曾璎珞,潘雪增,陈健

DOI: https://doi.org/10.3969/j.issn.1000-3428.2010.10.052

2010-01-01

Abstract:This paper proposes a dynamic security access control model based on system reliability,so as to improve the flexibility of combination among multiple security access control strategies,and to ensure system security and practicality.The model can choose the proper kind of combination among the security access control strategies dynamically in order to deal with different system states and improve the whole system performance.Experimental results prove that this model makes the multiple strategies control more flexible,ensures the system security,and improves practicality of the system.

Xuezeng Pan

DOI: https://doi.org/10.3785/j.issn.1008-973x.2009.08.005

2009-01-01

Abstract:To resolve the problem that the simple combination of BLP and Biba models will lead to poor availability,a confidentiality and integrity dynamic union model based on multi-level security(MLS) policy was presented.The two dimensions of secure model are composed of confidentiality and integrity,on which the security label is separated into write privilege range and read privilege range respectively,whereupon subject's access range is adjusted dynamically according to the security label of related objects and the history situation of the subject's access,improving the agility and practicability of the model.The formal definition of this model was given,and the security was also analyzed with proof.Finally,examples were illuminated to show the effectiveness and usability of this model.

高亮,张斌,蔡力钢,刘向军

DOI: https://doi.org/10.3969/j.issn.1001-3695.2004.08.035

2004-01-01

Abstract:Effective control of access for resource is key to make users work collaboratively.It is also important to ensure information security.Having analyzed traditional access control technologies,a new access control model,eXtensible Access Control Model (XACM),is proposed in this paper.An extensible access control system based on XACM is successfully implemented for control of access to information in Tongda Group's workflow-based office automation system.It proves the characteristics of XACM such as flexibility and generalization.

TANG Cheng-hua,HU Chang-zhen

DOI: https://doi.org/10.3969/j.issn.1001-3695.2006.10.046

2006-01-01

Abstract:By analyzing the features of traditional access control models and relative implementation mechanism,puts forward an XACML access control model based on AC and its realizing methods.The security of this model is also analyzed.

Xiaobing Liu,Zhaoyang Bai

2008-01-01

Abstract:Sensitive information is one of core competence concerning with the development of the enterprise business. Tremendous pressure on today's enterprises to achieve and sustain competitive advantage has led to heightened efforts to protect sensitive information. Many enterprises have recognized that the key to sensitive information management improvement lies in the better access control model. In this paper, we present a boundary-based access control model incorporating an advanced security mechanism, in order to support fine-grained authorizations in the right time for the provision of services, based on the analysis of system boundary. In this model, access permissions are controlled by the state transitions at different layers including workflow layers, control layers and data layers. The access control mechanism is based on an RBAC model, which incorporates dynamic context information. Context is classified based on the analysis of system boundary into six main categories, which is further categorized as simple condition and composite condition, thus forming a multi-level context. In a multi-level hierarchy of context conditions, the access control model is implemented dynamically, by checking the context constraint associated with each access task at the time of the specific request submission, whose functionality and the constituent parts have been described formally and in detail.

Tao Peng,Jiang Minghua,Hu Ming

2008-01-01

Abstract:Nowaday, the status of XML as a standard for storing and exchanging data in Internet and XML documents is becoming a de facto standard for storing and exchanging information. So, access control of XML documents is a key in network environment. In this paper, we propose an approach that exploits the semantics associated with subject and information in XML documents to facilitate automatic access control policies while resource sharing occurs among coalition members. Our approach relies on identifying the necessary attributes required by users to gain access to specific XML documents information. Specifically, it consists of extracting user attribute sets that semantically mach with the attributes of the information in XML documents. This relies on a closer examination of why a user is assigned a specific role.

刘尊,安喜锋,李伟华

DOI: https://doi.org/10.3778/j.issn.1002-8331.2009.14.030

2009-01-01

Abstract:This paper gives a multilevel security model based on dynamic security level named Dynamic Multilevel Security (DMLS) model.DMLS uses a couple of dynamic security levels of highest inflow and lowest outflow to replace the current security level of BLP model.With these dynamic security levels,DMLS can control the access of subjects to objects flexibly.In order to use the dynamic security level,DMLS makes a corresponding changes to the five of eleven rules of classic BLP model and the model is proved to be correct through formal methods.At last an application of DMLS to enhance security of linux is given.

