Lin Yao,Xiangwei Kong,Zichuan Xu

DOI: https://doi.org/10.1109/NCM.2008.75

2008-01-01

Abstract:Although RBAC models have received broad support as a generalized approach to access control, the administration of roles in large organizations can become quite cumbersome. In this paper, we develop a new paradigm for access control and authorization management, called task-role based access control (TRBAC) with multi-constraint. The basic idea of this model different from traditional RBAC is that roles and permissions are not connected directly but are put together by tasks. It is a dynamic authorization model with fine-grained partition on users, roles, tasks and sessions. The unit of task becomes the permission granularity. It is more convenient for enterprise privilege management such as distributed application,C/S access control and workflow management. It can reduce the administrator's burden and avoid some potential safety hazards because of adopted dynamic authorization.

Wenan TAN -,Yicheng XU -,Ting ZHANG -,Xiang WEN -,Linshan Cui -,Chuanqun JIANG -

DOI: https://doi.org/10.4156/jdcta.vol5.issue7.16

2011-01-01

International Journal of Digital Content Technology and its Applications

Abstract:Currently, the security issues of Web services are hot area in information system (IS). This research mainly discusses the key technologies of information access control focusing on following works: After analyzing the dynamic characteristic of application nature for Web services, a Dynamic Role-Based Access Control using Context and Trust model (abbreviated as CT-DRBAC) for Web services is proposed. During Web services, both the subject of invoking request and object of providing service resources are dynamic nature. So, access policies are needed to consider the dynamic nature. The proposed model has been developed and the authorization framework is discussed detail. In order to implement the dynamic trust management mechanism, a dynamic user role authorization algorithm which considers the user lifecycle contexts in the open systems is proposed and designed to meet the dynamic characteristic of subject and object effectively, and achieve intelligent and scientific user role assignments. The proposed access control module can be used in intelligent information systems to grant dynamically roles to users according to the current context.

TIAN Li-qin,JI Tie-guo,LIN Chuang,YIANG Yiang

DOI: https://doi.org/10.3778/j.issn.1002-8331.2008.19.004

2008-01-01

Abstract:The paper establishes a user behaviour trust and Role-Based Access Control(RBAC) model,which introduces the attribute concept and adds the user behaviour trust degree set on the basis of RBAC model.The detailed description and the authorization flow are given in the article.At last the model is analyzed from the dynamic performance and trust mechanism and role numbers and work performance.The new access control achieves the dynamic authorization by the dynamic assignment of role attributes and achieves the connection identity trust with behavior trust by setting the trust degree as an obligatory attribute,which changes the static authorization only based the identity of existing access control models.The model can reduce the role number by setting the attributes for the role,which can lighten the role management burden caused by the large number roles and improve the performance at the same time.

Xu Jing,Zhengnan Liu,Shuqin Li,Bin Qiao,Gexu Tan

DOI: https://doi.org/10.1007/s13198-015-0411-1

2015-12-22

International Journal of System Assurance Engineering and Management

Abstract:In traditional role-based access control (RBAC) model, the permission is bound with identity statically, without being dynamically adjusted by user behavior. Cloud users distribute widely and constitute complex and have legitimate identity whose behavior may be incredible, but any attack is achieved through malicious behavior. The cloud-user behavior assessment based dynamic access control model was proposed by introducing user behavior risk value, user trust degree and other factors into RBAC. First, the times of threat behavior was introduced into the information security risk equation to improve the accuracy of user behavior risk value. Then, both the times of threat behavior and the uneven interval of risk threshold were introduced the trust model based on behavior risk evolution to improve the accuracy of user trust degree. Finally, the dynamic authorization was achieved by mapping trust level and permissions. By the simulation experiment in a small campus cloud system, it can be shown that the change of user behavior risk value and user trust degree is more rational under different times and frequencies of threat behavior, and dynamic authorization is flexible by mapping the risk level and the user permissions.

