Lin Yao,Xiangwei Kong,Zichuan Xu

DOI: https://doi.org/10.1109/NCM.2008.75

2008-01-01

Abstract:Although RBAC models have received broad support as a generalized approach to access control, the administration of roles in large organizations can become quite cumbersome. In this paper, we develop a new paradigm for access control and authorization management, called task-role based access control (TRBAC) with multi-constraint. The basic idea of this model different from traditional RBAC is that roles and permissions are not connected directly but are put together by tasks. It is a dynamic authorization model with fine-grained partition on users, roles, tasks and sessions. The unit of task becomes the permission granularity. It is more convenient for enterprise privilege management such as distributed application,C/S access control and workflow management. It can reduce the administrator's burden and avoid some potential safety hazards because of adopted dynamic authorization.

许春根,严悍,刘凤玉

DOI: https://doi.org/10.3969/j.issn.1002-137X.2003.07.032

2003-01-01

Computer Science

Abstract:The access control is very important for the information management of modern enterprises . This paperproposes a framework of well-defined constraint specifications for developers to build application-level access controlbased on users' roles. They ensure that each role is configured with consistent privileges, each actor is authorized toproper roles and then each actor can activate and play his authorized roles without interest conflicts. These formalconstraint specifications are described by the first-order predicate logic, and also some properties are proved. Themodel provides relatively independent, consistent and inferable constraint specifications for developers to design ac-cess control of large and complex enterprise systems.

Han Yan,Fengyu Liu,Hong Zhang

DOI: https://doi.org/10.1145/346057.346075

2000-01-01

Abstract:At present, majority access control models mainly deal with data-protection at the back-end of applications. However, they are not applicable for large and complex multi-user applications. Though Object Technology has turned into one of the mainstream approaches for large and complex applications development, it still lacks a general model of application-level access control. While the existing models of role-based access control could simplify privilege management, they neglect the dynamic features of activated roles. This paper proposes an object-oriented model in Unified Modeling Language supporting application-level access control based on users' roles. In the model, an interface type is provided containing a set of operations as user services, which are authorized to users via their roles. To represent the activated roles, Role-Playing is introduced, and it is modeled as an active class. Every object of Role-Playing runs in particular context, which restrict users' rights dynamically and control users' interaction actively. The model is suitable for multi-user interactive computing and distributed information-processing systems.

Han Yan,Chun-Gen Xu,Gong-Xuan Zhang,Feng-Yu Liu

DOI: https://doi.org/10.1145/346057.346074

2000-01-01

Abstract:Constraint specifications for access control organize a set of constraints to control human-computer interaction for users to perform their duties securely and efficiently. Constraint specifications are imperative for the access control and security management of large and complex multi-user interactive applications. Existing specifications of Role-based Access Control are incomplete and complicated. This paper proposes a framework of well-defined constraint specifications for developers to build application-level access control based on users' roles. They ensure that each role is configured with consistent privileges, each actor is authorized to proper roles and then each actor can activate and play his authorized roles without interest conflicts. These formal specifications are consistent and inferable, complete and simplified, abundant and scalable for diversified multi-user applications.

Di Wu,Xiyuan Chen,Jian Lin,Miaoliang Zhu

DOI: https://doi.org/10.1007/11836025_19

2006-01-01

Abstract:Today, the formulation, specification, and verification of adequate data protection policies in open distributed environment appear as the main challenge to address concerning authorization Role-based access control models have attracted considerable research interest in recent years due to their innate ability to model organizational structure and their potential to reduce administrative overheads This paper proposes ontology specification to describe Role-based Access Control model and extend it with a general context expression Based on these definitions, the specification for interoperation in distributed environment is introduced The works include a definition of ontology to describe the concepts and a declaration of rules to explicit the relationship between concepts The ontology based approach can express security policy with semantic information and provide a machine interpretation for descriptions of policy in open distributed environment.

黄益民,杨子江,平玲娣,潘雪增

DOI: https://doi.org/10.3785/j.issn.1008-973x.2004.04.005

2004-01-01

Abstract:The traditional role-based access control (RBAC) model was extended in this work aimed at studying practical ways to implement access control, enforce security administration, and acquire available information from real world to construct an access control model and establish security policies. A three-layered architecture for role-based security administration was proposed. And a practical way was presented to implement role-based access control and role-based security administration ,so that cross-platform role-based access control is implemented automatically and systematically in the security administration system.