袁平鹏,陈刚,董金祥

DOI: https://doi.org/10.3321/j.issn:1003-9775.2004.04.006

2004-01-01

Abstract:An access control paradigm composed of basic model and role model is proposed for collaborative applications. Basic model specifies the relationship among privileges and the way of ranking privileges. It relates privilege with operations on the objects, so the model appears more straightforward. Moreover, if Brokers' implementation permits, the model can support any grained access control. Role model re-defines the role concept of RBAC96, divides the permissions of role into public permissions, protect permissions and private permissions. It allows user to define roles more flexibly, prevents private permissions of roles from being inherited and reduces the definition of ancillary roles.

程剑豪,蒋兴浩,孙锬锋,周晓军

DOI: https://doi.org/10.3969/j.issn.1009-8054.2009.04.025

2009-01-01

Abstract:Based on analyzing current models and technologies in access control domain, it is found that most of the access control systems in use implement authorization only by user identity. When the network environment turns into insecurity, the system is unable to change its policy to handle such situation by itself. So in this paper, a new architecture of access control is proposed, which determines customers' privileges by multi-decision and dynamic management. A detailed design of multi-decision and dynamic management pattern is given and then the description of key modules and database is followed. This architecture provides a solution to the problem mentioned above and new thoughts in access control.

LI Bo,HUANG Dong-jun

DOI: https://doi.org/10.3969/j.issn.1006-8937-B.2006.04.001

2006-01-01

Abstract:The paper analyzes and compares several primary ways to distribute privileges during the current design process of access system such as Discretionary Access Control(DAC), Mandatory Access Control (MAC) and Role-Based Access Control (RBAC), points out their respective characteristics and limitations of their applicability. By taking the new characteristics of modern enterprise management into consideration and combining with the existing access control model, the authors discuss the access control technology of the multi-users information system, present and realize the security control model based on role level, department level and user level in the application. Practical application makes clear that it enhances the security and maintainability of information system.

Gao Yanyu,Li Shenghong,Xue zhi

DOI: https://doi.org/10.3969/j.issn.1009-8054.2006.03.022

2006-01-01

Abstract:This paper gives an improved model of "Role Based Access Control System Integrating Rating". The new model has advantages of both Role-based logic and Rating logic, and it implements the standardization and unification of policy management and access validation by the introduction of XACML, therefore, it implements the perfect integration of two logic on the basis of role definition.

CHEN Chuan-bo,XIONG Fei

DOI: https://doi.org/10.3969/j.issn.1007-130x.2005.07.003

2005-01-01

Abstract:Access control is an important protection mechanism for information systems, an access control matrix grants subject access right to objects. This paper proposes the role concept, discusses the dynamic access control of role-based workflow status, and describes and analyses the formal model. In the end, we present a workflow-net instance to show that the mechanism can not only low the hazard of nonauthorized access and data misuse, but also provide a certain assurance for the privilege management in workflow management systems.

Ran Yang,Chuang Lin,Fujun Feng

DOI: https://doi.org/10.4304/jcp.4.6.510-518

2009-01-01

Journal of Computers

Abstract:Access control is one of the most important technologies to guarantee computer security. A new model with support for valid time and usage constraint is described based on full analysis of flaws in existing models. In the new model, authorization rules can express access control policies completely and access constraints are necessary conditions to prevent authorization abuse. To solve the problems in implementation of the model, a sound scheme for administration of authorizations is proposed and some access decision algorithms are developed.

Xin Pei,Huiqun Yu,Guisheng Fan

DOI: https://doi.org/10.18293/seke2015-37

2015-01-01

Abstract:One primary challenge of applying access control methods in cloud computing is to ensure data security while supporting access efficiency, particularly when adopting multiple access control policies.Many existing works attempt to propose suitable frameworks and schemes to solve the problems, however, these proposals only satisfy specified use cases.In this paper, we take XACML as the policy language and build up a logical model.Based on this, we introduce the fine-grained data fragment algorithm to optimize the policies, whose resource property represents physical meaningful data blocks.Data are organized in a tree structure, where each leaf node represents a minimal physical meaningful data block, and internal nodes are combined data types.This method can eliminate conflicts and redundancies among rules and policies, thus to refine the policy set and achieve fine-grained access control.Our approach can also be applied to processing multi-types of data, and experiments are carried out to show the improvements of efficiencies.

