JIANG Xinghao,LI Jianhua

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.16.051

2006-01-01

Abstract:The security problem including confidentiality,integrity,nonrepudiation,authentication,authorization and access control has become the main obstacle for WS before its large scale application.This paper presents an attribute certificate based authorization mechanism for WS and analyzes the characteristics of access control model for WS aiming at the authorization and access control problem WS faces.

Cui Yan-Li,Zhang Xing

DOI: https://doi.org/10.1109/fitme.2009.68

2009-01-01

Abstract:During the realizing process of remote attestation, except for using trusted computing technology to protect physical security, storage security and operation security of certifier, cipher mechanism need to be combined to ensure the credibility of attestation method of certifier. This paper designs an attestation method model of property remote attestation, and applies the authentication and access control logic technology to make formal description for the participants of attestation method of property remote attestation, and finally prove the credibility of attestation method. Paper's research conclusion proves, after increasing the authority of certificate and trusted property certificate, the credibility of property remote attestation method can be guaranteed among the computing environment applying the public key infrastructure participates.

曾璎珞,潘雪增,陈健

DOI: https://doi.org/10.3969/j.issn.1000-3428.2010.10.052

2010-01-01

Abstract:This paper proposes a dynamic security access control model based on system reliability,so as to improve the flexibility of combination among multiple security access control strategies,and to ensure system security and practicality.The model can choose the proper kind of combination among the security access control strategies dynamically in order to deal with different system states and improve the whole system performance.Experimental results prove that this model makes the multiple strategies control more flexible,ensures the system security,and improves practicality of the system.

S Chen,K She,MT Zhou

DOI: https://doi.org/10.1109/pdcat.2003.1236298

2003-01-01

Abstract:With the problem of the effective certificate revocation for partition rule based access control remaining, we provide a user authority model based on the nonpublic key certificate approach and implement security access control of the information domain. Based on the clearance structure of X.509 v4, this model accomplishes three main functions: authority trust facility, authority certificate and certificate storage. It implements security information exchange on heterogeneous platforms, and achieves secure access to target resources with another identity authentication method.

Li Qianmu,Yin Jie,Hou Jun,Xu Jian,Zhang Hong,Qi Yong

DOI: https://doi.org/10.1007/978-3-642-18129-0_68

2011-01-01

Abstract:A service access control model in cyberspace is proposed, which provides a generalized and effective mechanism of security management with some items constraint specifications. These constraint specifications are organized to form a construction, and an enact process is proposed to make it scalable and flexible to meet the need of diversified service application systems in cyberspace. The model of this paper erases the downward information flow by extended rules of read/write, which is the breakthrough of the limitations when applying the standard role-based access control in cyberspace.

Weinan Li,Hui Feng,Wenchang Shi

2010-01-01

Abstract:Targeting at shortcoming of existing access control models in supporting trust measurement in communication network environment, focusing on integrity measurement of computer systems in communication network environment, this paper proposes an information flow oriented integrity access control model. The model defines integrity level of an entity with sources of information flow. On this basis, it designs access control rules. Finally, it constructs access control policies to enforce access control.

Zhensong Liao,Hai Jin,Chisong Li

DOI: https://doi.org/10.3321/j.issn:1671-4512.2006.02.021

2006-01-01

Abstract:Role-based access control (RBAC) introduced the concept of role to the access control, helping authorized users to access web resources, and reducing the system s burden to store huge individual information. On the basis of analyzing RBAC model, an attributed certificate (AC)-based RBAC model in the distributed environment was put forward in accordance with the characteristics of RBAC system and the superiority of SPKI/SDSI certificate. It defined the AC structure and described the workflow, and concluded the features of the presented model. The analysis showed that the model was characterized by compact credential structure, supporting anonymous access and single login on.

徐晓春,陆松年,杨树堂,蒋兴浩

DOI: https://doi.org/10.3969/j.issn.1000-3428.2004.05.028

2004-01-01

Abstract:One of the most important features of XML Web services is that they can easily accessed over the Internet. But the downside of this easiness is that security is compromised. This paper presents an access control system for Web Services. It uses XACML for the description of access control criteria based on the use of attribute certificate. The system takes full advantage of XML-enabled feature of Web Services and XACML access control decision model. Furthermore, the integration of privilege management infrastructure and XACML makes this system suitable for heterogeneous Web services.

