Bin Xu,Xiaohu Yang,Yuanhong Shen,Shanping Li,Albert Ma

DOI: https://doi.org/10.1109/cts.2008.4543958

2008-01-01

Abstract:Software architecture is the backbone of a software- intensive system, many architecture models and styles are struggling to make the artifacts more understandable and reusable. Service-oriented programming is proposed to support reusing and enhancing distributed system development and a service-oriented architecture is essentially a collection of services which communicate with each other. However, the practitioners face the trouble in defining the services and identifying the communication request between all the services. Here in this paper, we adopted a role based architecture model named E-CARGO to facilitate the service definition and communication request identifying. An experience was conducted in prototyping a community support system and E-CARGO model was extended with data and authority access in the case study. The case study indicated that the suggested model could facilitate communication request identifying and service definition and could be helpful in identifying the authority control request during role shifting.

X Feng,L Guoyuan,H Hao,X Li

DOI: https://doi.org/10.1109/cit.2004.1357221

2004-01-01

Abstract:This paper first briefly reviews the state of the security technology research and access control in the Web Services environment, and then presents a service-orient role-based access control model and security architecture model for Web Services. In this Security Architecture model, SOAP Proxy is employed to enforce access control for Web Services and security mechanisms are separated from the business logic. In this paper, a new technology is presented to implement the RBAC on the Web Services by designing the secure cookies and secure SOAP messages. Finally, the conclusion is given and the problems are pointed out, which should be resolved in further research.

ZHU Lei,ZHOU Ming-Hui,LIU Tian-Cheng,MEI Hong

DOI: https://doi.org/10.3321/j.issn:0254-4164.2005.04.027

2005-01-01

Chinese Journal of Computers

Abstract:Service Oriented Architecture (SOA) is a method to design and construct loose coupling software systems. It turns the distributed applications developed on middleware into software services on Internet. Traditional permission management system on middleware has good flexibility and basically, meets the security requirements of closed system, but under SOA, it cannot meet the authorization requirements of requesting services and sharing resources between different nodes and systems. This paper proposes a service oriented permission management model, supporting delegation and reasoning to provide application developers with improved permission management mechanism and to expand capabilities of middleware to share resources and services across organizations. The above model is implemented and validated in a J2EE application server. The experiments show that the model has high flexibility and scalability, and it is reasonable that when over 50 clients request at the same time, response time increases a lot because of signature verifications and file IO operations.

Beibei Shao

2009-01-01

Abstract:The service-oriented architecture (SOA),which is utilized for application system integration for group enterprises, can adapt to the heterogeneous and distributed features of the systems, but has problems that challenge the system security. A cross-domain access control scheme is presented for enterprise applications to resolve the SOA security problems. The core idea is to build a uniform agent-based authentication and authorization system based on the conventional SOA implement model, which achieves shared management and access control of the service resources on the enterprise service bus (ESB) to ensure safe, reliable access across the security domains. This scheme enhances the syetem security, scalability and alterability in the informatization construction of large group enterprises.

Xiyuan Chen,Yang OUYang,Miaoliang Zhu,Yan He

DOI: https://doi.org/10.1109/ICYCS.2008.407

2008-01-01

Abstract:The emerging grid infrastructure presents many challenging security issues that demand new access approach due to its inherent heterogeneity, multidomain characteristic and highly dynamic nature. In order to protect the secure sharing and coordinated use of diverse resources in distributed "virtual organizations", fine-grained access control in grid computing is therefore very necessary and important. In this paper, a semantic-aware access conrtol(SAAC) extending the RBAC with the semantic specification is proposed. Supplying semantic specification by the implementation of semantic inference engine (SIE), the administration for the applicability of users' role memberships to particular permissions is much more easy and precise. The enforcement of the SAAC model for grid application is presented. An experimental evaluation of its overheads is also described.

