期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

一种改进UCONC的服务网格授权决策模型 被引量:2

Improved UCONC authorization decision model for the service grid
下载PDF
导出
摘要 针对基于条件谓词决策的使用控制模型(UCONC)表达能力弱的缺陷,为了在服务网格实现决策组件与执行组件的合理分工,促进独立授权过程的并发执行,提出一种委托凭证模型细粒度表达决策结果.基于此改进UCONC,用委托凭证处理过程的状态组合替换原来简单的访问状态,决策组件根据请求时系统状态输出合理的委托凭证,根据系统状态的变化再决策可转换委托凭证的处理状态.该方法有效避免了相同访问请求重复产生委托凭证,委托凭证真实反映授权的实际需求.在e-Learning Grid系统中,改进后的决策模型能够细粒度地表达授权策略,输出合理的决策结果,各种访问请求通过合适的决策与控制满足了应用对安全的需求. To keep free from weak capability of expression of the usage control model based on condition predication decision (UCONc), realize reasonable task assigning between decision component and execution component, and improve concurrent enforcement of independent authorization processes in the service grid, a delegation certification model is proposed to express the decision result in a fine-grained manner, and the UCONc is improved. Delegation certification processing statuses are defined to replace the simple access status. The decision component can make the reasonable delegation certification based on the system status when a request arrives, and also make a decision to change the delegation certification processing status when the system status is changed. This method effectively avoids the fact that the same access requests generate the delegation certification repeatedly, and the delegation certification really reflects actual demands of authorization. In an e- Learning Grid, the improved decision model expresses the authorization policy in a fine-grained manner, and exports reasonable decision results. Various access requests satisfies security requirements of application through the suitable decision and control .
作者 桂劲松 陈志刚 邓晓衡 刘立
机构地区 中南大学信息科学与工程学院
出处 《西安电子科技大学学报》 EI CAS CSCD 北大核心 2008年第3期546-553,共8页 Journal of Xidian University
基金 国家自然科学基金资助(60573127) 湖南省自然科学基金资助(06JJ30032)
关键词 服务网格 授权决策 委托凭证 条件决策使用控制模型 service grid authorization decision delegation certification UCONc
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献10

  • 1Park J,Sandhu R.Towards Usage Control Models:Beyond Traditional Access Control[C]//Proceedings of the 7th ACM Symposium on Access Control Models and Technologies(SACMAT02).Monterey:ACM,2002:57-64.
  • 2Park J,Sandhu R.The UCONABC Usage Control Model[J].ACM Trans on Information and System Security(TISSEC),2004,7(1):128-174.
  • 3Zhang Xinwen,Parisi-Presicce F,Sandhu R,et al.Formal Model and Policy Specification of Usage Control[J].ACM Trans on Information and System Security(TISSEC),2005,8(4):351-387.
  • 4钟勇,秦小麟,郑吉平,林冬梅.一种灵活的使用控制授权语言框架研究[J].计算机学报,2006,29(8):1408-1418. 被引量:15
  • 5Pearlman L,Welch V,Foster I,et al.A Community Authorization Service for Group Collaboration[C]//IEEE 3rd International Workshop on Policies for Distributed Systems and Networks.Washington:IEEE Computer Society,2002:50-59.
  • 6Thompson M,Essiari A,Mudumbai S.Certificate Based Authorization Policy in a PKI Environment[J].ACM Trans on Information and System Security (TISSEC),2003,6(4):566-588.
  • 7Foster I,Jennings N R,Kesselman C.Brain Meets Brawn:Why Grid and Agents Need Each Other[C]//Proceedings of the 3rd International Conference on Autonomous Agents and Multi-Agent Systems(AAMAS'04).New York:ACM Press,2004:8-15.
  • 8Ferraiolo D F,Sandhu R,Gavrila S.Proposed NIST Standard for Role-based Access Control[J].ACM Trans on Information and System Security,2001,4(3):224-274.
  • 9徐震,李斓,冯登国.基于角色的受限委托模型[J].软件学报,2005,16(5):970-978. 被引量:52
  • 10Tuecke S.Open Grid Service Infrastructure,Version 1.0[EB/OL].[2007-06-20].http://www.ggf.org/ogsi-wg.

