Changqin Huang,Guanghua Song,Yao Zheng,Deren Chen

DOI: https://doi.org/10.1007/978-3-540-30102-8_39

2004-01-01

Abstract:Large-scale scientific and engineering computation is normally accomplished through the interaction of collaborating groups and diverse heterogeneous resources. Grid computing is emerging as an applicable paradigm, whilst, there is a critical challenge of authorization in the grid infrastructure. This paper proposes a Parallelized Subtask-level Authorization Service architecture (PSAS) based on the least privilege principle, and presents a context-aware authorization approach and a flexible task management mechanism. The minimization of the privileges is conducted by decomposing the parallelizable task and re-allotting the privileges required for each subtask. The dynamic authorization is carried out by constructing a multi-value community policy and adaptively transiting the mapping. Besides applying a relevant management policy, a delegation mechanism collaboratively performs the authorization delegation for task management. In the enforcement mechanisms involved, the authors have extended the RSL specification and the proxy certificate, and have modified the Globus gatekeeper, jobmanager and the GASS library to allow authorization callouts. Therefore the authorization requirement of an application is effectively met in the presented architecture.

Yunliang Jiang,Xiongtao Zhang,Liang Tang,Weicong Liu,Jing Fan,Yong Liu

DOI: https://doi.org/10.5772/54468

IF: 1.714

2013-01-01

International Journal of Advanced Robotic Systems

Abstract:The need to reduce bandwidth, improve productivity, autonomy and the scalability in multi-robot teleoperation has been recognized for a long time. In this article we propose a novel finite state machine mobile agent based on the network interaction service model, namely FS-MAS. This model consists of three finite state machines, namely the Finite State Mobile Agent (FS-Agent), which is the basic service module. The Service Content Finite State Machine (Content-FS), using the XML language to define workflow, to describe service content and service computation process. The Mobile Agent computation model Finite State Machine (MACM-FS), used to describe the service implementation. Finally, we apply this service model to the multi-robot system, the initial realization completing complex tasks in the form of multi-robot scheduling. This demonstrates that the robot has greatly improved intelligence, and provides a wide solution space for critical issues such as task division, rational and efficient use of resource and multi-robot collaboration.

Yl Jiang,Bs Liao,Y Liu,J Hu

DOI: https://doi.org/10.1007/978-3-540-30483-8_2

2004-01-01

Abstract:Traditional methods for authorization within Grid computing have many shortcomings. Firstly, the enrolments of users and services into the server are done manually, which is not adaptable to the dynamic environment where the service providers and service consumers join or leave dynamically. Secondly, the authorization policy language is not expressive enough to represent more complex policies, and can't resolve the problem of semantic inconsistency between different parties who treat the same policy. This paper takes advantage of characteristics of intelligent agent such as autonomy, proactivity, and sociality, to treat with the authorization issues, including automated registrations and management of agents (service providers and service consumers), autonomous authentication and authorization based on policies, etc. On the other hand, an ontology-based content-explicit policy modeling framework is presented, which resolves the semantic inconsistency problem among different parties.

Bs Liao,J Gao,J Hu,Jj Chen

DOI: https://doi.org/10.1007/978-3-540-30483-8_42

2004-01-01

Abstract:The integration of web services and intelligent agents is promising for automated service discovery, negotiation, and cooperation. But due to the dynamic and heterogeneous nature of web services and agents, it is challenging to guide the behaviors of underlying agents to meet the high-level business (changeful) requirements. Traditional Policy-driven methods (Ponder, Rei, KAoS, etc) are not adaptable to direct the discovery, negotiation and cooperation of dynamic agents who may join in or leave out of a specific community or organization (virtual organization) at run time. The purpose of this paper is to model an ontology-based, policy-driven control framework that is suitable to supervise the dynamic agents according to high-level policies. On the basis of federated multi-agents infrastructure and ontologies of policies, domain concepts, and agent federations, a model of role-based policy specification framework is presented in this paper.

