Lin Yao,Xiangwei Kong,Zichuan Xu

DOI: https://doi.org/10.1109/NCM.2008.75

2008-01-01

Abstract:Although RBAC models have received broad support as a generalized approach to access control, the administration of roles in large organizations can become quite cumbersome. In this paper, we develop a new paradigm for access control and authorization management, called task-role based access control (TRBAC) with multi-constraint. The basic idea of this model different from traditional RBAC is that roles and permissions are not connected directly but are put together by tasks. It is a dynamic authorization model with fine-grained partition on users, roles, tasks and sessions. The unit of task becomes the permission granularity. It is more convenient for enterprise privilege management such as distributed application,C/S access control and workflow management. It can reduce the administrator's burden and avoid some potential safety hazards because of adopted dynamic authorization.

Xiyuan Chen,Miaoliang Zhu

DOI: https://doi.org/10.4028/www.scientific.net/kem.439-440.178

2010-01-01

Abstract:Semantic; Trust Management; RBAC; User-role Assignment Abstract. The application of RBAC in access management of the enterprise services and resources is very widely. With phenomenal growth of information interaction and cooperation between distributed systems, the number of users can be in the hundreds of thousands or millions. This renders manual user-to-role assignment a formidable task. In this paper, we propose a semantic and trust based framework to automatically assign users to roles based on a finite set of assignment rules defined by authorized people in the enterprise. These rules take into consideration the attributes users own and any constraints set forth by the enterprise including the assignment history and the credit of the requester. We choose OWL to specify the user attributes.

JIANG Jie,ZHANG Jie,CHEN De-ren

DOI: https://doi.org/10.3785/j.issn.1008-973x.2009.09.011

2009-01-01

Abstract:An extended context-aware role based access control(RBAC) based on reasoning(RC-RBAC) model was proposed by integrating the single context-aware RBAC and reasoning-based RBAC in order to solve the problems of the Absence of the adjustment and generation of the context-aware condition dynamically and the incapacity of updating the user authorization according to the adjusted constrain conditions in the existing RBAC.The extended model used the rule reasoning to adjust and generate the context constrains dynamically and start the common sensors and the self-defined sensors to collect the attribute values of the conditions.The access permission to the sensitive data was updated in real time based on the context-aware logic reasoning using the user rules and permission rules.The application results show that the extended RC-RBAC model can be employed in the distributed environment to satisfy the need of the dynamic authorization and reduce the real-time access control management complexity.

Fujun Feng,Chuang Lin,Dongsheng Peng,Junshan Li

DOI: https://doi.org/10.1109/HPCC.2008.37

2008-01-01

Abstract:In order to overcome the limitations in traditional access control models such as identity-based access control and meet the access requirements in distributed systems, we propose a Trust and Context based Access Control model called TCAC, it extends the traditional RBAC (role based access control) model with the notion of trust and context. Role assignment in TCAC is based on the trustworthiness and context information of users. The TCAC model is flexible, scalable, and well suitable for the dynamic and distributed systems. Then we provide a trust evaluation mechanism based on the local and global reputation to compute the trust value of a user in distributed system, which can avoid malicious nodes behave correctly in order to get the highest possible trust value. Finally an implementation framework of the access control system based on TCAC is described.

Lu Chen,Qing Zhou,Gaofeng Huang,Liqiang Zhang

DOI: https://doi.org/10.1109/CIS.2014.47

2014-01-01

Abstract:Resource sharing is one of the main applications of network. How to establish a trust relationship between resources requestor and provider, and enforce authority is the key issue of efficient resource sharing. Existing models and methods are mostly focus on identity, recommendation and other information, but lack of the considering of resource requestor's conduct and environment of computing. And once authorized, it will not be able to track and control user behavior dynamically. It may cause more risks when sharing resources. Aiming to resolve the above problems, a trust-role based context aware access control model is proposed relying on the measurement and verification of the \"trust credentials and evidences\" which embody the context information of user behavior and platform environment to achieve the security, dependable and dynamic access control for resource sharing.

