Xiyuan Chen,Yang OUYang,Miaoliang Zhu,Yan He

DOI: https://doi.org/10.1109/ICYCS.2008.407

2008-01-01

Abstract:The emerging grid infrastructure presents many challenging security issues that demand new access approach due to its inherent heterogeneity, multidomain characteristic and highly dynamic nature. In order to protect the secure sharing and coordinated use of diverse resources in distributed "virtual organizations", fine-grained access control in grid computing is therefore very necessary and important. In this paper, a semantic-aware access conrtol(SAAC) extending the RBAC with the semantic specification is proposed. Supplying semantic specification by the implementation of semantic inference engine (SIE), the administration for the applicability of users' role memberships to particular permissions is much more easy and precise. The enforcement of the SAAC model for grid application is presented. An experimental evaluation of its overheads is also described.

JIANG Wei-chao,XIA Yang,HUANG Xiao

DOI: https://doi.org/10.3969/j.issn.1000-7024.2005.06.042

2005-01-01

Abstract:Web services, which adopt general protocol and technology, can be easily accessed by users and have been the research hotspot in distributed computing, but the downside of this easiness is that security is compromised. An access control system for web services is presented based on SAML and XACML, which uses SAML to single sign-on and introduces XACML to control the access of users. Based on SAML, XACML is imported to control the protected resources on web sites, and achieves the security of access control of web services.

Yi Zhao,Xia Wang

DOI: https://doi.org/10.1007/978-3-642-24806-1_26

2012-01-01

Abstract:As the Semantic Web has been applied in the Web Services to integrate data across different applications with the increasing development of the Semantic Web technologies, it is essential to maintain the security of the organizations involved in the Semantic Web Services. Security is a crucial concern for commercial and mission critical applications in Web-based environments. To guarantee the security of the web services, security measures must be considered to protect against unauthorized disclosure, transfer, modification, or destruction, whether accidental or intentional. Access control is a kind of security measurements to guarantee the service processes, which is defined to allow resource owners to define, manage, and enforce the access conditions for each resource. In this paper, an ontological concept similarity algorithm is first proposed taking multiple concept relations into consideration. Then, an attribute based access control model based on the semantic similarity (SABAC, for short) is proposed to specify access control over attributes defined in domain ontologies. An experimental prototype and detailed empirical discussions are presented, and the method is validated in the framework of web service selection.

JZ Luo,XP Wang,AB Song

DOI: https://doi.org/10.1109/cscwd.2005.194196

2005-01-01

Abstract:Grid computing is appropriate for supporting cooperative work Many designers and engineers from different companies or institutions can dynamically form a virtual organization for a given design task. In order to protect each company's sensitive data and services, access control is therefore necessary and important. In this paper, we present a new approach to authorize and administrate access requests, in which the requests are obliged to negotiate with a policy enforcement point in order to gain access to the target grid service. The new access control model will exploit semantic Web technology, and use machine reasoning about the messages and policies at a semantic level.

Mudhakar Srivatsa,Arun Iyengar,Thomas Mikalsen,Isabelle Rouvellou,Jian Yin

DOI: https://doi.org/10.1109/ICWS.2007.31

2007-01-01

Abstract:Service composition has emerged as a fundamental technique for developing Web applications. Multiple services, often from different organizations or trust domains, may be dynamically composed to satisfy a user's request. Access control in the presence of service compositions is a challenging security problem. In this paper, we present an access control model and techniques for specifying and enforcing access control rules on Web service compositions. A key advantage of our approach is that past histories of service invocations can be used to make access control decisions. Our approach allows role hierarchies and separation of duty constraints. Access controls rules may be parameterized by one or more arguments. We have implemented our access control model via a declarative policy specification language which uses pure-past linear temporal logic (PPLTL). We describe an implementation of our approach using a supply chain management (SCM) application. Our experiments show that our approach can enforce expressive and flexible access control policies while incurring reasonable performance overhead on the application.

YB Peng,J Gao,J Hu,BS Liao

DOI: https://doi.org/10.1109/cit.2005.35

2005-01-01

Abstract:Information systems researchers continue to develop Web services hoping that, in a near future, these services will be used in every application system expediently. Although many implementations of Web services are currently available, no project can solve the problem of autonomous controlling the whole execution process of Web services. In this paper, we present a policy-driven IMCSBA (Infrastructure for Managing and Controlling the Social Behavior of Agents) project, which provides a platform to autonomous control the whole execution process of Web services. In addition, an agent infrastructure to realize this system was developed and a simulated test was conducted successfully.

