Lin Yao,Xiangwei Kong,Zichuan Xu

DOI: https://doi.org/10.1109/NCM.2008.75

2008-01-01

Abstract:Although RBAC models have received broad support as a generalized approach to access control, the administration of roles in large organizations can become quite cumbersome. In this paper, we develop a new paradigm for access control and authorization management, called task-role based access control (TRBAC) with multi-constraint. The basic idea of this model different from traditional RBAC is that roles and permissions are not connected directly but are put together by tasks. It is a dynamic authorization model with fine-grained partition on users, roles, tasks and sessions. The unit of task becomes the permission granularity. It is more convenient for enterprise privilege management such as distributed application,C/S access control and workflow management. It can reduce the administrator's burden and avoid some potential safety hazards because of adopted dynamic authorization.

CH Fang,W Peng,XZ Ye,SY Zhang

DOI: https://doi.org/10.1109/cscwd.2005.194248

2007-01-01

Journal of Software

Abstract:Access control is one of the key steps to ensuring the availability, confidentiality and integrity of system resources. While it has been fully applied in various network systems, it's still relatively new for collaborative CAD. This paper provides a new framework of multi-level access control for collaborative CAD based on hierarchical product modeling. A layered privilege model (LPM) has been developed to provide multi-granularity access permissions in the part level and feature level. An extended hierarchy role-based access control (EHRBAC) is implemented, integrated with LPM and common Hierarchy RBAC, to provide hierarchical access control of collaborative feature modeling in the component/part level and design feature level. Mesh simplification techniques are used to create variable level-of-detail for individual features.

王新胜,熊书明,王新宇

DOI: https://doi.org/10.3778/j.issn.1002-8331.2009.36.028

2009-01-01

Computer Engineering and Applications Journal

Abstract:SARBAC/SARBAC-HH models are dominative in implementation of role hierarchy management by analyzing and comparing several typical role-based access control models.Some issues in role and permission assignment management existed in SARBAC/SARBAC-HH models.In view of these issues,an improved model named WARBAC,based on SARBAC/SARBAC-HH models,is put forward.In the model,the administrative policy of role-permission assignment is redefined and redesigned by resorting to the conception of the organization structure of the ARBAC02 model.Analysis results show that WARBAC is simple in role hierarchy management and is reasonable in complicated role-permission assignment management.

LI Chang-cheng,LIU Cheng-ying,HONG Ming-song,CAI Wei

DOI: https://doi.org/10.3969/j.issn.1006-5911.2005.03.008

2005-01-01

Computer Integrated Manufacturing Systems

Abstract:Based on study of the role-based access control (RBAC) model and the team-based access control (TMAC) model, combined with the characteristics of the technological process information management, an object-based multi-subject access control model was proposed. In this model, object's access control strategy could be inherited through the object's inheritance hierarchies and the type of access subject was expanded to more types. The model implemented a fine-grained security administration at the level of individual users and individual objects. And the access permissions were assigned effectively and were easy to be expressed. As an active security model, it considered the context of objects and users when activating the permissions. Finally, an application example was introduced to prove the feasibility and advantages of this model.

Wang Zhenjiang,Liu Qiang

DOI: https://doi.org/10.3321/j.issn:1002-8331.2005.35.009

2005-01-01

Abstract:Authority Management is a most important aspect of Information Systems.A successful information system is always supported by a well-designed access control system.Role-based access control policy,which is the focus of access control study nowadays,is more flexible and less management burden.Based on Role-Based Access Control(RBAC) and Task-Role-based Access Control,this paper gives a flexible extended access contrl models,XRBAC,standing for Extended Role-Based Access Control,which extends the definition of role management and authority.

BAO Zhigang,HU Yanjun,GU Xinjian

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.01.059

2006-01-01

Abstract:Firstly making reference to role based access control(RBAC)model,this paper proposes the basic idea about access control.Then it introduces database design of two realizing methods about access control and two methods’ realization in program,it also presents visual effect.Finally it analyzes and compares one to another in detail from two aspects of applicability and reusability.

Zhiwen Zou,Changqian Chen,Shiguang Ju,Jiming Chen

DOI: https://doi.org/10.1007/978-3-642-12189-0_26

2010-01-01

Abstract:The Spatial Role-Based Access Control (SRBAC) model was discussed in this paper. Firstly, the formal definition of SRBAC Model was given; then the region coverage constraint of spatial object, duration constraint of spatial object, various spatial object separations of duty constraints and spatial object cardinality constraint of role activation were researched; after extending the traditional session, the strategy of eliminating the conflictive session was presented; Finally, the role hierarchy has been discussed under the spatial environment. Combined with practical application, the theory of secure DBMS was optimized and afforded to build the stricter system.

