黄益民,杨子江,平玲娣,潘雪增

DOI: https://doi.org/10.3785/j.issn.1008-973x.2004.04.005

2004-01-01

Abstract:The traditional role-based access control (RBAC) model was extended in this work aimed at studying practical ways to implement access control, enforce security administration, and acquire available information from real world to construct an access control model and establish security policies. A three-layered architecture for role-based security administration was proposed. And a practical way was presented to implement role-based access control and role-based security administration ,so that cross-platform role-based access control is implemented automatically and systematically in the security administration system.

JIANG Jie,ZHANG Jie,CHEN De-ren

DOI: https://doi.org/10.3785/j.issn.1008-973x.2009.09.011

2009-01-01

Abstract:An extended context-aware role based access control(RBAC) based on reasoning(RC-RBAC) model was proposed by integrating the single context-aware RBAC and reasoning-based RBAC in order to solve the problems of the Absence of the adjustment and generation of the context-aware condition dynamically and the incapacity of updating the user authorization according to the adjusted constrain conditions in the existing RBAC.The extended model used the rule reasoning to adjust and generate the context constrains dynamically and start the common sensors and the self-defined sensors to collect the attribute values of the conditions.The access permission to the sensitive data was updated in real time based on the context-aware logic reasoning using the user rules and permission rules.The application results show that the extended RC-RBAC model can be employed in the distributed environment to satisfy the need of the dynamic authorization and reduce the real-time access control management complexity.

ZHOU Shen-gang,ZHAO Song-zheng

DOI: https://doi.org/10.3969/j.issn.1001-3695.2005.06.073

2005-01-01

Abstract:The authority management in information systems is one of the necessary conditions to guarantee the data safety.Based on discussing the model of role-based access control and combining with the shared project of information system developing,a new RBAC-based authority control method in information system of B/S mode is presented so as to the problems in the method of access control based on user-function are solved.The new method has been applied in the course of the system developing, and the safe authority control is realized with good effect.

Lu Pengyu,Song Hui,He Liangjun

2010-01-01

Abstract:To satisfy the requirements of secure among enterprise information system, access control seemed as an information security technology has been used in more and more modern enterprises. Administration of an RBAC system using role based approach has become very appealing because of the benefits that a role-based approach typically brings. In this paper, the scope of traditional RBAC models is carried out and requirements of privilege management based on B/S mode are analyzed. The persistence layer, business layer and control layer of system are implemented under the framework of integration of spring and Hibernate by Struts2.0. Compared with the current privilege management infrastructures, because the struts2.0 framework is integrated with different kinds of frameworks, the interoperability of the system has been achieved. Based on the Filter mechanism, the authorized authentication is implemented conveniently. And the flexibility of permission maintenance has been provided by the design of resource entity.

吴江栋,李伟华,安喜锋

DOI: https://doi.org/10.3969/j.issn.1000-3428.2008.20.019

2008-01-01

Abstract:A method of finely granular access control based on RBAC is brought forward after the discussion of the access control model based on role.This paper proposes the idea about finely granular access control,decomposes the access privilege of sources to less granularity,and the privilege is assigned to role,then access control can be managed easily by defining the user of the role and the inherit of roles.The validity of method is proved by the successful system of finely granular access control based on RBAC.Design and implementation process of the method have referenced value to similar software's development.

Wang Zhenjiang,Liu Qiang

DOI: https://doi.org/10.3321/j.issn:1002-8331.2005.35.009

2005-01-01

Abstract:Authority Management is a most important aspect of Information Systems.A successful information system is always supported by a well-designed access control system.Role-based access control policy,which is the focus of access control study nowadays,is more flexible and less management burden.Based on Role-Based Access Control(RBAC) and Task-Role-based Access Control,this paper gives a flexible extended access contrl models,XRBAC,standing for Extended Role-Based Access Control,which extends the definition of role management and authority.

Ronghua Shi

2008-01-01

Abstract:The essential of RBAC was the separation of user and permission. As a bridge between them, role was defined. In the article, an application model was designed based on RBAC. The Permission Management System based on the application model was developed. It could reduce complexity of grant management and decrease the cost of management, as well as make access control more flexible.

