Lin Yao,Xiangwei Kong,Zichuan Xu

DOI: https://doi.org/10.1109/NCM.2008.75

2008-01-01

Abstract:Although RBAC models have received broad support as a generalized approach to access control, the administration of roles in large organizations can become quite cumbersome. In this paper, we develop a new paradigm for access control and authorization management, called task-role based access control (TRBAC) with multi-constraint. The basic idea of this model different from traditional RBAC is that roles and permissions are not connected directly but are put together by tasks. It is a dynamic authorization model with fine-grained partition on users, roles, tasks and sessions. The unit of task becomes the permission granularity. It is more convenient for enterprise privilege management such as distributed application,C/S access control and workflow management. It can reduce the administrator's burden and avoid some potential safety hazards because of adopted dynamic authorization.

黄益民,杨子江,平玲娣,潘雪增

DOI: https://doi.org/10.3785/j.issn.1008-973x.2004.04.005

2004-01-01

Abstract:The traditional role-based access control (RBAC) model was extended in this work aimed at studying practical ways to implement access control, enforce security administration, and acquire available information from real world to construct an access control model and establish security policies. A three-layered architecture for role-based security administration was proposed. And a practical way was presented to implement role-based access control and role-based security administration ,so that cross-platform role-based access control is implemented automatically and systematically in the security administration system.

JIANG Jie,ZHANG Jie,CHEN De-ren

DOI: https://doi.org/10.3785/j.issn.1008-973x.2009.09.011

2009-01-01

Abstract:An extended context-aware role based access control(RBAC) based on reasoning(RC-RBAC) model was proposed by integrating the single context-aware RBAC and reasoning-based RBAC in order to solve the problems of the Absence of the adjustment and generation of the context-aware condition dynamically and the incapacity of updating the user authorization according to the adjusted constrain conditions in the existing RBAC.The extended model used the rule reasoning to adjust and generate the context constrains dynamically and start the common sensors and the self-defined sensors to collect the attribute values of the conditions.The access permission to the sensitive data was updated in real time based on the context-aware logic reasoning using the user rules and permission rules.The application results show that the extended RC-RBAC model can be employed in the distributed environment to satisfy the need of the dynamic authorization and reduce the real-time access control management complexity.

Rongbin OUYANG,Yunfeng LIU,Xinzheng LONG

DOI: https://doi.org/10.13705/j.issn.1671-6833.2017.02.004

2017-01-01

Abstract:PRBAC was always implemented to achieve fine-grained access control.This paper analyzed recent research on data permissions,summarized related experiences,and presented a parameter model of PRBAC based on attribute rules.It presented the model' s design,including the rule' s formal form and its components.It also described a general implementation scheme,including the rules' specification,rule' s application time choice,algorithm of the rule' s validation,and some key techniques of the implementation.With the practice on IAAA at PKU,it showed that the model was flexible and the rules' setting was convenient.This paper also pointed out that rules' conflict checking should be implemented in future.

Zhiwen Zou,Changqian Chen,Shiguang Ju,Jiming Chen

DOI: https://doi.org/10.1007/978-3-642-12189-0_26

2010-01-01

Abstract:The Spatial Role-Based Access Control (SRBAC) model was discussed in this paper. Firstly, the formal definition of SRBAC Model was given; then the region coverage constraint of spatial object, duration constraint of spatial object, various spatial object separations of duty constraints and spatial object cardinality constraint of role activation were researched; after extending the traditional session, the strategy of eliminating the conflictive session was presented; Finally, the role hierarchy has been discussed under the spatial environment. Combined with practical application, the theory of secure DBMS was optimized and afforded to build the stricter system.

Xiyuan Chen,Miaoliang Zhu

DOI: https://doi.org/10.4028/www.scientific.net/kem.439-440.178

2010-01-01

Abstract:Semantic; Trust Management; RBAC; User-role Assignment Abstract. The application of RBAC in access management of the enterprise services and resources is very widely. With phenomenal growth of information interaction and cooperation between distributed systems, the number of users can be in the hundreds of thousands or millions. This renders manual user-to-role assignment a formidable task. In this paper, we propose a semantic and trust based framework to automatically assign users to roles based on a finite set of assignment rules defined by authorized people in the enterprise. These rules take into consideration the attributes users own and any constraints set forth by the enterprise including the assignment history and the credit of the requester. We choose OWL to specify the user attributes.