Bs Liao,J Gao,J Hu,Jj Chen

DOI: https://doi.org/10.1007/978-3-540-30483-8_42

2004-01-01

Abstract:The integration of web services and intelligent agents is promising for automated service discovery, negotiation, and cooperation. But due to the dynamic and heterogeneous nature of web services and agents, it is challenging to guide the behaviors of underlying agents to meet the high-level business (changeful) requirements. Traditional Policy-driven methods (Ponder, Rei, KAoS, etc) are not adaptable to direct the discovery, negotiation and cooperation of dynamic agents who may join in or leave out of a specific community or organization (virtual organization) at run time. The purpose of this paper is to model an ontology-based, policy-driven control framework that is suitable to supervise the dynamic agents according to high-level policies. On the basis of federated multi-agents infrastructure and ontologies of policies, domain concepts, and agent federations, a model of role-based policy specification framework is presented in this paper.

徐晓春,陆松年,杨树堂,蒋兴浩

DOI: https://doi.org/10.3969/j.issn.1000-3428.2004.05.028

2004-01-01

Abstract:One of the most important features of XML Web services is that they can easily accessed over the Internet. But the downside of this easiness is that security is compromised. This paper presents an access control system for Web Services. It uses XACML for the description of access control criteria based on the use of attribute certificate. The system takes full advantage of XML-enabled feature of Web Services and XACML access control decision model. Furthermore, the integration of privilege management infrastructure and XACML makes this system suitable for heterogeneous Web services.

BS Liao,J Gao,J Hu,JJ Chen

DOI: https://doi.org/10.1109/icmlc.2004.1380585

2004-01-01

Abstract:Presently, resource sharing and integration within or cross enterprises (organizations) based on Web services, semantic Web and agents, are developing rapidly. However, different level of requirements of enterprise applications, and dynamic nature of Web services and application requirements, result in increasing complexities of management of Web services and related agents. This paper proposes a federated multi-agent system for autonomic Web services control. The main point of this paper is to propose an approach based on hierarchical architecture-oriented agent federations to control the internal cooperation and external coordination and transaction of Web services. In addition, an agent infrastructure to realize this system was developed and a simulated test was conducted successfully.

Zhong Chen

2008-01-01

Abstract:Based on the Semantic Web technology extends the scope of policy management, In Web access control security through the reasoning of the policy to achieve the dynamic process of adjustment, presents a Web services security visit to the multi-level policy approach, for the next generation of Web services application in a useful exploration.

Hao Zeng,Yongwang Zhao,Dianfu Ma

DOI: https://doi.org/10.12733/jcis7282

2013-01-01

Journal of Computational Information Systems

Abstract:Web service has emerged as a fundamental technique for developing Web application due to its highly dynamic and cross-domain characteristics, but which still pose new challenges and difficulties for web services authorization. However, the system-centric view (static control environment) of protecting services and resources taken by traditional access control models is not suitable for web service environment. As is presented in this paper, one finding of our study is a Policy Tree based architecture for web services authorization termed PTBA4WSA. It is established on a staged attribute based access control framework. The paper proposes a Policy Tree model to describe subjects, resources as well as environment attributes, and it also presents a loading classification based policy evaluation algorithm. Both of which cannot only provide high-efficient and _ne-grained access control for web services, but also can support access control policy release mechanism. With PTBA4WSA, we design and implement a service authorization processing system which exhibits high efficiency and availability as is shown by the performance evaluation results. © 2013 Binary Information Press.

XU Feng,LIN Guo-Yuan,HUANG Hao

DOI: https://doi.org/10.3969/j.issn.1002-137X.2005.02.001

2005-01-01

Computer Science

Abstract:Security is currently one of the biggest concerns about future development of Web services. This paper brief reviews the state of the research for access control in the Web service environment. In this paper,we first discuss the way to study the access control technology from the protocol stack of the Web services. Then we discusscd the access control technology of XML documents and the SOAP protocol,as well as correlation standard. Finally,the conclusion is given and the problems are pointed out,which should be resolved in further reserach.

Aiqiang Gao,Dongqing Yang,Shiwei Tang,Ming Zhang

DOI: https://doi.org/10.1109/icpca.2008.4783602

2008-01-01

Abstract:The emerging paradigm of pervasive computing and web services needs a flexible service discovery and composition infrastructure. The widespread use of Web services in pervasive environments is hindered by the lack of adequate security and privacy support. In this paper, we discuss an access control protocol for conversation-based (composite) Web services. This approach takes into account the conversational nature of composite web services and differentiates two types of web service: goal-driven and interaction-intensive. The former is goal driven and the client cares about the final goal and participates the conversation at only a few steps. While the interaction-intensive composite web service is interaction heavy, and the service and the client need to interact with each other frequently to exchange access control credentials.