Fujun Feng,Chuang Lin,Junshan Li

DOI: https://doi.org/10.1109/NSWCTC.2009.405

2009-01-01

Abstract:Trustworthy network is the inevitable trend in the development of high trusted computing and Internet. It is beyond the traditional information security including confidentiality, integrity and availability, but on the survivability and controllability. Trustworthiness of users on identity and behaviors is very important for trustworthy network, which can be realized by access control technology. Firstly, we discuss the security requirements of access control in trustworthy network. Then we propose a Trust and Context based Access Control (TCAC) model, and describe the core, hierarchical and constrained TCAC in detail. Finally, a trust evaluation mechanism is presented.

Ran Yang,Chuang Lin,Yixin Jiang,Xiaowen Chu

DOI: https://doi.org/10.1109/icc.2011.5963329

2011-01-01

Communications

Abstract:The rapid development of applications running on global information infrastructure poses the problem of securing information sharing among domain collaborations. Existing access control models are defective in dynamic authorization based on user's trustworthiness and do not take full advantages of the infrastructure in implementing access control system. In this work, we propose a trust and role based access control model and the corresponding framework in infrastructure-centric environment. With the extension to RBAC model, trust level requirements, which dictate that the roles in the privilege context must be activated by the trustworthy user, can be specified. The comprehensive trust model, which calculates the user's trust level in multiple trust contexts based on behavior histories, is proposed. Moreover, by taking advantages of the infrastructure services, our scheme is flexible and scalable in that system administrators are free to choose custom scoring functions while the infrastructure trust evaluation services are relieved of the heavy burdens of history record maintenance and trust level update.

DENG Wen-yang,ZHOU Zhou-yi,LIN Si-ming,LIU Jin-gang

DOI: https://doi.org/10.3969/j.issn.1000-3428.2013.02.023

2013-01-01

Abstract:In open environment,the user nodes and resource nodes are variable,and it is almost impossible to check their priorities to access different kind of resources in the system in which the traditional Role Based Access Control(RBAC) model is adapted.To simplify the access control and standardize security strategy in open system,a flexible RBAC model based on trust degree is proposed.It uses the evaluation between the user node and resource node to calculate they direct trust,and employs the evaluation among the resource nodes to get the recommended trust of the resource nodes.Using the two trust values,together with the session history of user nodes and resource nodes,the system assigns the roles as well as its corresponding priorities for the user node flexibly.It adopts the Additive-increase,Multiplicative-decrease(AIMD) algorithm,which is widely used in TCP congestion control algorithm,in the trust evaluation to punish the node with malicious behaviors.

TIAN Li-qin,JI Tie-guo,LIN Chuang,YIANG Yiang

DOI: https://doi.org/10.3778/j.issn.1002-8331.2008.19.004

2008-01-01

Abstract:The paper establishes a user behaviour trust and Role-Based Access Control(RBAC) model,which introduces the attribute concept and adds the user behaviour trust degree set on the basis of RBAC model.The detailed description and the authorization flow are given in the article.At last the model is analyzed from the dynamic performance and trust mechanism and role numbers and work performance.The new access control achieves the dynamic authorization by the dynamic assignment of role attributes and achieves the connection identity trust with behavior trust by setting the trust degree as an obligatory attribute,which changes the static authorization only based the identity of existing access control models.The model can reduce the role number by setting the attributes for the role,which can lighten the role management burden caused by the large number roles and improve the performance at the same time.

LI Bo,HUANG Dong-jun

DOI: https://doi.org/10.3969/j.issn.1006-8937-B.2006.04.001

2006-01-01

Abstract:The paper analyzes and compares several primary ways to distribute privileges during the current design process of access system such as Discretionary Access Control(DAC), Mandatory Access Control (MAC) and Role-Based Access Control (RBAC), points out their respective characteristics and limitations of their applicability. By taking the new characteristics of modern enterprise management into consideration and combining with the existing access control model, the authors discuss the access control technology of the multi-users information system, present and realize the security control model based on role level, department level and user level in the application. Practical application makes clear that it enhances the security and maintainability of information system.