王新胜,熊书明,王新宇

DOI: https://doi.org/10.3778/j.issn.1002-8331.2009.36.028

2009-01-01

Computer Engineering and Applications Journal

Abstract:SARBAC/SARBAC-HH models are dominative in implementation of role hierarchy management by analyzing and comparing several typical role-based access control models.Some issues in role and permission assignment management existed in SARBAC/SARBAC-HH models.In view of these issues,an improved model named WARBAC,based on SARBAC/SARBAC-HH models,is put forward.In the model,the administrative policy of role-permission assignment is redefined and redesigned by resorting to the conception of the organization structure of the ARBAC02 model.Analysis results show that WARBAC is simple in role hierarchy management and is reasonable in complicated role-permission assignment management.

Di Wu,Xiyuan Chen,Jian Lin,Miaoliang Zhu

DOI: https://doi.org/10.1007/11836025_19

2006-01-01

Abstract:Today, the formulation, specification, and verification of adequate data protection policies in open distributed environment appear as the main challenge to address concerning authorization Role-based access control models have attracted considerable research interest in recent years due to their innate ability to model organizational structure and their potential to reduce administrative overheads This paper proposes ontology specification to describe Role-based Access Control model and extend it with a general context expression Based on these definitions, the specification for interoperation in distributed environment is introduced The works include a definition of ontology to describe the concepts and a declaration of rules to explicit the relationship between concepts The ontology based approach can express security policy with semantic information and provide a machine interpretation for descriptions of policy in open distributed environment.

Zhu Yiqun,Li Jianhua,Zhang Quanhai

DOI: https://doi.org/10.3969/j.issn.1000-386X.2008.11.054

2008-01-01

Abstract:In accordance with the increasing customers and the various resource access policies in service-oriented environments,the limi- tation of the related research is anallyzed,and a multi-policy services-oriented attribute-based role-based access control(AB-RBAC) model is proposed.Based on the relationship between the resource attribute and the user attribute in multi-policies,different role groups are defined,and relevant rules are made.User-rde assignment is realized based on a finite set of rules,and the requirement of multiple access policies is satis- fied.The flexibility of access control is enhanced,and the efficiency of the system is improved.A case that uses the AB-RBAC model is de- scribed,and a detailed comparison among several models is made,which clearly shows the advantages of AB-RBAC.

Wang Zhenjiang,Liu Qiang

DOI: https://doi.org/10.3321/j.issn:1002-8331.2005.35.009

2005-01-01

Abstract:Authority Management is a most important aspect of Information Systems.A successful information system is always supported by a well-designed access control system.Role-based access control policy,which is the focus of access control study nowadays,is more flexible and less management burden.Based on Role-Based Access Control(RBAC) and Task-Role-based Access Control,this paper gives a flexible extended access contrl models,XRBAC,standing for Extended Role-Based Access Control,which extends the definition of role management and authority.

王刚,宋执环

DOI: https://doi.org/10.3969/j.issn.1000-3428.2002.09.044

2002-01-01

Abstract:In this paper, the construction of role-based access control is discussed. Aiming at the complexity of the subjects, combined with the particularity of actions and objects in document management, considering the restriction of subject and the state of object, some improvement is made in the original RBAC and a new team-role-based document access control which is named TRBDAC model is presented. ;

QIU Jiong,MA Chen-hua,Yin Jian-wei,Dong Jin-xiang

DOI: https://doi.org/10.1109/CIT.2005.161

2005-01-01

Abstract:RBACAM, a role-based administrative model of RBAC, is proposed in this paper. It simplifies the description of role hierarchies with the definition of role identity code and role derivative information pair group. The concept of role administration domain and role enhanced administration domain is introduced to realize decentralized administration of RBAC. Each role has responsibility far role administration in its own administration domain and enhanced administration domain. A series of conflict checking rules to maintain consistency and the administration of authorization constraints are provided in the model. Administrative algorithms of role hierarchies, user-rote assignments, permission-role assignments and authorization constraints are also described- RBAC AM can be applied in the context of the RBAC96 model without introducing additional entities and relations. The main advantage of RBAC AM is its simplicity, completeness and practicability.

姚立红,李振东,谢立

DOI: https://doi.org/10.3969/j.issn.1002-137X.2002.11.027

2002-01-01

Computer Science

Abstract:The manner of permission management in Role-Based Access Control is similar to the actual one in application fields, and it greatly simplifies system management. How to define and manage hundreds of permissions, roles,users and relations among them ( all are called RBAC special framework in this article)in large systems is one key problem that models for RBAC must resolve. This article studies the management of RBAC special frameworks, takes the management relations among roles into frameworks, and puts forward Management-Enhanced Model for RBAC. Special frameworks created according to this model are very similar to the management structures in application fields, and can manage themselves. This model also supports dynamic maintenance of management formwork while it is working.