Di Wu,Xiyuan Chen,Jian Lin,Miaoliang Zhu

DOI: https://doi.org/10.1007/11836025_19

2006-01-01

Abstract:Today, the formulation, specification, and verification of adequate data protection policies in open distributed environment appear as the main challenge to address concerning authorization Role-based access control models have attracted considerable research interest in recent years due to their innate ability to model organizational structure and their potential to reduce administrative overheads This paper proposes ontology specification to describe Role-based Access Control model and extend it with a general context expression Based on these definitions, the specification for interoperation in distributed environment is introduced The works include a definition of ontology to describe the concepts and a declaration of rules to explicit the relationship between concepts The ontology based approach can express security policy with semantic information and provide a machine interpretation for descriptions of policy in open distributed environment.

Bao Liu,Minhua Shi,Deren Chen

2001-01-01

Abstract:Web Services are self-contained, modular applications that can be described, published, located, and invoked over a network, generally, the Web. Yet the problem emerges as different Web Services interoperate each other. In this paper we recommend the Simple Object Access Protocol (SOAP)[1] as the communication standard in the Web Services Architecture to solve the problem.First, we describe what is Web Services and present the architecture of it. Then, according to the challenge that Web Services faces, we address the key enabling technologies of which SOAP be composed. SOAP has many advantages that other binary protocols, such as Java RMI, do not have. Finally, by introducing an E-business model based on the integration of SOAP, UDDI [2], MQ [3] etc., we show the manner and flow of SOAP to implement Web Services architecture.

Zhiwen Zou,Changqian Chen,Shiguang Ju,Jiming Chen

DOI: https://doi.org/10.1007/978-3-642-12189-0_26

2010-01-01

Abstract:The Spatial Role-Based Access Control (SRBAC) model was discussed in this paper. Firstly, the formal definition of SRBAC Model was given; then the region coverage constraint of spatial object, duration constraint of spatial object, various spatial object separations of duty constraints and spatial object cardinality constraint of role activation were researched; after extending the traditional session, the strategy of eliminating the conflictive session was presented; Finally, the role hierarchy has been discussed under the spatial environment. Combined with practical application, the theory of secure DBMS was optimized and afforded to build the stricter system.

Chun CAO,Xiao-Xing MA,Jian LU

DOI: https://doi.org/10.3321/j.issn:0254-4164.2006.07.022

2006-01-01

Chinese Journal of Computers

Abstract:To protect the services against illegal accessing, misusing and tampering is the essential problem in service oriented computing paradigm. As existing access control models and mechanisms can hardly meet the requirements of securing the services in the SOC environment completely, an access control model SCoAC is proposed in this paper. Interactions happening between services are viewed as the contributing processes from both sides to the application system. By specifying the relationship among the entities in the system, the model expresses the authorization for services capturing the trust relationship between their administration domains as well as the application context. This paper also introduces a BindingContext matching mechanism to support fine-grained access control. The evolution of application systems can be mapped onto the changing of the authorization status for the services effectively.

黄益民,杨子江,平玲娣,潘雪增

DOI: https://doi.org/10.3785/j.issn.1008-973x.2004.04.005

2004-01-01

Abstract:The traditional role-based access control (RBAC) model was extended in this work aimed at studying practical ways to implement access control, enforce security administration, and acquire available information from real world to construct an access control model and establish security policies. A three-layered architecture for role-based security administration was proposed. And a practical way was presented to implement role-based access control and role-based security administration ,so that cross-platform role-based access control is implemented automatically and systematically in the security administration system.

HL Hu,D Chen,CQ Huang

DOI: https://doi.org/10.1109/icsmc.2004.1401072

2004-01-01

Abstract:The idea of role has been widely applied to solving the authority, responsibility, function and interaction, which are associated with member station in organizations. Access control is a key security issue in distributed collaboration systems. After analyzing corresponding security requirements and the present status of security in distributed collaboration system, this paper presents an extensive role-based access control (ERBAC) architecture based on differentiated domain management. In this architecture, security management is classified into inter-domain one and infra-domain one, whilst, it can integrate new security policies. Based on definition of role permission type, the paper introduces a function of permission type change to make ERBAC architecture flexible. In addition, the authors discuss the methods by which the security can be implemented in an agent-based framework. The practices signify that this system can be flexibly applied various existing policy languages and protocols.