XIE Dong-wen,LIU Min,WU Cheng

DOI: https://doi.org/10.3969/j.issn.1006-5911.2005.04.020

2005-01-01

Computer Integrated Manufacturing Systems

Abstract:To guarantee the information security in information acquisition and management in enterprises, an Policy-Based Access Control (PBAC) model was proposed. Definition and compositions of PBAC model were introduced. 9 kinds of rules of PBAC in enterprise information system were provided for enterprises to follow. In addition, a universal and extensible solution was advanced. The solution has been successfully applied in some large project management software. Application has indicated that the proposed solution can greatly lessen software development cycle and improve maintainability.

Tao ZHANG,Yong ZHANG,Ge NING,Zhong CHEN

DOI: https://doi.org/10.3969/j.issn.1671-1122.2015.12.006

2015-01-01

Abstract:In face of the problem that the vulnerabilities of the common service or process in the Linux system are used to cause the system control to be easily lost, the paper proposes a process access control based on SELinux mandatory access control (PBACS), which can do fine-grained access control for files, processes and services, and can effectively mitigate security threats that caused by the vulnerabilities of system services, thus makes the server system more secure. The paper gives functional test and performance test on PBACS. Test result shows that PBACS meets design requirements, and can provide lower access control granularity in system process level. PBACS can be widely applied to reinforce Linux server system.

Peng Liu,Zhong Chen

DOI: https://doi.org/10.1109/wi.2004.10081

2004-01-01

Abstract:Business process describes a set of services that span enterprise boundaries and are provided by enterprises that see each other as partners. Web services is widely accepted and adopted to construct business process. Web services are built in exposed environment and open to security threats. When a web service contained in a business process is authorized to illegal users, it will cause economic loss of the service provider. Although there exist some standards for security of Web services and access control for services in distributed systems are well studied, there is a lack of comprehensive approach in access control for web services, especially in business process. In this paper, an extended RBAC model, called WS-RBAC, is proposed to secure web services in business process. The model takes web services in business process as protected objects and extends the classical RBAC model. Next, The software architecture of WS-RABC is presented. This paper also presents how to specify business process in the model and the authorization constraints of WS-RBAC based on WS-Policy.

王刚,宋执环

DOI: https://doi.org/10.3969/j.issn.1000-3428.2002.09.044

2002-01-01

Abstract:In this paper, the construction of role-based access control is discussed. Aiming at the complexity of the subjects, combined with the particularity of actions and objects in document management, considering the restriction of subject and the state of object, some improvement is made in the original RBAC and a new team-role-based document access control which is named TRBDAC model is presented. ;

杨洋,丁仁杰,闵勇

DOI: https://doi.org/10.3321/j.issn:1000-1026.2003.07.008

2003-01-01

Abstract:According to the characteristics of the information system in power enterprises, an in-depth analysis is made of the discretionary access control (DAC), mandatory access control (MAC) and role-based access control (RBAC). Some drawbacks of the three models under certain circumstances are discussed. To meet the need of massive and frequently changing data in the information system of power enterprises, a new access control model, the object-based access control (OBAC) model, is proposed. This model can be easily represented and is more extensible. Also, a practical design of the OBAC model is given.

TIAN Li-qin,JI Tie-guo,LIN Chuang,YIANG Yiang

DOI: https://doi.org/10.3778/j.issn.1002-8331.2008.19.004

2008-01-01

Abstract:The paper establishes a user behaviour trust and Role-Based Access Control(RBAC) model,which introduces the attribute concept and adds the user behaviour trust degree set on the basis of RBAC model.The detailed description and the authorization flow are given in the article.At last the model is analyzed from the dynamic performance and trust mechanism and role numbers and work performance.The new access control achieves the dynamic authorization by the dynamic assignment of role attributes and achieves the connection identity trust with behavior trust by setting the trust degree as an obligatory attribute,which changes the static authorization only based the identity of existing access control models.The model can reduce the role number by setting the attributes for the role,which can lighten the role management burden caused by the large number roles and improve the performance at the same time.

袁平鹏,陈刚,董金祥

DOI: https://doi.org/10.3321/j.issn:1003-9775.2004.04.006

2004-01-01

Abstract:An access control paradigm composed of basic model and role model is proposed for collaborative applications. Basic model specifies the relationship among privileges and the way of ranking privileges. It relates privilege with operations on the objects, so the model appears more straightforward. Moreover, if Brokers' implementation permits, the model can support any grained access control. Role model re-defines the role concept of RBAC96, divides the permissions of role into public permissions, protect permissions and private permissions. It allows user to define roles more flexibly, prevents private permissions of roles from being inherited and reduces the definition of ancillary roles.