DENG Wen-yang,ZHOU Zhou-yi,LIN Si-ming,LIU Jin-gang

DOI: https://doi.org/10.3969/j.issn.1000-3428.2013.02.023

2013-01-01

Abstract:In open environment,the user nodes and resource nodes are variable,and it is almost impossible to check their priorities to access different kind of resources in the system in which the traditional Role Based Access Control(RBAC) model is adapted.To simplify the access control and standardize security strategy in open system,a flexible RBAC model based on trust degree is proposed.It uses the evaluation between the user node and resource node to calculate they direct trust,and employs the evaluation among the resource nodes to get the recommended trust of the resource nodes.Using the two trust values,together with the session history of user nodes and resource nodes,the system assigns the roles as well as its corresponding priorities for the user node flexibly.It adopts the Additive-increase,Multiplicative-decrease(AIMD) algorithm,which is widely used in TCP congestion control algorithm,in the trust evaluation to punish the node with malicious behaviors.

Yan Li,Jinqiang Ren,Huiping Sun,Haining Luo,Zhong Chen

DOI: https://doi.org/10.1007/978-3-642-10240-0_8

2009-01-01

Abstract:With development of grid technology, sensitive data protection becomes a difficult task for accesses from heterogeneous domains. Moreover, anonymity and unknown peers worsen security problems. Traditional access control mechanisms are not suitable to distributed environment. Several models and mechanisms make use of trust evaluation to assist access control decision. But few explicitly consider trust and risk as two separate factors which affect interactions between peers. In this paper, we present an access control mechanism which considers both trust and risk as two vital parameters. We also introduce static game model with incomplete information to analyze the optimal decision. In addition, a new model of trust evaluation is proposed to represent the confidence in the peer. To appease people's anxiety about loss, a model of risk assessment is also presented to indicate impacts on resources. At the end of this paper, to describe how our mechanism works, a scenario is provided.

Lu Chen,Qing Zhou,Gaofeng Huang,Liqiang Zhang

DOI: https://doi.org/10.1109/CIS.2014.47

2014-01-01

Abstract:Resource sharing is one of the main applications of network. How to establish a trust relationship between resources requestor and provider, and enforce authority is the key issue of efficient resource sharing. Existing models and methods are mostly focus on identity, recommendation and other information, but lack of the considering of resource requestor's conduct and environment of computing. And once authorized, it will not be able to track and control user behavior dynamically. It may cause more risks when sharing resources. Aiming to resolve the above problems, a trust-role based context aware access control model is proposed relying on the measurement and verification of the \"trust credentials and evidences\" which embody the context information of user behavior and platform environment to achieve the security, dependable and dynamic access control for resource sharing.

LENG Chun-xia,YU Hui-qun,HAN Jian-min

2009-01-01

Abstract:The access control mechanism in open systems can not only respond to the access requirement of a large amount of users whose identities are not recognizable in advance, but also reflect context information in user's access requirements. We propose a trustworthiness- and context-based access control model (TC-RBAC) and give a method of evaluating the trustworthiness of users. By means of trustworthiness, the applicable roles are assigned to the users whose identities are not recognizable in advance. Besides, context constraint contributes to the decisions of authorization according to context information in user's access requirements. These satisfy the design demands of the access control mechanism in open systems.

Ran Yang,Chuang Lin,Yixin Jiang,Xiaowen Chu

DOI: https://doi.org/10.1109/icc.2011.5963329

2011-01-01

Communications

Abstract:The rapid development of applications running on global information infrastructure poses the problem of securing information sharing among domain collaborations. Existing access control models are defective in dynamic authorization based on user's trustworthiness and do not take full advantages of the infrastructure in implementing access control system. In this work, we propose a trust and role based access control model and the corresponding framework in infrastructure-centric environment. With the extension to RBAC model, trust level requirements, which dictate that the roles in the privilege context must be activated by the trustworthy user, can be specified. The comprehensive trust model, which calculates the user's trust level in multiple trust contexts based on behavior histories, is proposed. Moreover, by taking advantages of the infrastructure services, our scheme is flexible and scalable in that system administrators are free to choose custom scoring functions while the infrastructure trust evaluation services are relieved of the heavy burdens of history record maintenance and trust level update.