Wenan TAN -,Yicheng XU -,Ting ZHANG -,Xiang WEN -,Linshan Cui -,Chuanqun JIANG -

DOI: https://doi.org/10.4156/jdcta.vol5.issue7.16

2011-01-01

International Journal of Digital Content Technology and its Applications

Abstract:Currently, the security issues of Web services are hot area in information system (IS). This research mainly discusses the key technologies of information access control focusing on following works: After analyzing the dynamic characteristic of application nature for Web services, a Dynamic Role-Based Access Control using Context and Trust model (abbreviated as CT-DRBAC) for Web services is proposed. During Web services, both the subject of invoking request and object of providing service resources are dynamic nature. So, access policies are needed to consider the dynamic nature. The proposed model has been developed and the authorization framework is discussed detail. In order to implement the dynamic trust management mechanism, a dynamic user role authorization algorithm which considers the user lifecycle contexts in the open systems is proposed and designed to meet the dynamic characteristic of subject and object effectively, and achieve intelligent and scientific user role assignments. The proposed access control module can be used in intelligent information systems to grant dynamically roles to users according to the current context.

Xu Jing,Zhengnan Liu,Shuqin Li,Bin Qiao,Gexu Tan

DOI: https://doi.org/10.1007/s13198-015-0411-1

2015-12-22

International Journal of System Assurance Engineering and Management

Abstract:In traditional role-based access control (RBAC) model, the permission is bound with identity statically, without being dynamically adjusted by user behavior. Cloud users distribute widely and constitute complex and have legitimate identity whose behavior may be incredible, but any attack is achieved through malicious behavior. The cloud-user behavior assessment based dynamic access control model was proposed by introducing user behavior risk value, user trust degree and other factors into RBAC. First, the times of threat behavior was introduced into the information security risk equation to improve the accuracy of user behavior risk value. Then, both the times of threat behavior and the uneven interval of risk threshold were introduced the trust model based on behavior risk evolution to improve the accuracy of user trust degree. Finally, the dynamic authorization was achieved by mapping trust level and permissions. By the simulation experiment in a small campus cloud system, it can be shown that the change of user behavior risk value and user trust degree is more rational under different times and frequencies of threat behavior, and dynamic authorization is flexible by mapping the risk level and the user permissions.

Xiaobing Liu,Zhaoyang Bai

2008-01-01

Abstract:Sensitive information is one of core competence concerning with the development of the enterprise business. Tremendous pressure on today's enterprises to achieve and sustain competitive advantage has led to heightened efforts to protect sensitive information. Many enterprises have recognized that the key to sensitive information management improvement lies in the better access control model. In this paper, we present a boundary-based access control model incorporating an advanced security mechanism, in order to support fine-grained authorizations in the right time for the provision of services, based on the analysis of system boundary. In this model, access permissions are controlled by the state transitions at different layers including workflow layers, control layers and data layers. The access control mechanism is based on an RBAC model, which incorporates dynamic context information. Context is classified based on the analysis of system boundary into six main categories, which is further categorized as simple condition and composite condition, thus forming a multi-level context. In a multi-level hierarchy of context conditions, the access control model is implemented dynamically, by checking the context constraint associated with each access task at the time of the specific request submission, whose functionality and the constituent parts have been described formally and in detail.

CUI Yong-rui,LI Ming-chu,HU Hong-gang,REN Yi-zhi

DOI: https://doi.org/10.3969/j.issn.1002-137X.2008.12.021

2008-01-01

Computer Science

Abstract:The existing access control models for grid virtual organization(VO) have some faults as follows:First,most of them cannot express contextual access control policies which are important in the grid environment.Second,they bring heavy administration burden at the side of resource providers.Finally,trustworthiness between VO members is not described in these models which do not accord with facts.To overcome these limitations,provided a trustworthiness-based access control model for virtual organizations,called TwBAC model.It can express contextual access control policies,and offer the similar abstraction for resource objects as roles for subjects.Besides,expressed the trust relationship of VO members accurately by using trustworthiness,which can also be used to control the depth of delegation.Presented the model,administration model and an application case.

