黄益民,平玲娣,潘雪增

DOI: https://doi.org/10.3785/j.issn.1008-973x.2001.06.005

2001-01-01

Abstract:After study of existing security models; analysis of information flow model, Bell-LaPadula(BLP) access control model and Biba access control model; and collation and comparison of their advantages and disadvantages, an improved model is put forward that satisfies the actual demands of information security. An implementation strategy is put forward that ensures information security, reliability, practicality and compatibility in the designed security system. An implementation scheme of this security system and its components and functions is provided. This system combines the following functions: mandatory access contro1, privilege separation, security audit, identity authentication and self-protection. It achieves the level 3 of national information security standard and level B1 of TCSEC standard. It was implemented in the Windows NT and Linux operating system and has yielded good resultsin application.

黄益民,杨子江,平玲娣,潘雪增

DOI: https://doi.org/10.3785/j.issn.1008-973x.2004.04.005

2004-01-01

Abstract:The traditional role-based access control (RBAC) model was extended in this work aimed at studying practical ways to implement access control, enforce security administration, and acquire available information from real world to construct an access control model and establish security policies. A three-layered architecture for role-based security administration was proposed. And a practical way was presented to implement role-based access control and role-based security administration ,so that cross-platform role-based access control is implemented automatically and systematically in the security administration system.

Xiyuan Chen,Di Wu.,Jian Lin,Miaoliang Zhu

DOI: https://doi.org/10.1109/ICCIAS.2006.295308

2006-01-01

Abstract:To satisfy the requirements of secure interoperation among distributed systems, a security violation detection method for RBAC based interoperation is proposed We carry out the discussion in the scope of Core RBAC and Hierarchy RBAC. To better illustrate the method for RBAC based interoperation, a formal definition of secure interoperation in RBAC systems has been introduced. Security violation of interoperation with role mappings in the distributed systems is analyzed. Based on these discussions, a minimum security violation detection method for RBAC based interoperation according to the feature of RBAC system and the inherent characteristic of interoperation in distributed environment is introduced. The minimum detection method provides good performance reducing complexity by decreasing amount of roles involved in detection.

Xiyuan Chen,Miaoliang Zhu

DOI: https://doi.org/10.4028/www.scientific.net/kem.439-440.178

2010-01-01

Abstract:Semantic; Trust Management; RBAC; User-role Assignment Abstract. The application of RBAC in access management of the enterprise services and resources is very widely. With phenomenal growth of information interaction and cooperation between distributed systems, the number of users can be in the hundreds of thousands or millions. This renders manual user-to-role assignment a formidable task. In this paper, we propose a semantic and trust based framework to automatically assign users to roles based on a finite set of assignment rules defined by authorized people in the enterprise. These rules take into consideration the attributes users own and any constraints set forth by the enterprise including the assignment history and the credit of the requester. We choose OWL to specify the user attributes.

YAN Jun,SU Zheng-lian,LING Hai-feng,ZHU Liang,ZHANG Jiao-jiao

DOI: https://doi.org/10.3724/sp.j.1087.2011.00523

2011-01-01

Abstract:Concerning the characteristics and disadvantages of Role-Based Access Control(RBAC) model,the department-role based access control(D-RBAC) finely granular model was proposed in this paper.A formal description for the model elements,the implement mechanism of the model,and the algorithm of access control were given.In D-RBAC model,role was related to department,which effectively implemented the accurate control of access objects and data,and the permission assignment problem of the same role in different departments was resolved.The fine-grained permission control was realized as well.Through the model,the number of roles was decreased,the development assignments were simplified and the accuracy and flexibility of permission management were increased.Finally,an application example of this model being used in one equipment safeguard comprehensive information system was given.

张东站,薛劲松,宋瀚涛

DOI: https://doi.org/10.3969/j.issn.1006-5911.2004.01.008

2004-01-01

Computer Integrated Manufacturing Systems

Abstract:One problem in CIMS is the complex security administration of data resource. The traditional access control is dispersed among the network OS, DBMS and application systems without uniform access control strategy. The Integrated Role Based Access Control (I-RBAC) Model for CIMS is presented based on the current RBAC model. The content and the rule of the model are studied through static and dynamic way. The structure of model is provided and the security of the role is analyzed. The model is applied to the CIMS of one tobacco group and makes the access control be seasoned with the special secure strategy of enterprise.