LIN Chuang,FENG Fu-Jun,LI Jun-Shan

DOI: https://doi.org/10.1360/jos180955

2007-01-01

Abstract:Access control is an important technology for system security, and its mechanism is different for different networks. This paper first introduces the characteristics and applications of three traditional access control policies which are DAC (discretionary access control), MAC (mandatory access control) and RBAC (role-based access control), introduces the UCON (usage control) model, and then analyzes access control technology and current researches in Grid, P2P and wireless environment respectively. In addition, this paper proposes that trustworthy networks as the developing goal of the next generation Internet require using trust-based the access control model to assure security. This paper investigates on the trust and reputation model in detail, and finally gives the prospects of access control.

Yuchen Wu,Pingping Liu

DOI: https://doi.org/10.21307/ijanmc-2019-050

2019-01-01

Abstract:Abstract In order to ensure the security of data in cloud computing, a trust-role-based hybrid cloud computing access control model is proposed based on the combination of role-based and trust-based access control models. The model introduces the calculation of trust based on the role-based access control, that is, the user needs to verify the trust value in order to obtain the permission to access the data. Through the application in the local business system, it shows that the model can effectively solve the user’s legitimate access to the data in the cloud, that is, to protect the security of the data in the cloud. The trust-based access control model has good advantages in terms of system throughput and storage space. As the number of user requests increases, both access control methods increase significantly in terms of throughput, but when the number of user requests reaches 10, the system throughput of both access control methods decreases, but based on trust - The role’s access control method is always larger than the role-based access control method in terms of throughput, which roughly increases the total amount by about ten percent.

Haibo Gao,Wenjuan Zeng,Xiaohong Deng

DOI: https://doi.org/10.4304/jcp.9.2.506-511

2014-01-01

Journal of Computers

Abstract:In order to solve the shortage of the access control method based on role and credit, a novel dynamic credit and role based access control method is proposed. The method controls an entity’s access behavior through its credit value, and introduces penalty and feedback mechanism to dynamically adjust entity’s credit value. In order to manage an amount of entities effectively, entities with different credit values are divided into different roles in system, and roles are assigned to corresponding privileges respectively. Experimental simulation results showed that the proposed method has good controllability of entity’s credit value and manipulability to protect system’s resources.

LIN Chuang,FENG Fu-Jun,LI Jun-Shan

2007-01-01

Abstract:Access control is an important technology for system security, and its mechanism is different for different networks. This paper first introduces the characteristics and applications of three traditional access control policies which are DAC (discretionary access control), MAC (mandatory access control) and RBAC (role-based access control), introduces the UCON (usage control) model, and then analyzes access control technology and current researches in Grid, P2P and wireless environment respectively. In addition, this paper proposes that trustworthy networks as the developing goal of the next generation Internet require using trust-based the access control model to assure security. This paper investigates on the trust and reputation model in detail, and finally gives the prospects of access control.

Y Tang,Ss Zhang,L Li

DOI: https://doi.org/10.1007/3-540-27912-1_61

2005-01-01

Abstract:The characteristics of multiple security domains environment include multifactor, dynamic, heterogeneity, and openness, which make its resources at high security risks. Thus, it is very critical for mobile access to realize the efficient resources access control in multiple security domains environment. This paper aims at the problems of dynamic privilege assignment for mobile users in cross-domain access, proposes a mobile access control architecture for multiple security domains environment (MACAMSDE), and introduces flexible access control mechanisms. In addtion it discusses the enabling key technologies.

Zhang Yong-sheng,Wang Ying

DOI: https://doi.org/10.1109/NSWCTC.2010.113

2010-01-01

Abstract:The paper proposes a dynamic access control model for Web services that based on the trust-authorization -WS-TABAC model. A simple evaluation algorithm about trust is defined, which can calculate the trust degree of users easily. In WS-TABAC model, part or complete privileges can be achieved through the mapping relations defined between trust and authorization. Theoretical analysis and examples demonstrate that this model can better grant appropriate access privileges for different requestors and satisfy their need than the traditional access control.