Bei Shui Liao,Ji Gao

DOI: https://doi.org/10.1007/11559221_7

2005-01-01

Abstract:Due to the dynamic nature of virtual organizations (VOs), it is necessary that the multi-agent system for VO formation and cooperation should be aware of the mutable business requirements or user's preferences within VO environments and integrate these dynamic business requirements into its decision making process. We present a model of multi-agent system based on policies and contracts, in which the requirements for both the system and the individual agents can be defined dynamically by means of policies. On the one hand, at the system level, the duties and rights of roles can be specified or modified in terms of policies presented by the VO administrators. And on the other hand, role enacting agents are guided by policies defined by their owners. The policy and contract extended agent model (BGIPDC) is the core of the system, which is formally specified in this paper.

Fan Zhang,Ji Gao,Bei-Shui Liao

DOI: https://doi.org/10.1109/ICMLC.2006.258812

2006-01-01

Abstract:Web service is an important technology in open distributed system. But because of the dynamical and heterogeneous nature of web services, it is difficult to be managed directly. On the other hand, multi-agent system provides a model for automatic discovery, negotiation and cooperation. It can be designed as a container of web services for autonomic management. This paper provides a policy-driven model base on multi-agent system that encapsulates the web service as an agent. It can supervise the dynamical agents and web services that may join in or leave out at run time according to high-level policies or business requirements.

Haichun Gao

2004-01-01

Abstract:The constant development of VPN service brings a lot of challenge toVPN management,this paper presents one kind of computer techniques-multi-agent technique to manage VPN. The technique possesses features of intelligence,cooperation,flexibility and expansion etc. It can solve problems of different network architectures and different network service providers. Both client and service provider will win together. This multi-agent based computer technique is very important for solving these problems.

ZHU Lei,ZHOU Ming-Hui,LIU Tian-Cheng,MEI Hong

DOI: https://doi.org/10.3321/j.issn:0254-4164.2005.04.027

2005-01-01

Chinese Journal of Computers

Abstract:Service Oriented Architecture (SOA) is a method to design and construct loose coupling software systems. It turns the distributed applications developed on middleware into software services on Internet. Traditional permission management system on middleware has good flexibility and basically, meets the security requirements of closed system, but under SOA, it cannot meet the authorization requirements of requesting services and sharing resources between different nodes and systems. This paper proposes a service oriented permission management model, supporting delegation and reasoning to provide application developers with improved permission management mechanism and to expand capabilities of middleware to share resources and services across organizations. The above model is implemented and validated in a J2EE application server. The experiments show that the model has high flexibility and scalability, and it is reasonable that when over 50 clients request at the same time, response time increases a lot because of signature verifications and file IO operations.

Ran Yang,Chuang Lin,Yixin Jiang,Xiaowen Chu

DOI: https://doi.org/10.1109/GLOCOM.2011.6134072

2011-01-01

Abstract:In the service-oriented computing, a single transaction initiated by a client might invoke many different services in other administrative domains. Existing models for authorizing the access assume that all services involved in collaboration are managed by the central authority, which is not always a realistic premise. In this paper, we propose a novel authorization model for dynamic service collaboration. With the authorization discovery process, the client can discover the needed authorization for service access available in other autonomous domains. With extensions to SoD relationship, the conflicts of client interests can be formalized and expressed as constraints. The authorization problems are formalized to choose the optimal access path for each task. At last, the example and experiments show the practicality and the effectiveness of our scheme.

袁平鹏,陈刚,董金祥

DOI: https://doi.org/10.3321/j.issn:1003-9775.2004.04.006

2004-01-01

Abstract:An access control paradigm composed of basic model and role model is proposed for collaborative applications. Basic model specifies the relationship among privileges and the way of ranking privileges. It relates privilege with operations on the objects, so the model appears more straightforward. Moreover, if Brokers' implementation permits, the model can support any grained access control. Role model re-defines the role concept of RBAC96, divides the permissions of role into public permissions, protect permissions and private permissions. It allows user to define roles more flexibly, prevents private permissions of roles from being inherited and reduces the definition of ancillary roles.