Wei Meng,Fengmin Li,Juchen Pan,Song,Jiali Bian

DOI: https://doi.org/10.1117/12.2265215

2017-01-01

Abstract:The development of mobile computing, cloud computing and distributed computing meets the growing individual service needs. Facing with complex application system, it's an urgent problem to ensure real-time, dynamic, and fine-grained data access control. By analyzing common data access control models, on the basis of mandatory access control model, the paper proposes a service-oriented access control model. By regarding system services as subject and data of databases as object, the model defines access levels and access identification of subject and object, and ensures system services securely to access databases.

Chao Huang,Jianling Sun,Xinyu Wang,Yuanjie Si

DOI: https://doi.org/10.1109/ICNDS.2009.94

2009-01-01

Abstract:Access control is always essential for safe and security access to the system resource. Role based access control (RBAC) model is widely used in large enterprise software systems. The quality of the RBAC policy design especially role definition has great impact on the system security policy implementation. In this paper we propose a novel role engineering methods with security KAOS (SKAOS), which guide the engineering process via keeping decomposing the functional requirement objective and combining the system security requirement. SKAOS not only simplifies the system userpsilas involvement in the role engineering process via supplying with the objective decomposition but also reduces the complexity of the operation analysis. After building the objective decomposition and activity analysis diagrams, the role definition can be delivered. We illustrate the effectiveness of our method via analyzing a real world requirement problem.

Peng Qi-rui,Wang Cheng,Wu Jing,Li Jun

DOI: https://doi.org/10.1109/icsess.2010.5552305

2010-01-01

Abstract:To integrate distributed information systems in group companies, people favor the Service-Oriented-Architecture (SOA) for its features such as loose-coupling and standardization. But SOA brings security problems. Consequently, an authentication and authorization solution is proposed in this paper. By designing security architecture based on Service-Access-Agent, this solution can simplify the security program, and bring good to the system flexibility and loose coupling, thereby meet the integrated system's requirements for dynamics and agility. This solution has been applied to a project of “national 863 plan”, and shown its validity in engineering practices.

Lian Yu,Yang Yang,Yongchao Gu,Xu Liang,Shan Luo,Frank Tung

DOI: https://doi.org/10.1109/ICEBE.2009.62

2009-01-01

Abstract:Service-oriented architecture (SOA) is a new paradigm, where it is imperative to automatically adapt to the changing context in the environment. This paper applies context awareness to service-oriented architecture to build reusable, adaptable, spontaneous and flexible context-awareness systems. We develop an ontology based context model, and domain-analyst oriented context reasoning rules, which are automatically translated to SWRL (Semantic Web Rule Language) to derive active situations. A mapping mechanism is developed to intelligently and dynamically select services based on current situations. Experiments are performed to evaluate the stability of data acquisition, impact of data load, communication distances and the number of rules.

Wenan TAN -,Yicheng XU -,Ting ZHANG -,Xiang WEN -,Linshan Cui -,Chuanqun JIANG -

DOI: https://doi.org/10.4156/jdcta.vol5.issue7.16

2011-01-01

International Journal of Digital Content Technology and its Applications

Abstract:Currently, the security issues of Web services are hot area in information system (IS). This research mainly discusses the key technologies of information access control focusing on following works: After analyzing the dynamic characteristic of application nature for Web services, a Dynamic Role-Based Access Control using Context and Trust model (abbreviated as CT-DRBAC) for Web services is proposed. During Web services, both the subject of invoking request and object of providing service resources are dynamic nature. So, access policies are needed to consider the dynamic nature. The proposed model has been developed and the authorization framework is discussed detail. In order to implement the dynamic trust management mechanism, a dynamic user role authorization algorithm which considers the user lifecycle contexts in the open systems is proposed and designed to meet the dynamic characteristic of subject and object effectively, and achieve intelligent and scientific user role assignments. The proposed access control module can be used in intelligent information systems to grant dynamically roles to users according to the current context.