XU Guo-yong,LIU Qiang,ZHANG Pu-xuan

DOI: https://doi.org/10.3969/j.issn.1000-7024.2007.01.011

2007-01-01

Abstract:On resource integration implemented in government and organization,a more security and open access control system working in large scale application environment is required.Public key infrastructure authenticates a user by granting a public key certificate.Pri-vilege management infrastructure authorizes a user using attribute certificates.RBAC provides a flexible relationship between user and privilege.Emphasis on access control proceeding and policy management using PKI,PMI and RBAC,an access control mechanism based on role and dual-certificates is described.The mechanism has implemented in the taxation resource integration project.

CHEN Chuan-bo,PENG Chao-yi

DOI: https://doi.org/10.3969/j.issn.1007-130x.2008.01.011

2008-01-01

Abstract:Since XML is widely used nowadays,the need to provide controlled access to such information is imminent.The incredible amount of heterogeneous users on the Web also increases the difficulty of the authorization management.Based on the security feature of XML documents,we presents a credential-based XML access control model and its XML-based policy specification.Finally,we discuss the implementation of the model.

杨家海

DOI: https://doi.org/10.3969/j.issn.1000-7180.2003.12.020

2003-01-01

Abstract:After an overview of existing security control methods in CSCW systems, the paper proposes a new security control model which introduced the X.509 certificate-based authentication method into CSCW systems. Based on this model, the design and implementation of a secure multimedia conference system prototype, MCS/CA are discussed. In contrast to conventional conference system, MCS/CA enhanced integrated security control mechanism with certificate application, certificate-based authentication, session key negotiation, and data encryption/decryption.

Xiaobing Liu,Zhaoyang Bai

2008-01-01

Abstract:Sensitive information is one of core competence concerning with the development of the enterprise business. Tremendous pressure on today's enterprises to achieve and sustain competitive advantage has led to heightened efforts to protect sensitive information. Many enterprises have recognized that the key to sensitive information management improvement lies in the better access control model. In this paper, we present a boundary-based access control model incorporating an advanced security mechanism, in order to support fine-grained authorizations in the right time for the provision of services, based on the analysis of system boundary. In this model, access permissions are controlled by the state transitions at different layers including workflow layers, control layers and data layers. The access control mechanism is based on an RBAC model, which incorporates dynamic context information. Context is classified based on the analysis of system boundary into six main categories, which is further categorized as simple condition and composite condition, thus forming a multi-level context. In a multi-level hierarchy of context conditions, the access control model is implemented dynamically, by checking the context constraint associated with each access task at the time of the specific request submission, whose functionality and the constituent parts have been described formally and in detail.

Guisheng Fan,Huiqun Yu,Liqiong Chen,Dongmei Liu

DOI: https://doi.org/10.1109/trustcom.2011.220

2011-01-01

Abstract:Service composition is an effective way to achieve value-added service, which has found wide application in various key areas. However, most access control techniques for service composition were in ad hoc fashion and fell short in precise notations. In this paper, we propose a certificate driven access control strategy for service composition. Petri nets are used to precisely define and model the different components of service composition. The access control strategy for service composition are proposed, which can dynamically adjust available service to meet the actual requirements. Based on this, theories of Petri nets help prove correctness of the access control strategy and the enforcement algorithm is given, thereby getting the service composition which can meet the functional requirements while meets the required security. The proposed method is applied to a real-world domain to show the feasibility and effectiveness.

Fujun Feng,Chuang Lin,Junshan Li

DOI: https://doi.org/10.1109/NSWCTC.2009.405

2009-01-01

Abstract:Trustworthy network is the inevitable trend in the development of high trusted computing and Internet. It is beyond the traditional information security including confidentiality, integrity and availability, but on the survivability and controllability. Trustworthiness of users on identity and behaviors is very important for trustworthy network, which can be realized by access control technology. Firstly, we discuss the security requirements of access control in trustworthy network. Then we propose a Trust and Context based Access Control (TCAC) model, and describe the core, hierarchical and constrained TCAC in detail. Finally, a trust evaluation mechanism is presented.

