-based access control model,which integrates the authorization of users and roles,and introduces its effective application and implementation in a large-scale system.

XIA Peng-wan,CHEN Rong-guo,SUN Jian

2007-01-01

Abstract:The traditional role based access control model (RBAC) can not avoid some security flaws, because the components and the constraints of the model are too simple. Based on the traditional RBAC, a enhanced RBAC model (ERBAC) was brought forward, which expanded the components and the constraints. Besides, this new model features the separated administrative permissions, complete constraints and better utility.

BAO Zhigang,HU Yanjun,GU Xinjian

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.01.059

2006-01-01

Abstract:Firstly making reference to role based access control(RBAC)model,this paper proposes the basic idea about access control.Then it introduces database design of two realizing methods about access control and two methods’ realization in program,it also presents visual effect.Finally it analyzes and compares one to another in detail from two aspects of applicability and reusability.

曾岫,彭宏,左国威

DOI: https://doi.org/10.3969/j.issn.1007-1423-b.2008.10.002

2008-01-01

Abstract:Proposes a new role-based access control model on the basis of analysing the tradi-tional RBAC model.The model can efficiently overcome the shortcoming of the traditional model.It can decrease the complexity of authorization management and expense of manage-ment,and provides a better e-Environment for managements to realize security strategies.

LIAO Er-chong,XU Xiao-fei,LIU Xu-dong,ZHAN De-chen

DOI: https://doi.org/10.16208/j.issn1000-7024.2008.18.054

2008-01-01

Abstract:The traditional RBAC model has two disadvantages,the permission-control is a little coarse and is not enough convenient for further software reuse.To resolve these problems,an extended RBAC model is put forward.The ranks of permission is refined and the process of permission-control with meta-data is described.The model can implement dynamic configuration of permission,and improve software reusability.The modelhas been applied to a software project in an enterprise,which proves that itis one correct and effective model.

Xiaobing Liu,Zhaoyang Bai

2008-01-01

Abstract:Sensitive information is one of core competence concerning with the development of the enterprise business. Tremendous pressure on today's enterprises to achieve and sustain competitive advantage has led to heightened efforts to protect sensitive information. Many enterprises have recognized that the key to sensitive information management improvement lies in the better access control model. In this paper, we present a boundary-based access control model incorporating an advanced security mechanism, in order to support fine-grained authorizations in the right time for the provision of services, based on the analysis of system boundary. In this model, access permissions are controlled by the state transitions at different layers including workflow layers, control layers and data layers. The access control mechanism is based on an RBAC model, which incorporates dynamic context information. Context is classified based on the analysis of system boundary into six main categories, which is further categorized as simple condition and composite condition, thus forming a multi-level context. In a multi-level hierarchy of context conditions, the access control model is implemented dynamically, by checking the context constraint associated with each access task at the time of the specific request submission, whose functionality and the constituent parts have been described formally and in detail.

闫季鸿,王帅,蒋文蓉,李硕

DOI: https://doi.org/10.3969/j.issn.1001-4543.2008.02.005

2008-01-01

Abstract:This paper makes a common application proposal of RBAC in web services on the research of the kernel techniques on RBAC,WebServices and XACML.It may provide access control for enterprises.This proposal describes its access control policy by the XACML and provides services in accordance with RBAC standard and Web Services.Finally,the performance is experimented and the result shows the developing efficiency and software quality can be greatly improved.

Deqing Zou,Ligang He,Hai Jin,Xueguang Chen

DOI: https://doi.org/10.1016/j.jnca.2008.02.015

IF: 7.574

2009-01-01

Journal of Network and Computer Applications

Abstract:Interactions between resources as well as services are one of the fundamental characteristics in the distributed multi-application environments. In such environments, attribute-based access control (ABAC) mechanisms are gaining in popularity while the role-based access control (RBAC) mechanism is widely accepted as a general mechanism for authorization management. This paper proposes a new access control model, CRBAC, which aims to combine the advantages of RBAC and ABAC, and integrates all kinds of constraints into the RBAC model. Unlike other work in this area, which only incorporates one or a few particular attribute constraints into RBAC, this paper analyses and abstracts the generic properties of the attribute constraints imposed on authorization systems. Based on these analyses and generalization, two constraints templates are presented, called authorization mapping constraint template and behaviour constraint template. The former template is able to automate the user-role and role-permission mapping, while the latter is used to restrict the behaviours of the authorization entities. The attribute constraints are classified into these two templates. Moreover, the state mechanism is introduced to build up the constraints among the statuses of the entities, and reflect the outcomes of the authorization control as well. Based on the presented templates and the state mechanism, the execution model is developed. A use case is proposed to show the authorization process of our proposed model. The extensive analyses are conducted to show its multi-grained constraints by comparing with other models.