Xu Li,Xiaohui Liang,Rongxing Lu,Shibo He,Jiming Chen,Xuemin (Sherman) Shen

DOI: https://doi.org/10.1109/mass.2011.42

2011-01-01

Abstract:Wireless sensor and actor networks (WSANs) are service-oriented environments, where sensors request actors to service their detected events and actors move to deliver the desired services. Because of their openness and unattended nature, these networks are vulnerable to various security attacks. In this paper we address service fraud attacks for the first time, whose objective is to stop the normal use of actor services by fake service requests and/or delivery. To mitigate this type of security attacks, we propose a novel cooperative authentication scheme. With the scheme, a sensor's service request is cooperatively authenticated by the sensors that witness the same event, and an actor's service delivery effort is cooperatively authenticated by the sensors that witness the actor's behavior. Considering the presence of compromised sensor/actor nodes, the trustworthiness of each authenticated service delivery process is subject to location consistency check and witness diversity check. It may then be taken into account to adjust the corresponding actor's trust rating so as to influence future actor service selection. We analyze the communication overhead and the security strength of the scheme. We show that our scheme ensures fraud-resistant actor services in our considered WSAN environment.

Tiaojun Xiao

2007-01-01

Abstract:A role-mapping-based authorization method was presented to solve authorization problems across autonomous systems for the decentralized federate integration of networked manufacturing platforms.Independent autonomous domains established contractual authorization relationships with each other by setting role-mapping rules.The integration system's trust model and the across-domain access control processes were also discussed.A formal authorization model,including four mapping relations and three authorization manners,was defined based on the role-based access control model.To ensure authorization safety across autonomous administration domains and rationality of role-mapping,a risk-control mechanism was proposed based on contractual constraints,static constraints and dynamic constraints.Architecture of the authorization server and an application example were presented to illustrate working process of the role-mapping-based authorization method.

Luo Xing,Wang Wei,Shi Bole

DOI: https://doi.org/10.3969/j.issn.1000-386X.2007.02.024

2007-01-01

Abstract:In this paper,we proposed a formal security database system access model including a multilevel relation model and a element-level authorization.We extended sandhu's MLR model by giving a new explanation of how the database represents the real world.Under new semantic model,the data-borrow operation was strengthened.Further more,with the support of element-level authorization,user privilege management of database system could be more reasonable.

Hao Zeng,Yongwang Zhao,Dianfu Ma

DOI: https://doi.org/10.12733/jcis7282

2013-01-01

Journal of Computational Information Systems

Abstract:Web service has emerged as a fundamental technique for developing Web application due to its highly dynamic and cross-domain characteristics, but which still pose new challenges and difficulties for web services authorization. However, the system-centric view (static control environment) of protecting services and resources taken by traditional access control models is not suitable for web service environment. As is presented in this paper, one finding of our study is a Policy Tree based architecture for web services authorization termed PTBA4WSA. It is established on a staged attribute based access control framework. The paper proposes a Policy Tree model to describe subjects, resources as well as environment attributes, and it also presents a loading classification based policy evaluation algorithm. Both of which cannot only provide high-efficient and _ne-grained access control for web services, but also can support access control policy release mechanism. With PTBA4WSA, we design and implement a service authorization processing system which exhibits high efficiency and availability as is shown by the performance evaluation results. © 2013 Binary Information Press.

L. Pearlman,V. Welch,I. Foster,C. Kesselman,S. Tuecke

DOI: https://doi.org/10.48550/arXiv.cs/0306082

2003-06-14

Software Engineering

Abstract:Virtual organizations (VOs) are communities of resource providers and users distributed over multiple policy domains. These VOs often wish to define and enforce consistent policies in addition to the policies of their underlying domains. This is challenging, not only because of the problems in distributing the policy to the domains, but also because of the fact that those domains may each have different capabilities for enforcing the policy. The Community Authorization Service (CAS) solves this problem by allowing resource providers to delegate some policy authority to the VO while maintaining ultimate control over their resources. In this paper we describe CAS and our past and current implementations of CAS, and we discuss our plans for CAS-related research.