Ran Yang,Chuang Lin,Yixin Jiang,Xiaowen Chu

DOI: https://doi.org/10.1109/icc.2011.5963329

2011-01-01

Communications

Abstract:The rapid development of applications running on global information infrastructure poses the problem of securing information sharing among domain collaborations. Existing access control models are defective in dynamic authorization based on user's trustworthiness and do not take full advantages of the infrastructure in implementing access control system. In this work, we propose a trust and role based access control model and the corresponding framework in infrastructure-centric environment. With the extension to RBAC model, trust level requirements, which dictate that the roles in the privilege context must be activated by the trustworthy user, can be specified. The comprehensive trust model, which calculates the user's trust level in multiple trust contexts based on behavior histories, is proposed. Moreover, by taking advantages of the infrastructure services, our scheme is flexible and scalable in that system administrators are free to choose custom scoring functions while the infrastructure trust evaluation services are relieved of the heavy burdens of history record maintenance and trust level update.

Lu Chen,Qing Zhou,Gaofeng Huang,Liqiang Zhang

DOI: https://doi.org/10.1109/CIS.2014.47

2014-01-01

Abstract:Resource sharing is one of the main applications of network. How to establish a trust relationship between resources requestor and provider, and enforce authority is the key issue of efficient resource sharing. Existing models and methods are mostly focus on identity, recommendation and other information, but lack of the considering of resource requestor's conduct and environment of computing. And once authorized, it will not be able to track and control user behavior dynamically. It may cause more risks when sharing resources. Aiming to resolve the above problems, a trust-role based context aware access control model is proposed relying on the measurement and verification of the \"trust credentials and evidences\" which embody the context information of user behavior and platform environment to achieve the security, dependable and dynamic access control for resource sharing.

Li Hetian,Liu Yun,He Dequan

DOI: https://doi.org/10.3321/j.issn:1002-8331.2006.09.002

2006-01-01

Abstract:Access control is an important assurance mechanism for the security of information technology systems.It protects the validity access right for information asset by constraining subjects to access to objects in order to assure the confidentiality,integrity and availability of information.As usual the mechanism is realized by static access control matrix which doesn't represent the dynamic characteristic along with task changing.In this paper,a dynamic access control model is described based on the Petri Net rationale.The dynamic model authorizes user role the access control right according to the implementation of different tasks in the system to prevent inappropriate use of information.

Guo-yuan LIN,Shan HE,Hao HUANG,Ji-yi WU,Wei CHEN

2012-01-01

Abstract:In view of the current popular cloud computing technology,some security problems were analyzed.Based on BLP(Bell-LaPadula) model and Biba model,using the access control technology based on behavior to dynamic adjusting scope of subject's visit,it put forward the CCACSM ( cloud omputing access control security model).The model not only guarantees the cloud computing environment information privacy and integrity,and makes cloud computing environment with considerable flexibility and practical.At last,it gives the model's part,safety justice and realization process.

Lihua Yin,Binxing Fang,Yunchuan Guo,Hui He

DOI: https://doi.org/10.1109/ndt.2009.5272141

2009-01-01

Abstract:Traditional information security models focus on protecting information or information systems. There is little research on controllability of information content security. We present the network reference monitor (NRM) for access control in Internet environment firstly. Then we propose the definition of network reference monitor and Internet information access control. Abstract operation model is put forward for controllability of content security access control. The model consists of three parts: information discovery model, information analysis model and information control model. Next, we express the intuitive formal specification of controllability by PCTL logic. Then we characterize the process of Internet access control by finite state automata and present an evaluation model of controllability to analyze access control of information content security quantitatively.

ZHONG Jiang,HOU Su-juan

DOI: https://doi.org/10.3724/sp.j.1087.2010.02632

2010-01-01

Journal of Computer Applications

Abstract:Concerning the limitations of the application of traditional access control model in new generation credible Internet environment,such as the inefficiency in user-role assignment and the difficulty in cross-domain access control,a universal attribute-based access control framework was proposed.It took a unified method to dispose the attributes of users,resources,operations and running context,simplified the complex way of permissions determination in traditional RBAC and other access control modes,thus enhancing the versatility and flexibility of access control system.At the same time,authentication based on attribute certificates was applied in cross-domain access,policy evaluation and evaluation algorithm were also discussed,which could dynamically realize resource management and access control for users from different domains.In addition,the mechanism of the running context makes the framework more suitable to be applied in complex and dynamic Internet environment.