Oldooz Karimi

DOI: https://doi.org/10.48550/arXiv.1108.1314

2011-08-05

Abstract:In this article, we examine how security applies to Service Oriented Architecture (SOA). Before we discuss security for SOA, lets take a step back and examine what SOA is. SOA is an architectural approach which involves applications being exposed as "services". Originally, services in SOA were associated with a stack of technologies which included SOAP, WSDL, and UDDI. This article addresses the defects of traditional enterprise application integration by combining service oriented-architecture and web service technology. Application integration is then simplified to development and integration of services to tackle connectivity of isomerous enterprise application integration, security, loose coupling between systems and process refactoring and optimization.

Software Engineering

Peng Liu,Zhong Chen

DOI: https://doi.org/10.1109/wi.2004.10081

2004-01-01

Abstract:Business process describes a set of services that span enterprise boundaries and are provided by enterprises that see each other as partners. Web services is widely accepted and adopted to construct business process. Web services are built in exposed environment and open to security threats. When a web service contained in a business process is authorized to illegal users, it will cause economic loss of the service provider. Although there exist some standards for security of Web services and access control for services in distributed systems are well studied, there is a lack of comprehensive approach in access control for web services, especially in business process. In this paper, an extended RBAC model, called WS-RBAC, is proposed to secure web services in business process. The model takes web services in business process as protected objects and extends the classical RBAC model. Next, The software architecture of WS-RABC is presented. This paper also presents how to specify business process in the model and the authorization constraints of WS-RBAC based on WS-Policy.

Feng Xiang,Gan Ling,Ni Kai,Zhang Chao

DOI: https://doi.org/10.3969/j.issn.1000-386X.2007.10.022

2007-01-01

Abstract:Authorization access control is an essential and important module in MIS.Traditional authorization control needs to be improved on coupling and reusability.A Web service based authorization access control method is designed.By abstracting the basic functions in the field of authorization access control,and setting the authorization intonation into a five-tuple table in database,the functions of authorizatin access control are separated.The authorization access control method is made to run as Web Service,and thus the model is of low coupling,high reusability,and can be easily used in different applications running on isomerism environment.

Yunfei Meng,Zhiqiu Huang,Senzhang Wang,Yu Zhou,Guohua Shen,Changbo Ke

DOI: https://doi.org/10.48550/arXiv.1908.10201

2019-08-23

Cryptography and Security

Abstract:Service-oriented architecture (SOA) system has been widely utilized at many present business areas. However, SOA system is loosely coupled with multiple services and lacks the relevant security protection mechanisms, thus it can easily be attacked by unauthorized access and information theft. The existed access control mechanism can only prevent unauthorized users from accessing the system, but they can not prevent those authorized users (insiders) from attacking the system. To address this problem, we propose a behavior-aware service access control mechanism using security policy monitoring for SOA system. In our mechanism, a monitor program can supervise consumer's behaviors in run time. By means of trustful behavior model (TBM), if finding the consumer's behavior is of misusing, the monitor will deny its request. If finding the consumer's behavior is of malicious, the monitor will early terminate the consumer's access authorizations in this session or add the consumer into the Blacklist, whereby the consumer will not access the system from then on. In order to evaluate the feasibility of proposed mechanism, we implement a prototype system. The final results illustrate that our mechanism can effectively monitor consumer's behaviors and make effective responses when malicious behaviors really occur in run time. Moreover, as increasing the rule's number in TBM continuously, our mechanism can still work well.