Wang Baoyi,Zhang Shaomin,Zhilei Zhang

DOI: https://doi.org/10.1109/ICIT.2008.4608609

2008-01-01

Abstract:Role-based Access Control (RBAC) policy separates user and privilege logically by importing the concept of role, which can simplify the management of privilege in electric power enterprise. As the development and sustaining change of electric power system, unattended substations become the new developing direction. Unattended substation automation system will realize centralized management and remote control, so the use of RBAC access control method will aggravate the burden of the access control server. What is more, it adds the complexity of management. RBAC could not meet the needs of the system. This paper designs Distributed RBAC access control model, according to the substation automation system structure stated in IEC61850. Users obtain their roles in centralized server, and obtain their privilege dispersedly. The efficiency is improved. Management is more convenient. In the end, a practical example is presented to prove that the designed model and algorithm have high security, feasibility and effectiveness in unattended substation automation system. Because the model and algorithm are designed according to the ITU-T X.509 and IEC61850 international standards, the design has high currency, adaptability and expansibility. ©2008 IEEE.

Zheng Xiao-lin,Lei Yu,Chen De-ren

DOI: https://doi.org/10.1007/s11460-006-0089-x

2006-01-01

Frontiers of Electrical and Electronic Engineering in China

Abstract:An integrated user access control method was proposed to address the issues of security and management in networked manufacturing systems (NMS). Based on the analysis of the security issues in networked manufacturing system, an integrated user access control method composed of role-based access control (RBAC), task-based access control (TBAC), relationship-driven access control (RDAC) and coalition-based access control (CBAC) was proposed, including the hierarchical user relationship model, the reference model and the process model. The elements and their relationships were defined, and the expressions of constraints authorization were given. The extensible access control markup language (XACML) was used to implement this method. This method was used in the networked manufacturing system in the Shaoxing spinning region of China. The results show that the integrated user access control method can reduce the costs of system security maintenance and management.

Lu Pengyu,Song Hui,He Liangjun

2010-01-01

Abstract:To satisfy the requirements of secure among enterprise information system, access control seemed as an information security technology has been used in more and more modern enterprises. Administration of an RBAC system using role based approach has become very appealing because of the benefits that a role-based approach typically brings. In this paper, the scope of traditional RBAC models is carried out and requirements of privilege management based on B/S mode are analyzed. The persistence layer, business layer and control layer of system are implemented under the framework of integration of spring and Hibernate by Struts2.0. Compared with the current privilege management infrastructures, because the struts2.0 framework is integrated with different kinds of frameworks, the interoperability of the system has been achieved. Based on the Filter mechanism, the authorized authentication is implemented conveniently. And the flexibility of permission maintenance has been provided by the design of resource entity.

Junbiao Wang,Jianxin Zhang,Jianjun Jiang,Shichao Zhang

DOI: https://doi.org/10.3969/j.issn.1000-2758.2008.04.005

2008-01-01

Xibei Gongye Daxue Xuebao/Journal of Northwestern Polytechnical University

Abstract:Aim. Existing access control models are, in our opinion, not sufficiently effective. We now propose a novel access control model based on RBAC (Role-Based Access Control), which, we believe, is sufficiently effective. In the full paper, we explain our model in some detail. In this abstract, we just add some pertinent remarks to listing the two topics of explanation. The first topic is: the analysis of RBAC-based access control model. In the first topic, with the help of Fig.1 in the full paper, we explain in some detail how the FICS (Flexible Information Coding System) controls access. The second topic is: the implementation of our novel and effective RBAC-based access control model. Its three subtopics are: the concepts of traditional RBAC model that we utilize (subtopic 2.1), the restrictions we impose on accessing our novel and effective model (subtopic 2.2), and the access assignment strategy of FICS (subtopic 2.3). A large Chinese aircraft manufacturing enterprise has made use of our novel and effective RBAC-based access control model and has gradually widened and continues to widen the scope of its application. How the large enterprise utilizes our novel and effective model are briefly described in Fig.4 and Table 1 in the full paper.

ZHOU Shen-gang,ZHAO Song-zheng

DOI: https://doi.org/10.3969/j.issn.1001-3695.2005.06.073

2005-01-01

Abstract:The authority management in information systems is one of the necessary conditions to guarantee the data safety.Based on discussing the model of role-based access control and combining with the shared project of information system developing,a new RBAC-based authority control method in information system of B/S mode is presented so as to the problems in the method of access control based on user-function are solved.The new method has been applied in the course of the system developing, and the safe authority control is realized with good effect.

LI Bo,HUANG Dong-jun

DOI: https://doi.org/10.3969/j.issn.1006-8937-B.2006.04.001

2006-01-01

Abstract:The paper analyzes and compares several primary ways to distribute privileges during the current design process of access system such as Discretionary Access Control(DAC), Mandatory Access Control (MAC) and Role-Based Access Control (RBAC), points out their respective characteristics and limitations of their applicability. By taking the new characteristics of modern enterprise management into consideration and combining with the existing access control model, the authors discuss the access control technology of the multi-users information system, present and realize the security control model based on role level, department level and user level in the application. Practical application makes clear that it enhances the security and maintainability of information system.