姚全营,姚淑珍,黄河,谭火彬

DOI: https://doi.org/10.13700/j.bh.1001-5965.2011.07.010

2011-01-01

Abstract:Role based access control（RBAC） mainly depend on role given by the theme to achieve the protection of natural resources.In the control of the permissions,execution context,how the customs organize and manage were not taken into account.In order to adapt dynamic requirements of the application environment and to make the management of customs more convienent,RGBACC model was put forward.RGBACC model add ＂context-aware＂and ＂user group management＂ to RBAC model.The context information ralated security from application environment was obtained to dynamically change the user＇s permission.To the customs who have the same function,RGBACC model can manage them unifiedly,at the same time,it maintain the advantagement of traditional RBAC model.

ZHONG Jiang,HOU Su-juan

DOI: https://doi.org/10.3724/sp.j.1087.2010.02632

2010-01-01

Journal of Computer Applications

Abstract:Concerning the limitations of the application of traditional access control model in new generation credible Internet environment,such as the inefficiency in user-role assignment and the difficulty in cross-domain access control,a universal attribute-based access control framework was proposed.It took a unified method to dispose the attributes of users,resources,operations and running context,simplified the complex way of permissions determination in traditional RBAC and other access control modes,thus enhancing the versatility and flexibility of access control system.At the same time,authentication based on attribute certificates was applied in cross-domain access,policy evaluation and evaluation algorithm were also discussed,which could dynamically realize resource management and access control for users from different domains.In addition,the mechanism of the running context makes the framework more suitable to be applied in complex and dynamic Internet environment.

Yan Li,Jinqiang Ren,Huiping Sun,Haining Luo,Zhong Chen

DOI: https://doi.org/10.1007/978-3-642-10240-0_8

2009-01-01

Abstract:With development of grid technology, sensitive data protection becomes a difficult task for accesses from heterogeneous domains. Moreover, anonymity and unknown peers worsen security problems. Traditional access control mechanisms are not suitable to distributed environment. Several models and mechanisms make use of trust evaluation to assist access control decision. But few explicitly consider trust and risk as two separate factors which affect interactions between peers. In this paper, we present an access control mechanism which considers both trust and risk as two vital parameters. We also introduce static game model with incomplete information to analyze the optimal decision. In addition, a new model of trust evaluation is proposed to represent the confidence in the peer. To appease people's anxiety about loss, a model of risk assessment is also presented to indicate impacts on resources. At the end of this paper, to describe how our mechanism works, a scenario is provided.

XIA Peng-wan,CHEN Rong-guo,SUN Jian

2007-01-01

Abstract:The traditional role based access control model (RBAC) can not avoid some security flaws, because the components and the constraints of the model are too simple. Based on the traditional RBAC, a enhanced RBAC model (ERBAC) was brought forward, which expanded the components and the constraints. Besides, this new model features the separated administrative permissions, complete constraints and better utility.

OU Wei,WANG Yong-jun,HAN Wen-bao

DOI: https://doi.org/10.3969/j.issn.1007-130X.2013.05.008

2013-01-01

Abstract:Traditional authorization and authentication solves the problem of trust of user identify , but not solves the problem of trust of user behavior.Therefore , the paper proposed a new trustworthy model based on user behavior so as to meet the needs of security systems.In this model , users of network service are regarded as subjects , and files and data in computer are regarded as objects.Different subjects and objects are assigned to different levels of confidentiality and integrity.A user'service request on system is mapped into the access from a subject to an object.In this model , security attributes and security strategies and rules used to restrict users'behavior are all defined.Hence , a security and trustworthy computer system is made up.

Luyang Zhang,Ruonan Rao

DOI: https://doi.org/10.1109/DBTA.2010.5659024

2010-01-01

Abstract:In open pervasive computing environment, various devices and applications are frequently changeable. It is hard to authenticate strange entities for lack of centralized management authority. In order to solve access control problem in open pervasive environment, a trust based access control framework is introduced in this paper, and a corresponding prototype system is designed, implemented and integrated into R-OSGi, which is a widely used middleware in pervasive environment. The system is based on sunxacml and employs Pervasive Trust Management Model as well as XACML based access control policy, supports dynamic trust degree evaluation and trust degree based decision-making for authorization.