WU Qian,ZHOU Qing

DOI: https://doi.org/10.3969/j.issn.1000-3428.2012.09.045

2012-01-01

Abstract:In order to ensure the workflow system secure and reliable,this paper introduces three relation elements of Target Case(TC),User Management(UM) and Target(T) in the conventional access control model based on role,designs the dynamic authorization mechanism,and builds a sort of security access model in workflow based on dynamic control mechanism,which ensures the secure running of the model by means of basic constraint relation and dynamic constraint conditions.The model is integrated with workflow engine component to provide the security authorization service for the application of independent security field.Application results show that the model can better separate the dynamic responsibility and reciprocal responsibility,make the binding of dynamic responsibility,and provide technical support for security access of system workflow.

Peisheng Han,Li Guo,Luyao Liu

DOI: https://doi.org/10.1109/eiecs53707.2021.9588053

2021-01-01

Abstract:Aiming at the problem of illegal access in cross domain access control in multi-level system, this paper proposes a D-BLP dynamic cross domain access control model by improving the BLP access control model. The set of secure labels is used to track the information flow in the system to ensure that the information can't be flowed to non-authorized subjects. Finally, the security of the model is proved by using the non-interference theory.

Li Hetian,Liu Yun,He Dequan

DOI: https://doi.org/10.3321/j.issn:1002-8331.2006.09.002

2006-01-01

Abstract:Access control is an important assurance mechanism for the security of information technology systems.It protects the validity access right for information asset by constraining subjects to access to objects in order to assure the confidentiality,integrity and availability of information.As usual the mechanism is realized by static access control matrix which doesn't represent the dynamic characteristic along with task changing.In this paper,a dynamic access control model is described based on the Petri Net rationale.The dynamic model authorizes user role the access control right according to the implementation of different tasks in the system to prevent inappropriate use of information.

Yang Shuxin,Zheng Jian,Wang Jian

DOI: https://doi.org/10.3969/j.issn.1000-386X.2009.02.017

2009-01-01

Abstract:Some existing access control model for workflow systems are limited to tasks execution.It is difficult to satisfy the security requirement for adaptive workflow systems.To solve the problem,operation behaviors of adaptive workflow management systems are analyzed and summarized.Object,user and operation are considered as the main elements for research.Formal description and fine granularity partition about these elements are given.Finally,based on the above work,a role-based access control model and integration with systems are proposed,and relationships among role,user and operation are described.In addition,authorization method is given to guarantee operation security and rationality.The problem of security is solved effectively,and the users' flexible requirements for permission are satisfied.

JeeHyun Hwang,Tao Xie,Vincent C. Hu

DOI: https://doi.org/10.1109/SSIRI.2009.63

2009-01-01

Abstract:Access control mechanisms control which subjects (such as users or processes) have access to which resources. To facilitate managing access control, policy authors increasingly write access control policies in XACML. Access control policies written in XACML could be amenable to multiple-duty-related security leakage, which grants unauthorized access to a user when the user takes multiple duties (e.g., multiple roles in role-based access control policies). To help policy authors detect multiple-duty-related security leakage, we develop a novel framework that analyzes policies and detects cases that potentially cause the leakage. In such cases, a user taking multiple roles (e.g., both r1 and r2) is given a different access decision from the decision given to a user taking an individual role (e.g., r1 and r2, respectively). We conduct experiments on 11 XACML policies and our empirical results show that our framework effectively pinpoints potential multiple-duty-related security leakage for policy authors to inspect.

Guo-yuan LIN,Shan HE,Hao HUANG,Ji-yi WU,Wei CHEN

2012-01-01

Abstract:In view of the current popular cloud computing technology,some security problems were analyzed.Based on BLP(Bell-LaPadula) model and Biba model,using the access control technology based on behavior to dynamic adjusting scope of subject's visit,it put forward the CCACSM ( cloud omputing access control security model).The model not only guarantees the cloud computing environment information privacy and integrity,and makes cloud computing environment with considerable flexibility and practical.At last,it gives the model's part,safety justice and realization process.