Wu Di,Jian Lin,Yabo Dong,Miaoliang Zhu

DOI: https://doi.org/10.1109/PDCAT.2005.247

2005-01-01

Abstract:Role-based access control (RBAC) models have generated a great interest in the security community as a powerful and generalized approach to security management. One of important aspects in RBAC is constraints that constrain what components in RBAC are allowed to do. There are lots of research have been achieved to specify constraints for secure system developers. However more work is need urgently to met requirements for interoperability of machine and people understandable constraints specification in open and distributed environment. In this paper we propose another approach to specify constraints using Semantic Web technologies. The Web Ontology Language (OWL) specification of basic RBAC components and constraints are described in detail.

Zhiwen Zou,Changqian Chen,Shiguang Ju,Jiming Chen

DOI: https://doi.org/10.1007/978-3-642-12189-0_26

2010-01-01

Abstract:The Spatial Role-Based Access Control (SRBAC) model was discussed in this paper. Firstly, the formal definition of SRBAC Model was given; then the region coverage constraint of spatial object, duration constraint of spatial object, various spatial object separations of duty constraints and spatial object cardinality constraint of role activation were researched; after extending the traditional session, the strategy of eliminating the conflictive session was presented; Finally, the role hierarchy has been discussed under the spatial environment. Combined with practical application, the theory of secure DBMS was optimized and afforded to build the stricter system.

杨洋,丁仁杰,闵勇

DOI: https://doi.org/10.3321/j.issn:1000-1026.2003.07.008

2003-01-01

Abstract:According to the characteristics of the information system in power enterprises, an in-depth analysis is made of the discretionary access control (DAC), mandatory access control (MAC) and role-based access control (RBAC). Some drawbacks of the three models under certain circumstances are discussed. To meet the need of massive and frequently changing data in the information system of power enterprises, a new access control model, the object-based access control (OBAC) model, is proposed. This model can be easily represented and is more extensible. Also, a practical design of the OBAC model is given.

Chungen Xu,Han YAN,Fengyu LIU

DOI: https://doi.org/10.3321/j.issn:1002-8331.2001.08.004

2001-01-01

Abstract:The control to access resources in organization has become increasingly important,and Role Based Access control (RBAC)technology is rapidly developing along with the internet. In RBAC,The Role is a important concept,and must be properly constructed to reflect organizational access control policy and needs. In this paper we represent a RBAC model with this well-known modeling language UML to reduce a gap between security models and system developments. We specify the RBAC model with three views:static view,functional view,and dynamic view. Several frameworks for the development of role-based systems have been introduced. However , there are a few works specifying RBAC in a way which system developers can easily understand and refer to develop role-based systems.

刘伟,刘嘉勇

DOI: https://doi.org/10.3969/j.issn.1672-2892.2009.01.019

2009-01-01

Abstract:As a way to defend information's confidentiality and integrity,access control takes a quite important role in military system and commercial system.Role-Based Access Control(RBAC) Model has been generally used in morden sofeware systems,and it has become one of the hotspots in the field of information.On the basis of RBAC,an Extended Role-Based Access Control(ERBAC) model is introduced against the imperfections of the famous RBAC model.Then the applying process of this model is illuminated.In the improved model,the concepts of role and permission are extended,which makes RBAC model be applied to systems freely and efficiently,and strengthens the security of access control.

吴江栋,李伟华,安喜锋

DOI: https://doi.org/10.3969/j.issn.1000-3428.2008.20.019

2008-01-01

Abstract:A method of finely granular access control based on RBAC is brought forward after the discussion of the access control model based on role.This paper proposes the idea about finely granular access control,decomposes the access privilege of sources to less granularity,and the privilege is assigned to role,then access control can be managed easily by defining the user of the role and the inherit of roles.The validity of method is proved by the successful system of finely granular access control based on RBAC.Design and implementation process of the method have referenced value to similar software's development.

LI Fan,ZHENG Wei-min

DOI: https://doi.org/10.3969/j.issn.1000-7024.2005.08.052

2005-01-01

Abstract:Access Control is an important technology in system security in which RBAC(Role-Based Access Control) is a well-known model.But RBAC is complicated in large application system.The problems existing in RBAC were analyzed and an organization and role based access control model ORBAC was proposed.The new model reduces the number of the role and the complexity of access con-trol management in application system by extending organization structure and its permissions to RBAC.