Huanchun Peng,Jun Gu,Xiaojun Ye

DOI: https://doi.org/10.1109/ispa.2008.80

2008-01-01

Abstract:This article presents a new approach for privacy preserving access control based on RBAC. The separation of authorization of access purpose from access decision improves the flexibility of private data control. A key feature of this approach is dynamic. The access purpose is determined in a dynamic manner, based on subject attributes, context attributes and authorization policies. Intended purposes are dynamically associated with the requested data object during the access decision. Finally, we give the algorithm to achieve the compliance computation between the access purpose and intended purposes.

Gang Liu,Lu Fang,Quan Wang,Xiaoqian Qi,Juan Cui,Jiayu Liu

DOI: https://doi.org/10.1007/978-3-030-15093-8_4

2018-01-01

Abstract:In information systems where there are a large number of different resources and the resource attributes change frequently, the security, reliability and dynamics of access permissions should be guaranteed. The changing raises security concerns related to authorization, and access control, but existing access control models are difficult to meet practical requirements. In this paper, a resource and attribute based access control model named RA-BAC was proposed. The model bases on attribute-based access control (ABAC) and links access control policy with resource, and redefines the access control rules. Besides, we compare RA-BAC and ABAC from the perspective of theory and simulation experiment respectively to show the advantage of RA-BAC model. We give a detailed analysis combining with instances to show the practicability of the RA-BAC model. RA-BAC solves the problems of policy conflict and policy library expansion in the ABAC model when there are too many resources and the attributes of resources are changed frequently in the system. Using RA-BAC model in system can makes permission query efficient and reduce workload of the system administrator of managing the policy library.

王伟然,张洵,范玉顺

DOI: https://doi.org/10.3969/j.issn.1002-0411.2009.03.004

IF: 1.24

2009-01-01

Information and Computation

Abstract:Current access control methods of business process can not meet the practical requirements of business process management(BPM).In order to solve this problem,disadvantages of the access control methods including role-based access control(RBAC) and task-based access control(TBAC) are analyzed.Then,an organization and role semantic based access control(OR-SBAC) model and method are proposed,its model along with the formal description of its components is presented,and an application example is given.The OR-SBAC method provides further classification of the roles and the controlled subjects,utilizes organizational structure to describe the relationship between user and role,fulfills authorization through role adapter by illation based on role semantics,and considers contexts of time and space.The strong description ability and high authorization efficiency of the OR-SBAC method meets the requirements of complexity,variety and flexibility in BPM.

Jianwei Yin,Zhengqian Xu,Zhilin Feng,Gang Chen,Jinxiang Dong

DOI: https://doi.org/10.3321/j.issn:1003-9775.2006.01.023

2006-01-01

Abstract:Based on the rule of task, a novel task-based access control (TBAC) model was proposed to improve the permission administration and mechanism in the conventional TBAC model by the definitions of task-permission set alone. The permission constraints focus both on the task and permission, and some formal analyses and some constraints rules for permission set are presented. The proposed model was applied to the Aerospace Vehicle Collaborative Development Management system AVIDM. Experimental results show that the model could provide a more agile authorization and enhance the practicability of task model. Moreover, it simplifies the task complexity of permission administration. It is well suited to the access control in transaction management system and workflow system.

Rui Zhang,Fausto Giunchiglia,Bruno Crispo,Lingyang Song

DOI: https://doi.org/10.1007/s11277-009-9782-4

IF: 2.017

2009-01-01

Wireless Personal Communications

Abstract:Context-aware computing is an important aspect of the pervasive computing environment and its various dynamic context information brings new challenges to access control systems. In this paper a new access control model, relation based access control (RelBAC), is provided for context-aware environment with a domain specific Description Logic to formalize the model. The novelty of RelBAC is that permissions are formalized as binary relations between subjects and objects which could evolve with the dynamic contexts. The expressive power of RelBAC is illustrated in a case study of a project meeting event.

Yahui Lu,Li Zhang,Jiaguang Sun

DOI: https://doi.org/10.1016/j.compind.2009.02.009

IF: 10

2009-01-01

Computers in Industry

Abstract:The fast evolving workflow technologies facilitate organizations to interact and cooperate with each other to achieve their business goals by process collaborations. Task-role based access control is an important security mechanism to protect data and resources in information systems. However, the traditional centralized authorization and administration mechanism in access control can not satisfy the administrative requirements in process collaboration environments. In this paper, we propose a domain based administration model for task-role based access control (DATRBAC), in which the authorization and administration permissions are distributed to multiple administrative domains and administrative roles. Then we propose the solution to detect and resolve the conflicts between access control policies defined by different administrative roles. We also described the implementation of the model in the PLM product and the experiments based on the practical application data.