Lin Yao,Xiangwei Kong,Zichuan Xu

DOI: https://doi.org/10.1109/NCM.2008.75

2008-01-01

Abstract:Although RBAC models have received broad support as a generalized approach to access control, the administration of roles in large organizations can become quite cumbersome. In this paper, we develop a new paradigm for access control and authorization management, called task-role based access control (TRBAC) with multi-constraint. The basic idea of this model different from traditional RBAC is that roles and permissions are not connected directly but are put together by tasks. It is a dynamic authorization model with fine-grained partition on users, roles, tasks and sessions. The unit of task becomes the permission granularity. It is more convenient for enterprise privilege management such as distributed application,C/S access control and workflow management. It can reduce the administrator's burden and avoid some potential safety hazards because of adopted dynamic authorization.

Wei Sun,Da-xin Liu,Tong Wang

DOI: https://doi.org/10.1007/11599517_64

2005-01-01

Abstract:As large corporations and organizations increasingly exploit the Internet as a means of improving business-transaction efficiency and productivity, it is increasingly common to find operational data and other business information in XML format. Access control for XML database is non-trivial subjects. A number of recent research efforts have considered access control models for XML data[1−5]. Our first contribution is a novel model for specifying XML security access control. Given an XML document accompanied by a document DTD, we allow a two-stage access control policies to pledge to security access XML document at file-level and element-level respectively. On the element-level access control, our approach for these access control policies is based on the novel notion of hide-node views. While the hide-node view DTD is exposed to authorized users, neither the internal XPath annotations nor the full document DTD is visible. Authorized users can only operate data over the hide-node view, making use of the exposed view DTD to access data. Our hide-node view mechanism guarantees that unauthorized user cannot access sensitive data and protects the schema information from access by unauthorized users. We think that the schema information also is sensitive data and should be protected from gain through the data accessing.

Wei Sun,Da-xin Liu,Tong Wang

DOI: https://doi.org/10.1007/11610496_109

2006-01-01

Abstract:XML becomes a standard format for data interchanges on Internet, especially in E-commerce. Although XML technology has been widely used, the research and development on XML security is still at the early stage. The control of XML access is important for protecting XML documents from being illegally modified or accessed. Most of available models utilize a single level check point. In this paper, we proposed an access control model with dual level access control: file-level and element-level (or attribute-level). The model allows adopt the XBLP policy with file-level security, while employs Hide-Node View for element-level security. The architecture framework of the access control model and implementation are briefly described.

MENGXiao-feng,LUODao-feng,OUJian-bo

2004-01-01

Abstract:As XML has been increasingly important as the Data-change format of Internet and Intranet, acces-controlon-XML-properties rises as a new issue. Role-based access control (RBAC) is an access control method that has been widely used in Internet, Operation System and Relation Data Base these 10 years. Though RBAC is already relatively mature in the above fields, new problems occur when it is used in XML properties. This paper proposes an integrated model to resolve these problems, after the fully analysis on the features of XML and RBAC.

Meng Xiao-feng,Luo Dao-feng,Ou Jian-bo

DOI: https://doi.org/10.1007/BF02831673

2004-01-01

Wuhan University Journal of Natural Sciences

Abstract:As XML has been increasingly important as the Data-change format of Internet and Intranet, access-control-on-XML-properties rises as a new issue. Role-based access control (RBAC) is an access control method that has been widely used in Internet, Operation System and Relation Data Base these 10 years. Though RBAC is already relatively mature in the above fields, new problems occur when it is used in XML properties. This paper proposes an integrated model to resolve these problems, after the fully analysis on the features of XML and RBAC.

De-zhi XU,T.Haider

DOI: https://doi.org/10.3969/j.issn.1006-8937-B.2005.09.004

2005-01-01

Abstract:As the standard of information representation, transfer, and storage on the Web, XML has been used more and more widely. Using XML to represent data's access control will bring more flexibleness and operation on the system applicat ion. This paper puts forward an approach for the data's access control, which is based on XML data encryption and the technology of accessing of relation table is referred to the control rules of data accessing.

Lei Feng

2008-01-01

Abstract:XML document may include information of different sensitivity levels.To prevent XML document from non-authorization querying and modifying,a control mechanism need to be developed to define access to some parts of XML document.Based on RBAC model,multi-grained authorized mechanism for XML document defined by XML schema is discussed,XML access control architecture on RBAC is described,and a non-recursion algorithm of XML access control is presented.