SU Jun,XUE Shun-li,LI Zun-chao

DOI: https://doi.org/10.3969/j.issn.1674-649x.2006.02.015

2006-01-01

Abstract:The permission's management of roles hierarchies is discussed based on RBAC,.Designed model of permission hierarchies on relation between subset and superset,which provide the possible to implement management based on hierarchies in enterprises.Roles hierarchies are a security mechanism based on RBAC0,enterprises can using it to create mapping of roles and users's accounting quickly and implement classifications managed within enterprises.The relation of roles hierarchies based on RBAC that can be used to create mapping of roles and users and groups in enterprises.The relations make permissions separate step by step,thus a perfect purpose is acquired.

朱一群,李建华,张全海

DOI: https://doi.org/10.3969/j.issn.1000-3428.2008.13.011

2008-01-01

Abstract:According to the requirements of huge customers and resource’s access policy diversification in distributed service environments and application limitation of access control models, this paper proposes an Attribute And Rule-based Access Control(ARBAC) model for multiple users service mode. It introduces notions of composite attribute expression and composite permission, defines different multiple role groups and makes a finite set of rules to assign user to roles. A case study is given and the model is compared with other models.

Yan Chen,Chao Luo,Can Ying Huang,Shang Ping He

DOI: https://doi.org/10.4028/www.scientific.net/aef.6-7.273

2012-01-01

Advanced Engineering Forum

Abstract:As a key access control mode that multiple characters application system is presently used , RBAC(Role-Based Access Control) can solve the problem of dynamic multi-users and multiple characters excellently, but when facing complicated resource types and business processes, it must be expanding on that basis. The article has put forward and realized a permissions model which can solve complicated resource system and business processes—resource model.

周晓军,蒋兴浩,孙锬锋

DOI: https://doi.org/10.3969/j.issn.1009-8054.2010.04.041

2010-01-01

Abstract:After analyzing the RB-RBAC model, this paper proposes the concept of dynamic role-permission assignment, thus to reduce the complexity in assigning permissions to roles. Multi-decision is also used to improve the RB-RBAC model and increase the flexibility of the authorization rules. Essential elements and their mutual relations are given, and the access control process is also described.

Meisong CAI,Hongming CAI

DOI: https://doi.org/10.3969/j.issn.1671-8844.2006.04.025

2006-01-01

Abstract:The network security polices in terms of users personal,role and temporary attributes are introduced;and then the access and control mechanism for the three security polices are put forward.An adoption of server-pull and LDAP structure is discussed to perform access and control for the enterprise fundamental information platform based on RBAC.The system employs LDAP directory server as the role server and users can obtain required information in certain secure mode(e.g.SSL),so as to implement the relevant RBAC strategy to achieve the access control purpose.The structure's feature is simple and flexible.

LIAO Er-chong,XU Xiao-fei,LIU Xu-dong,ZHAN De-chen

DOI: https://doi.org/10.16208/j.issn1000-7024.2008.18.054

2008-01-01

Abstract:The traditional RBAC model has two disadvantages,the permission-control is a little coarse and is not enough convenient for further software reuse.To resolve these problems,an extended RBAC model is put forward.The ranks of permission is refined and the process of permission-control with meta-data is described.The model can implement dynamic configuration of permission,and improve software reusability.The modelhas been applied to a software project in an enterprise,which proves that itis one correct and effective model.

刘逸敏,王智慧,周皓峰,汪卫

DOI: https://doi.org/10.3778/j.issn.1673-9418.2010.03.004

2010-01-01

Abstract:With the release of the privacy data access guidelines by industries,such as HIPAA and OECD guidelines,the access control of privacy data has recently become a hot research topic in the area of privacy data management.The role-based access control mechanism and view-based access control mechanism in a relational database only support the controls for users'access permissions,but they don't solve the problems of privacyaware access control.The key elements for describing privacy data are the hierarchical structure of data purpose.Several purpose-based access control models presented currently have two shortcomings:The redundancy of privacy policies and the query results not maximized.This paper proposes a novel purpose-based relational database access control model R-PAACEE(privacy-aware access control enforcement engine),which can reduce the redundancy of privacy policies by constructing the concept hierarchy of privacy policies and describing them with ordered tuples.The paper also presents a query-rewritten algorithm for separating the private and non-private attributes,which can maximize the query results.The experimental results show that for a query related to privacy data,a database management system with R-PAACEE can achieve good query performance.