BAO Zhigang,HU Yanjun,GU Xinjian

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.01.059

2006-01-01

Abstract:Firstly making reference to role based access control(RBAC)model,this paper proposes the basic idea about access control.Then it introduces database design of two realizing methods about access control and two methods’ realization in program,it also presents visual effect.Finally it analyzes and compares one to another in detail from two aspects of applicability and reusability.

Liu Shuo,Luo Xiling,Zhang Jun,Qi Ming

DOI: https://doi.org/10.1109/ICMSS.2009.5303721

2009-01-01

Abstract:This paper proposes an extended RBAC model for countering insider misuse, which provides scalability and flexibility. Multi-level security and context-awareness are introduced into the model to fit in with the particular appliance. A mechanism for insider misuse prevention is presented based on the model. To detect and prevent insider misbehavior, the insider's behavior pattern is analyzed and the probability of misuse is estimated, based on the enforced prevention policies. As a proof, finally an experimental verification is carried out based on the approach.

Yan Chen,Chao Luo,Can Ying Huang,Shang Ping He

DOI: https://doi.org/10.4028/www.scientific.net/aef.6-7.273

2012-01-01

Advanced Engineering Forum

Abstract:As a key access control mode that multiple characters application system is presently used , RBAC(Role-Based Access Control) can solve the problem of dynamic multi-users and multiple characters excellently, but when facing complicated resource types and business processes, it must be expanding on that basis. The article has put forward and realized a permissions model which can solve complicated resource system and business processes—resource model.

Xinyu Wang,Jianling Sun,Xiaohu Yang,Chao Huang,Di Wu

DOI: https://doi.org/10.1093/ietisy/e91-d.5.1447

2008-01-01

IEICE Transactions on Information and Systems

Abstract:This paper proposes a security violation detection method for RBAC based interoperation to meet the requirements of secure interoperation among distributed systems. We use role mappings between RBAC systems to implement trans-system access control, analyze security violation of interoperation with role mappings, and formalize definitions of secure interoperation. A minimum detection method according to the feature of RBAC system in distributed environment is introduced in detail. This method reduces complexity by decreasing the amount of roles involved in detection. Finally, we analyze security violation further based on the minimum detection method to help administrators eliminate security violation.

Wang Zhenjiang,Liu Qiang

DOI: https://doi.org/10.3321/j.issn:1002-8331.2005.35.009

2005-01-01

Abstract:Authority Management is a most important aspect of Information Systems.A successful information system is always supported by a well-designed access control system.Role-based access control policy,which is the focus of access control study nowadays,is more flexible and less management burden.Based on Role-Based Access Control(RBAC) and Task-Role-based Access Control,this paper gives a flexible extended access contrl models,XRBAC,standing for Extended Role-Based Access Control,which extends the definition of role management and authority.

Peng-rui CEN,Ling-da WU,Chao YANG,Rong-huan YU

DOI: https://doi.org/10.3969/j.issn.1674-6236.2016.03.002

2016-01-01

Abstract:Through the deep analysis of the shortages about the framework and security of the typical software repository, a security management model of software repository based on RBAC is proposed combined with the characteristics of RBAC (Role-Based Access Control),and designs the database of the software repository based on RBAC.Practice has proved that the access control model can be used to control download and install according to the different levels of users effectively in the process of software management, and further improve the security of the software management platform.

Peng Wu,Zhao Wang,Jiexi Wan

DOI: https://doi.org/10.1109/ITCS.2009.185

2009-01-01

Abstract:In the e-business website which has the characters of personalization ,we need the univers al access controlstrategy to control the behavior of the user. Itpsilas the key point to resolve the website access control that constructing the strategy which combine the role control and privilege management . Integration of RBAC and PMI has prominent advantages of centralized strategy management ,dynamic authorization and effective access control . It can construct agile access control system for security of e -business website .

Meisong CAI,Hongming CAI

DOI: https://doi.org/10.3969/j.issn.1671-8844.2006.04.025

2006-01-01

Abstract:The network security polices in terms of users personal,role and temporary attributes are introduced;and then the access and control mechanism for the three security polices are put forward.An adoption of server-pull and LDAP structure is discussed to perform access and control for the enterprise fundamental information platform based on RBAC.The system employs LDAP directory server as the role server and users can obtain required information in certain secure mode(e.g.SSL),so as to implement the relevant RBAC strategy to achieve the access control purpose.The structure's feature is simple and flexible.