王刚,宋执环

DOI: https://doi.org/10.3969/j.issn.1000-3428.2002.09.044

2002-01-01

Abstract:In this paper, the construction of role-based access control is discussed. Aiming at the complexity of the subjects, combined with the particularity of actions and objects in document management, considering the restriction of subject and the state of object, some improvement is made in the original RBAC and a new team-role-based document access control which is named TRBDAC model is presented. ;

Chao Huang,Jianling Sun,Xinyu Wang,Yuanjie Si

DOI: https://doi.org/10.1109/ICNDS.2009.94

2009-01-01

Abstract:Access control is always essential for safe and security access to the system resource. Role based access control (RBAC) model is widely used in large enterprise software systems. The quality of the RBAC policy design especially role definition has great impact on the system security policy implementation. In this paper we propose a novel role engineering methods with security KAOS (SKAOS), which guide the engineering process via keeping decomposing the functional requirement objective and combining the system security requirement. SKAOS not only simplifies the system userpsilas involvement in the role engineering process via supplying with the objective decomposition but also reduces the complexity of the operation analysis. After building the objective decomposition and activity analysis diagrams, the role definition can be delivered. We illustrate the effectiveness of our method via analyzing a real world requirement problem.

BAO Zhigang,HU Yanjun,GU Xinjian

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.01.059

2006-01-01

Abstract:Firstly making reference to role based access control(RBAC)model,this paper proposes the basic idea about access control.Then it introduces database design of two realizing methods about access control and two methods’ realization in program,it also presents visual effect.Finally it analyzes and compares one to another in detail from two aspects of applicability and reusability.

Junhao Geng,Sumei Zhang

DOI: https://doi.org/10.1109/cis.2009.260

2009-01-01

Abstract:To meet the requirements that full business model of complex information system needs simplified, precise and consistent access control method, analyzing meta-model of full business model, granularities of access control elements, Full Business Model Oriented Access Control (FBMOAC) model is proposed and built, and an algorithm of permission consistency control is presented based on the formal description. Through building access subject granularities, access object granularities, permission assignment control granularities and the dependency, contradiction, delegation, nesting relationships between granularities, FBMOAC supports simplifying the authorization process, controlling access objects precisely and implementing the consistency control of permissions.

袁平鹏,陈刚,董金祥

DOI: https://doi.org/10.3321/j.issn:1003-9775.2004.04.006

2004-01-01

Abstract:An access control paradigm composed of basic model and role model is proposed for collaborative applications. Basic model specifies the relationship among privileges and the way of ranking privileges. It relates privilege with operations on the objects, so the model appears more straightforward. Moreover, if Brokers' implementation permits, the model can support any grained access control. Role model re-defines the role concept of RBAC96, divides the permissions of role into public permissions, protect permissions and private permissions. It allows user to define roles more flexibly, prevents private permissions of roles from being inherited and reduces the definition of ancillary roles.

吴振兴,熊璋,方义

DOI: https://doi.org/10.3969/j.issn.1006-2475.2004.12.042

2004-01-01

Abstract:The different levels of RBAC model implementation and their characters are discussed.An implementation of RBAC model on the application level is also presented.This implementation makes use of the security character provided by the operating system to authenticate user in a high security way and introduces application server as agency between database and workstation.Based on active directory and DCOM,this implementation controlls database access reliably according to RBAC model and achieves high security.

Chen Zhao,NuerMaimaiti Heilili,Shengping Liu,Zuoquan Lin

2005-01-01

Abstract:Role-Based Access Control (RBAC) has been recognized as a strategy which reduces the cost and complexity of security administration in large-scale networked applications. A general family of RBAC models called RBAC96 was proposed by Sandhu et al. [1], which formally deflnes the relations among user, role and permission using the notion of set membership. Constraints is an important aspect of RBAC, which impose restrictions on acceptable conflgurations of the difierent components of RBAC. Nevertheless, it was discussed informally in the RBAC96 model. There has been some efiorts to present a logical framework for the access control models. Most of these works are based on flrst-order logic or its extensions. However, excessively rich expressiveness may bring on complex computation and confusion. We present a novel formalization of RBAC using a description logic approach. Compared with flrst-order logic, DLs achieve a better tradeofi between the computational complexity of reasoning and the expressiveness of the language. We choose the DL language ALC to represent core and hierarchical RBAC, and ALCQ that extends ALC by qualifled number restrictions to express RBAC constraints, including separation of duty and role cardinality. Based on our logical framework it is feasible to reason about RBAC and check the consistency of RBAC with constraints via a DL reasoner(e.g. RACER).