PU Fang,SUN Dao-qing,Cao Qi-ying,CAI Hai-bin,LI Cai-xia

DOI: https://doi.org/10.3969/j.issn.1000-3428.2008.06.052

2008-01-01

Abstract:In order to solve the contradiction between information sharing, cooperation and security privacy in the ubiquitous computing environment, a dynamic and semantic security policy management mechanism for ubiquitous computing is presented. The mechanism imports unified ontologies knowledge base. Ontologies service varies with the context information and adjusts policy service to act on the managed targets. The policy management framework, dynamic policy implementation and policy specification are described. A typical example of the ubiquitous computing scenario is given to show how to apply the mechanism.

Hao Zeng,Dianfu Ma,Yongwang Zhao,Zhuqing Li

DOI: https://doi.org/10.1007/s11761-013-0143-5

2013-01-01

Abstract:Due to the dynamic, heterogeneous and interorganizational nature, different web services and different ports or operations in the same service, even the same services at different times may have their different security requirements because of their different security domains and different business backgrounds. How to design a flexible, fine-grained and comprehensive architecture for web services security processing has become a matter of great urgency. However, no ideal solutions have been worked out for these problems. As a result of our study, we have presented in this paper a policy-based architecture termed policy-based architecture for web services security processing (PBA4WSSP) to meet the dynamic, complete and fine-grained security requirements. In PBA4WSSP, the processing of all security problems is based on security policy in service stage to support flexibly security configuration. Moreover, we have designed a service policy model to describe the fine-grained security requirements. And the conversion method between security policy model and security policy expression has also been described. In addition, a staged complete security processing architecture is provided to reduce the dependency among protocol implementations. Furthermore, with PBA4WSSP, a web service security module has been designed and implemented as well. Eventually, the performance evaluation results amply demonstrate that our system is flexible and usable.

Tao Peng,Jiang Minghua,Hu Ming

2008-01-01

Abstract:Nowaday, the status of XML as a standard for storing and exchanging data in Internet and XML documents is becoming a de facto standard for storing and exchanging information. So, access control of XML documents is a key in network environment. In this paper, we propose an approach that exploits the semantics associated with subject and information in XML documents to facilitate automatic access control policies while resource sharing occurs among coalition members. Our approach relies on identifying the necessary attributes required by users to gain access to specific XML documents information. Specifically, it consists of extracting user attribute sets that semantically mach with the attributes of the information in XML documents. This relies on a closer examination of why a user is assigned a specific role.

马克,宋长新

DOI: https://doi.org/10.3969/j.issn.1008-0570.2008.27.028

2008-01-01

Abstract:Based on the research of Web security specifications, it put forwards a message level security model for the typical Web Services application. It provides both security transport of SOAP messages and an access control security. ' The model uses XKMS as a replacement of PKI and SAML assertion to exchange authentication as well as authorization information of users. The implement of the model depends on a message processing security.

JIANG Xinghao,LI Jianhua

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.16.051

2006-01-01

Abstract:The security problem including confidentiality,integrity,nonrepudiation,authentication,authorization and access control has become the main obstacle for WS before its large scale application.This paper presents an attribute certificate based authorization mechanism for WS and analyzes the characteristics of access control model for WS aiming at the authorization and access control problem WS faces.

Feng Xiang,Gan Ling,Ni Kai,Zhang Chao

DOI: https://doi.org/10.3969/j.issn.1000-386X.2007.10.022

2007-01-01

Abstract:Authorization access control is an essential and important module in MIS.Traditional authorization control needs to be improved on coupling and reusability.A Web service based authorization access control method is designed.By abstracting the basic functions in the field of authorization access control,and setting the authorization intonation into a five-tuple table in database,the functions of authorizatin access control are separated.The authorization access control method is made to run as Web Service,and thus the model is of low coupling,high reusability,and can be easily used in different applications running on isomerism environment.

Hai Jin,Hao Wu

2005-01-01

Abstract:Quality of Service (QoS) becomes necessary for service-oriented computing. Web Services Agreement (WSA) aims at defining a language and a protocol for advertising the capabilities of providers, creating agreements based on creational offers, and monitoring of QoS. On the other hand, semantic web provides many burgeoning techniques that enable services intelligent and automatic on the web. Therefore, we intend to integrate semantic web techniques with WSA management to utilize its advantages. In this paper, we present some works for this study. We illustrate how to specify WSA with ontology language instead of XML schema. With this, WSA can be domain ontology to describe knowledge of service agreement, and be a unified information model for it. In addition, an agent-based runtime framework is presented for WSA management, where all agents share the WSA ontology for exchange and negotiation. This improves interoperability between these agents. The negotiation rules and policies are specially described with Semantic Web Rule Language (SWRL) for web service, and agents negotiate with each other under steering of such rules and policies.