Peng-rui CEN,Ling-da WU,Chao YANG,Rong-huan YU

DOI: https://doi.org/10.3969/j.issn.1674-6236.2016.03.002

2016-01-01

Abstract:Through the deep analysis of the shortages about the framework and security of the typical software repository, a security management model of software repository based on RBAC is proposed combined with the characteristics of RBAC (Role-Based Access Control),and designs the database of the software repository based on RBAC.Practice has proved that the access control model can be used to control download and install according to the different levels of users effectively in the process of software management, and further improve the security of the software management platform.

Jing Xu,Tang Jinglei,He Dongjian,Zan Linsen

DOI: https://doi.org/10.1109/icime.2010.5477832

2010-01-01

Abstract:In the paper, we analyze the features of access control of management-type SaaS. Based on the traditional RBAC, we put forward the access control model based on both tenant and role, in which the tenant is as the minimum unit of administrative domain. To be sure user identity with physical security, we put forward the hierarchical authentication and management of user in the management-type SaaS. In order to ensure the access control model of management-type SaaS in line with the reality, we abolish the inheritance right of role in the traditional RBAC. Based on the timing diagram of UML, analyzing the access control model of the cattle public administration platform based on the SaaS, we present its dynamic modeling of access control. Test and analysis is shown that the access control model based on both tenant and role can ensure the accessibility, security and privacy to access cross-domain in the management-type SaaS, and promote the popularization and application of the management-type SaaS.

Meisong CAI,Hongming CAI

DOI: https://doi.org/10.3969/j.issn.1671-8844.2006.04.025

2006-01-01

Abstract:The network security polices in terms of users personal,role and temporary attributes are introduced;and then the access and control mechanism for the three security polices are put forward.An adoption of server-pull and LDAP structure is discussed to perform access and control for the enterprise fundamental information platform based on RBAC.The system employs LDAP directory server as the role server and users can obtain required information in certain secure mode(e.g.SSL),so as to implement the relevant RBAC strategy to achieve the access control purpose.The structure's feature is simple and flexible.

吴振兴,熊璋,方义

DOI: https://doi.org/10.3969/j.issn.1006-2475.2004.12.042

2004-01-01

Abstract:The different levels of RBAC model implementation and their characters are discussed.An implementation of RBAC model on the application level is also presented.This implementation makes use of the security character provided by the operating system to authenticate user in a high security way and introduces application server as agency between database and workstation.Based on active directory and DCOM,this implementation controlls database access reliably according to RBAC model and achieves high security.

QIU Jiong,MA Chen-hua,Yin Jian-wei,Dong Jin-xiang

DOI: https://doi.org/10.1109/CIT.2005.161

2005-01-01

Abstract:RBACAM, a role-based administrative model of RBAC, is proposed in this paper. It simplifies the description of role hierarchies with the definition of role identity code and role derivative information pair group. The concept of role administration domain and role enhanced administration domain is introduced to realize decentralized administration of RBAC. Each role has responsibility far role administration in its own administration domain and enhanced administration domain. A series of conflict checking rules to maintain consistency and the administration of authorization constraints are provided in the model. Administrative algorithms of role hierarchies, user-rote assignments, permission-role assignments and authorization constraints are also described- RBAC AM can be applied in the context of the RBAC96 model without introducing additional entities and relations. The main advantage of RBAC AM is its simplicity, completeness and practicability.

BAO Zhigang,HU Yanjun,GU Xinjian

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.01.059

2006-01-01

Abstract:Firstly making reference to role based access control(RBAC)model,this paper proposes the basic idea about access control.Then it introduces database design of two realizing methods about access control and two methods’ realization in program,it also presents visual effect.Finally it analyzes and compares one to another in detail from two aspects of applicability and reusability.

HU He-ping,XU Wei

DOI: https://doi.org/10.3969/j.issn.1007-130x.2007.06.033

2007-01-01

Abstract:By means of roles, the access control model of role-based access control links an user with his permissions, which greatly reduces the complexity and cost of authorization management.This paper presents a RBAC framework which can be used for the domain of J2EE. The framework which uses the design patterns of software and the method of aspect-oriented programming shows strong expansibility and maintainability.