Guodong Sun,Youping Chen,Zude Zhou,Zubing Min

DOI: https://doi.org/10.1007/s00170-007-1292-5

IF: 3.563

2007-01-01

The International Journal of Advanced Manufacturing Technology

Abstract:With the development of networked manufacturing, large amounts of real-time data in manufacturing process monitoring are transmitted and exchanged on the Web. Information security and assurance have to be taken into account, such as limiting the view of the intended audience to only relevant portions of the state data and operating the permitted devices or partial control units. This paper provides a secure framework based on role-based access control (RBAC) for networked manufacturing monitoring. In such a frame-work, fine-grained access control is accomplished by defining rules at the XPath-level of the real-time state data and control instructions documents, which are represented in the eXtensible Markup Language (XML) format. To achieve role-based configuration, the monitored variables and client interface vary with the roles of the user logging into the monitoring server to create “need to know” protections on critical information.

Jingtao Zhou,Shusheng Zhang,Mingwei Wang,Hongwei Sun

2006-01-01

Abstract:Nowadays, swirling around most businesses is not structure information but semi-structure information, such as spreadsheets, and documents created by an individual or company. However, in spite of success of data management of structure data by using databases, current enterprise information infrastructure is poorly suited for dealing with the continuing, rapid explosion of semi-structure data in enterprise. In this paper we discuss a system based on the integration between XML and RDB in a three- tiered framework, which undertakes research at the intersection of XML and RDB, exploits their strengths in a common framework, and expands their applicability in the area of semi-structure data management. Through a discussion of the fundamental architecture in general and its components in particular, we depict the basic principles that should form the basis for the design of the architecture based on the integration of XML and RDB. The key contribution of this paper is the framework for semi-structure data management, which is orchestrated through the transformation of representation, query and updating between XML data and RDB data.

Zhao Xiaonan,Li Zhanhuai,Ma Huibin

DOI: https://doi.org/10.3321/j.issn:1002-8331.2006.05.053

2006-01-01

Abstract:As a standard for data exchanging in the network,XML data is increasing in highly speed.It becomes very eagerly to manage the XML data via RDBMS.In this paper,a middleware implement framework of XML data management is proposed,with utilizing some special mapping methods,parsing the schema files,and then producing the corresponding relational schemas to store and manage XML data in a RDBMS.Users can operate the XML data by XML operations without awaring of anything about the RDBMS.This framework is easy to be extended in the future because of its flexible structure.

Jingtao Zhou,Mingwei Wang,Shusheng Zhang,Hongwei Sun

DOI: https://doi.org/10.1109/cscwd.2006.253208

2006-01-01

Abstract:Nowadays, swirling around most businesses is not structure information but semi-structure information, such as spreadsheets, and documents created by an individual or company. To fully manage and use semi-structure information as structure information does, we propose a technology based on the bi-directional integration between XML and RDB in a three-tiered structure. Through undertaking research at the intersection of XML and RDB, the technology expects to represent and use semi-structure information based on XML, and manage semi-structure information using RDB. Bi-directional means that we transform semi-structure data represented by XML into RDB and oppositely publishing RDB data into corresponding XML format based on schema mapping between XML and RDB, which is the first tier named static transformation tier in the three-tired structure. On the basis of static transformation tier, we transform semi-structure data query, i.e. query on XML from user interface into SQL on the corresponding bottom RDB and return back the result data in XML format, which is the second tier named dynamic query tier. At last, synchronous updating for the virtual XML and bottom RDB is carried out as the third tier named synchronous updating tier. All the three tiers' integration is realized through the middleware, which is also offered in this paper

Li Lan,Dan Feng

2004-01-01

Journal of Software

Abstract:Information stored in XML documents should be protected by access control policy. Current access control models for XML documents are all based on DAC (discretionary access control) or RBAC (role-based access control). High security system uses MAC (mandatory access control) to secure information in system. XML document model is extended to include label information in this paper, and some rules that the extended model has to satisfy with are presented. Fine-grained MAC model for XML documents is described in detail by discussing four operations on XML documents. The fine-grained MAC model is based on XML schema, and its finest granularity of access control is element or attribute. The architecture and some mechanisms used to implement the fine-grained MAC model are discussed too.

王刚,宋执环

DOI: https://doi.org/10.3969/j.issn.1000-3428.2002.09.044

2002-01-01

Abstract:In this paper, the construction of role-based access control is discussed. Aiming at the complexity of the subjects, combined with the particularity of actions and objects in document management, considering the restriction of subject and the state of object, some improvement is made in the original RBAC and a new team-role-based document access control which is named TRBDAC model is presented. ;

DeQiang Wang,Feng Xu,Bing Mao,Li Xie

2004-01-01

Abstract:Proposed in this paper is a new algorithm of access control labeling on an XML document based on the authorization-tree. The algorithm improves the performance effectively through avoiding matching authorizations, solving the authorization conflict and labeling at every node of the XML-tree. Meanwhile, a flexible and user-configurable mode of solving the authorization conflict is proposed. And the mode is integrated into the authorization-tree algorithm seamlessly.