Siok Wah Tay,Ning Zhang,Salem Aljanah

DOI: https://doi.org/10.1109/access.2024.3359442

IF: 3.9

2024-02-10

IEEE Access

Abstract:The advent of the Internet of Things (IoT) and Artificial Intelligence (AI) have led to the rising popularity of Smart Home Automation (SHAuto). SHAuto uses a variety of interconnected smart devices to provide life-enhancing services such as smart energy control, smart entertainment, smart healthcare, and so on. If these devices are compromised, sensitive data may be disclosed and the compromised devices or other connected devices may be maliciously controlled, threatening the privacy and safety of home occupants. Therefore, controlling access to devices in SHAuto is of paramount importance. However, due to the characteristics of the SHAuto environment, this has become a challenging issue. As a first step towards addressing this challenging issue, this paper provides a comprehensive problem analysis of SHAuto. The problem analysis consists of two parts. The first part is an in-depth analysis of various SHAuto use case scenarios covering three aspects, i.e., device control modes, automation modes, and device communications. This analysis has led to the formulation of a generic model for SHAuto. Based on this model, the second part analyses potential vulnerabilities and threats in relation to authorisation. The comprehensive problem analysis has led to a hypothesis that access to the devices can be controlled by governing device communications and the specification of a set of requirements for the design of secure and usable communication-based access control solutions for SHAuto environments.

computer science, information systems,telecommunications,engineering, electrical & electronic

Danfeng Wu,Qingchuan Zhang,Xu Zhang,Chaoen Xiao

DOI: https://doi.org/10.2174/1874444301406011480

2014-01-01

The Open Automation and Control Systems Journal

Abstract:At present, the robot embedded system has some common problems as poor closure and dynamic evolution.Aiming at the situation, the paper focused on the improvement of robot embedded system, and set up architecture of robot system whose control center is Appendage SoftMan based on the syncretic mechanism of robot and SoftMan.The paper mainly paid attention to the research on Appendage SoftMan: used machine cogmatics theory as the guide to put forward the SoftMan knowledge and behavior model and the corresponding specification of conduct; constructed the architecture of Appendage SoftMan, and designed it based on the SoftMan knowledge and behavior model; materialized the theoretical research work as a nonlinear node detecting robot to make an application.Practice had proved that the robot system whose control center is Appendage SoftMan can implement the dynamic and real-time change of task, and its performance could not be affected.

Ling-xiang HUANG,Ming GU

DOI: https://doi.org/10.3969/j.issn.1000-3428.2011.04.099

2011-01-01

Abstract:Portability and usability for access control systems are presented.This paper presents an access control model based on I/O model on Windows platform,which uses virtual device with encrypted file as container.It mainly relies on authorization,transparent encryption/decryption and redirection of disk access.Various access control systems can be extended from this model.It describes the design of the model according to the requirements,and illustrates the development which is composed of API Hook,virtual device driver and filter driver development.Experiments are conducted to verify the characteristics of this model including performance.Two extensions in practice are discussed as a confirmation to the extensibility.

Feng Wang,Baoshan Ge,Li Zhang,Yong Chen,Yang Xin,Xiayuan Li

DOI: https://doi.org/10.1002/sres.2184

2013-04-04

Systems Research and Behavioral Science

Abstract:After analysing the security conditions in current Enterprise Systems (ES), this paper proposes a systematic framework that is based on the Secure Sockets Layer Virtual Private Network (SSL‐VPN) for improving security management. This framework takes account of several key aspects such as channel strategy, network pattern, workstation authentication, identity authentication, security workflow, etc. The proposed framework has the following advantages: low cost, high performance, easy to implement, and strong security control pattern. In addition, this paper proposes a dynamic security strategy that is about authorizing user ID and roles dynamically and conducting real‐time mapping via agent or proxy technologies. Copyright © 2013 John Wiley & Sons, Ltd.

management,social sciences, interdisciplinary

Fausto Rabitti,Elisa Bertino,Won Kim,Darrell Woelk

DOI: https://doi.org/10.1145/103140.103144

IF: 1.6289

1991-03-01

ACM Transactions on Database Systems

Abstract:The conventional models of authorization have been designed for database systems supporting the hierarchical, network, and relational models of data. However, these models are not adequate for next-generation database systems that support richer data models that include object-oriented concepts and semantic data modeling concepts. Rabitti, Woelk, and Kim [14] presented a preliminary model of authorization for use as the basis of an authorization mechanism in such database systems. In this paper we present a fuller model of authorization that fills a few major gaps that the conventional models of authorization cannot fill for next-generation database systems. We also further formalize the notion of implicit authorization and refine the application of the notion of implicit authorization to object-oriented and semantic modeling concepts. We also describe a user interface for using the model of authorization and consider key issues in implementing the authorization model.

computer science, information systems, software engineering