Rui Chang,Liehui Jiang,Wenzhi Chen,Hong-qi He,Shuiqiao Yang,Hang Jiang,Wei Liu,Yong Liu

DOI: https://doi.org/10.1002/cpe.4180

2018-01-01

Abstract:This paper discusses security issues on the user equipment, which is the last mile of social networks. One of the main Achilles' heel of social networks is not the organization of networks themselves, but the user devices, typically Android ones. The existing system of privileges makes it easy to infiltrate the network via applications installed on users' devices. Conventional signature-based and static analysis methods are vulnerable. Access to privacy- and security-relevant parts of the application programming interface is controlled by the corresponding permission in a manifest file. While requesting access to permissions, it may offer opportunities to malicious codes, which will cause security issues. Few works among permission analysis, however, pay attention to the prevention of permission leakage on both hardware and software frameworks. In this paper we tackle the challenge of providing our multilayered permission-based security extension scheme on Android platforms. We propose a usage and access control model and an effective method of preventing permission leakage based on ARM TrustZone security extension mechanism. In contrast to previous work, the proposed security architecture provides a permission-based mandatory access control on Android middleware, Linux kernel, and hardware layers. The evaluation results demonstrate the effectiveness of the proposed scheme in mitigating permission leakage vulnerabilities.

Jiwei Li,Xuewei Ding,Yuchen Jiang,Yongqi Ai,Zhen Jia,Xinyi Zhang

DOI: https://doi.org/10.1145/3661638.3661710

2024-01-01

Abstract:Due to the limited ability to authenticate user access attributes, the control effect of database access is difficult to achieve the desired state. Therefore, an identity based database security access control method is proposed. In the stage of building identity trust relationships in cloud services, a trust transfer model was designed, with a trust chain consisting of guarantee nodes and recommendation nodes, allowing users to establish a direct trust relationship between accessing the database through identity authentication. The cloud service provider (CSP) was used as a trusted third party to establish mutual trust relationships between different domains, and the identity authentication gateway was used as a special identity of the domain trust proxy, Use a gateway token as the information credential for trust transfer, thereby achieving secure transfer of user identity between different domains. In the access control stage, the authentication of cloud service identity is achieved by combining trust relationships, and the permission to request database access is determined. In the test results, the interception rate of designing database access control methods for abnormal access has always been stable at over 98.0%, which can effectively ensure the security of database information, with the shortest response time and the least impact from the scale of concurrent access requests.

Chunhua Gu,Fei Luo,Ya Li,Weichao Ding

DOI: https://doi.org/10.1109/compcomm.2018.8780863

2018-01-01

Abstract:The characteristic of the cloud computing, resources sharing, determines that user behavior trustworthiness is crucial to the security of cloud resources. However, the traditional access control model (Role Based Access Control, RBAC) is only based on user identity trust and does not consider whether the user behavior is trusted or not, and the authorization mechanism is static, lacking of flexibility. Moreover, the lack of monitoring of user behavior makes it unable to timely detect and prevent the illegal operation of users. In view of the above several problems, this paper improves the traditional RBAC model, introduces the concepts of user trust evaluation and security level to the RBAC, uses the fuzzy analytic hierarchy process (FAHP) to calculate the user trust value, supervise and control the process when the user executes permissions, so as to achieve the purpose of dynamic access control based on user identity trust and behavior trust. The results of validation analysis of the improved model show that the improved RBAC model overcomes the shortcomings of the traditional RBAC model and can better protect the security of cloud resources, with small control granularity and good flexibility.

Pingping LIU,Linying YAN

DOI: https://doi.org/10.3969/j.issn.1672-9722.2016.02.025

2016-01-01

Abstract:To guarantee the data security in cloud computing ,the role‐based access control model and trust‐based access control model are combined in this paper ,and a hybrid model based on "trust‐role" is proposed .The model introduces the calculation of the trust value on the base of role‐based access control ,so that it is required for verification of the trust value and obtain access to data .It is proved this model can effectively solve the legitimate access to data in the cloud ,and protect the security problem of data in cloud computing .

QIN Juan,LING Li

DOI: https://doi.org/10.3969/j.issn.1000-3428.2007.21.037

2007-01-01

Abstract:This paper puts forward a roaming mechanism of network user to solve the problem that users register and logon frequently using multiple accounts and passwords in network applications and constructs a relevant roaming model of network user.It imports roaming trust degree,integrated trust degree of peer entity,and trust degree of network user to depict entity roaming ability,and gives calculation algorithm of all the trust degrees.It also discusses roaming technology of network user based on the theory.Analysis and verification imply that the roaming mechanism of network user between peer entities based on trust degree is feasible.