LI Bo,HUANG Dong-jun

DOI: https://doi.org/10.3969/j.issn.1006-8937-B.2006.04.001

2006-01-01

Abstract:The paper analyzes and compares several primary ways to distribute privileges during the current design process of access system such as Discretionary Access Control(DAC), Mandatory Access Control (MAC) and Role-Based Access Control (RBAC), points out their respective characteristics and limitations of their applicability. By taking the new characteristics of modern enterprise management into consideration and combining with the existing access control model, the authors discuss the access control technology of the multi-users information system, present and realize the security control model based on role level, department level and user level in the application. Practical application makes clear that it enhances the security and maintainability of information system.

Wang Baoyi,Zhang Shaomin,Zhilei Zhang

DOI: https://doi.org/10.1109/ICIT.2008.4608609

2008-01-01

Abstract:Role-based Access Control (RBAC) policy separates user and privilege logically by importing the concept of role, which can simplify the management of privilege in electric power enterprise. As the development and sustaining change of electric power system, unattended substations become the new developing direction. Unattended substation automation system will realize centralized management and remote control, so the use of RBAC access control method will aggravate the burden of the access control server. What is more, it adds the complexity of management. RBAC could not meet the needs of the system. This paper designs Distributed RBAC access control model, according to the substation automation system structure stated in IEC61850. Users obtain their roles in centralized server, and obtain their privilege dispersedly. The efficiency is improved. Management is more convenient. In the end, a practical example is presented to prove that the designed model and algorithm have high security, feasibility and effectiveness in unattended substation automation system. Because the model and algorithm are designed according to the ITU-T X.509 and IEC61850 international standards, the design has high currency, adaptability and expansibility. ©2008 IEEE.

MA Xiao-dong,LIU Xian-hui,ZHAO Wei-dong

DOI: https://doi.org/10.3969/j.issn.1671-0428.2008.02.002

2008-01-01

Abstract:In this paper, the author analyzed a number of access control models ,discussed the application of role-based access control(RBAC) in ASP platform, and also designed and implemented a kind of RBAC model used in mobile business platform based on ASP. This model is based on platform users and the structure of enterprises' organization, divides the roles into different classes and levels which can decrease the complexity of the authorization and management of users.

Yan Chen,Chao Luo,Can Ying Huang,Shang Ping He

DOI: https://doi.org/10.4028/www.scientific.net/aef.6-7.273

2012-01-01

Advanced Engineering Forum

Abstract:As a key access control mode that multiple characters application system is presently used , RBAC(Role-Based Access Control) can solve the problem of dynamic multi-users and multiple characters excellently, but when facing complicated resource types and business processes, it must be expanding on that basis. The article has put forward and realized a permissions model which can solve complicated resource system and business processes—resource model.

Cen Pengrui,Wu LingDa,Yang Chao,Yu Ronghuan

DOI: https://doi.org/10.1109/icsess.2016.7883179

2016-01-01

Abstract:Analized the task and general form of the software management; pointed out the shortages of the software repository on security. Also introduced the Role-Based Access Control model(RBAC model) which was introduced into the construction of software repository service by combining with the requirement of security management about software repository. A hierarchical access control model based on RBAC was proposed, and it database of the software repository based on RBAC was designed. The effective application of this model in the process of software management can ensure the convenience of software distribution; and meanwhile it can effectively improve the security of the software packages.

Zhang Xiantao,Li Qi,Qing Sihan,Zhang Huanguo,Zhang Liqiang

DOI: https://doi.org/10.1109/ISCIT.2007.4392214

2007-01-01

Abstract:Role-based Access Control (RBAC) become an important techniques to secure e-commerce systems during recent years. However, RBAC management issue is still an unresolved problem. Moreover, with the development of IT technologies in many departments, there emerge many group communications which require dynamic user-role assignments. In these scenarios it is infeasible for few security officers to administrate the assignment for local variant applications. In this paper, we propose a novel RBAC model for decentralized and distributed systems. We also present an administration model of our PBAC model to address the management issues in traditional RBAC systems. As one of the main contributions, this paper proposes a decentralized administration model by introducing a component of group assignment to implement a novel user authorization mechanism and a new user-role assignment (UA) approach which provides a two-level administration for user and role management through the concept of group. Our model can be applied for the current group communication applications with dynamic assignments where typically local administrators take charge of the dynamic assignments. In this way, many administrative tasks for different applications can spread over many different local administrators, and a fine-grained administration model of RBAC based on the local administration policies is realized. As a proof-of-concept we implemented a prototype in Xen virtualization environment based on our proposed model to secure real distributed applications.