Tao Peng,Minghua Jiang,Ming Hu

DOI: https://doi.org/10.4028/www.scientific.net/amr.121-122.558

2010-01-01

Advanced Materials Research

Abstract:A multi-polices access control model is proposed, with the model, access control based on policy regulation and XML based policy description is given. At the same time, We use the XSD(XML Schema Definition) to describe the content and the structure of the xml documents, and check the validity of the xml documents. Based on the description of the access control, an application system is realized we construct the runtime platform and choose some access control polices to test our system. The result is well.

Tao Peng,Jiang Minghua,Hu Ming

2008-01-01

Abstract:Nowaday, the status of XML as a standard for storing and exchanging data in Internet and XML documents is becoming a de facto standard for storing and exchanging information. So, access control of XML documents is a key in network environment. In this paper, we propose an approach that exploits the semantics associated with subject and information in XML documents to facilitate automatic access control policies while resource sharing occurs among coalition members. Our approach relies on identifying the necessary attributes required by users to gain access to specific XML documents information. Specifically, it consists of extracting user attribute sets that semantically mach with the attributes of the information in XML documents. This relies on a closer examination of why a user is assigned a specific role.

LI Bo,HUANG Dong-jun

DOI: https://doi.org/10.3969/j.issn.1006-8937-B.2006.04.001

2006-01-01

Abstract:The paper analyzes and compares several primary ways to distribute privileges during the current design process of access system such as Discretionary Access Control(DAC), Mandatory Access Control (MAC) and Role-Based Access Control (RBAC), points out their respective characteristics and limitations of their applicability. By taking the new characteristics of modern enterprise management into consideration and combining with the existing access control model, the authors discuss the access control technology of the multi-users information system, present and realize the security control model based on role level, department level and user level in the application. Practical application makes clear that it enhances the security and maintainability of information system.

Li Xiaodong,Huang Hao,Zhu Hao,Yang Weidong

DOI: https://doi.org/10.3969/j.issn.1000-386X.2011.12.002

2011-01-01

Abstract:Keyword search of XML database is simple and easy to use,and the users do not have to understand the pattern of the database.Recently it is widely concerned by the people.Current researches on this issue mainly focus on the algorithms of the keyword search and the organisation and sorting of the returned results,but the issue of secure access control of the keywords is ignored.Combining XML keyword search and XML secure access control,in this paper we put forward a new Role-based Access Control Policy which is built based on XML Schema(SRACP),and on the basis of SRACP,we built a secure index for XML keyword search(SRACP-Index) including the data structure of the SRACP-Index,the construction and algorithm of the SRACP-Index,and the way to carry out SSLCA search using the SRACP-Index.At the end,we proved the validity of our index and SSLCA search algorithm through experiments.

Tao Peng,Minghua Jiang,Ming Hu

DOI: https://doi.org/10.1109/iih-msp.2008.310

2008-01-01

Abstract:In a dynamic coalition environment, organizations should be able to exercise their own local fine-grained access control policies while sharing resources with external entities. At the same time, the status of XML as a standard for storing and exchanging data in Internet and XML documents is becoming a de facto standard for storing and exchanging information. So, access control of XML documents is a key in dynamic coalition environment. In this paper, we propose an approach that exploits the semantics associated with subject and information in XML documents to facilitate automatic access control policies while resource sharing occurs among coalition members. Our approach relies on identifying the necessary attributes required by users to gain access to specific XML documents information. Specifically, it consists of extracting user attribute sets that semantically mach with the attributes of the information in XML documents. This relies on a closer examination of why a user is assigned a specific role.

Zhang Dongzhan,Guo Youxian,Wu Yashuang

2008-01-01

Abstract:Extensible markup language (XML) is a promising standard for describing structured information and contents on the Internet. Information stored in XML documents should be protected by access control policy. High security system uses mandatory access control to secure information in system. A XML Oriented Mandatory Access Control Based on Hierarchy Security Labels is presented, which is focused on enforcing and resolving fine grained authorizations with respect to the XML data model and semantics. The XML documents are labeled by three rules and one algorithm, allowing for definition and enforcement of access restrictions directly on the structure and content of XML documents. The fine-grained access control model is described in detail by discussing four operations on XML documents. The architecture and some mechanisms used to implement the model are discussed at last. The result is a flexible and powerful security system offering a simple integration with current solutions.