二级参考文献42

  • 1Xu Z, Feng DG, Li L, Chen H. UC-RBAC: A usage constrained role-base access control model. In: Qing SH, Gollmann D, Zhou JY, eds. Proc. of the 5th Int'l Conf. on Information and Communications Security. LNCS 2836, Heidelberg: Springer-Verlag, 2003.337-347.
  • 2Gasser M, McDermott E. An architecture for practical delegation in a distributed system. In: Cooper D, Lunt T, eds. Proc. of the1990 IEEE Computer Society Symp. on Research in Security and Privacy. Oakland: IEEE Computer Society Press, 1990. 20-30.
  • 3Gladny HM. Access control for large collections. ACM Trans. on Information Systems, 1997,15(2):154-194.
  • 4Moffett JD, Sloman MS. The source ofauthority for commercial access control. IEEE Computer, 1988,21(2):59-69.
  • 5Nagaratnam N, Lea D. Practical delegation for secure distributed object environments. Distributed Systems Engineering, 1998,5(4):168-178.
  • 6Bandmann O, Dam M, Firozabadi BS. Constrained delegation. In: Proc. of thc 23rd Annual IEEE Symp. on Security and Privacy.Oakland: IEEE Computer Society Press, 2002. 131-143. http://csdl.computer.org/comp/proceedings/sp/2002/1543/00/15430131abs.htm
  • 7Niezette M, Stevenne J. An efficient symbolic representation of periodic time. In: Finin TW, Nicholas CK, Yesha Y, eds. Proc. of the 1st Int'l Conf. on Information and Knowledge Management. LNCS 752, Springer-Verlag, 1992.
  • 8Ferriaolo D, Cugini J,Kuhn R. Role-Based access control (RBAC): Features and motivations. In: Proc. of the 11th Annual Computer Security Application Conf. New Orleans: IEEE Computer Society Press, 1995. 241-248. http://csrc.nist.gov/rbac/ferraiolo-cugini-kuhn-95.pdf
  • 9Sandhu RS, Coyne EJ, Feinstein HL, Youman CE. Role-Based access control models. IEEE Computer, 1996,29(2):38-47.
  • 10Sandhu RS. Rationale for the RBAC96 family of access control models. In: Youman C, Sandhu R, Coyne E, eds. Proc. of the 1 st ACM Workshop on Role-Based Access Control. New York: ACM Press, 1996.

共引文献64

同被引文献10

  • 1芮国荣,邢桂芬.基于角色和规则的访问控制[J].计算机应用,2005,25(4):864-866. 被引量:15
  • 2王伟,蔡皖东,李勇军.基于网络断层扫描的网格网络性能测量分析[J].计算机科学,2007,34(5):45-47. 被引量:2
  • 3姚寒冰,胡和平,李瑞轩.上下文感知的动态访问控制模型[J].计算机工程与科学,2007,29(5):1-3. 被引量:6
  • 4Christodoulopoulos K, Doulamis N, Varvarigos E M. Joint Communication and Computation Task Scheduling in Grids [C]//Proceedings of the 8th IEEE International Symposium on Cluster Computing and the Grid (CCGRID'08). Lyou: IEEE, 2008: 17-25.
  • 5Chen Fu, Yang Jiahai, Yang Yang. Topology Discovery Service Research in Grid Environments [C]//Proceedings of the 7th World Congress on Intelligent Control and Automation (WCICA 2008). Chongqing: IEEE, 2008: 2104-2109.
  • 6Travostino F, Mambretti J, Karmous-Edwards G. Grid Networks: Enabling Grids with Advanced Communication Technology [M]. England: John Wiley & Sons, Ltd, 2006.
  • 7Ravi Sandhu,Jaehong Park.Usage control:a vision for next generation access control[C]//Proceedings of the Seventh ACM Symposium on Access Control Models and Technologies.New York:ACM Press,2004:57-64.
  • 8Zhang X,Park J,Parisi-Presicce F,et al.A logical specification for usage control[C]//Proc.of the 9th ACM Symposium on Access Control Models and Technologies.New York,2004.
  • 9崔永泉,洪帆,龙涛,刘铭.基于使用控制和上下文的动态网格访问控制模型研究[J].计算机科学,2008,35(2):37-41. 被引量:10
  • 10任勇毛,唐海娜,李俊,钱华林.支持网格应用的光网络控制和管理[J].软件学报,2008,19(6):1481-1490. 被引量:9

引证文献2

二级引证文献16

西安电子科技大学学报
2008年 第3期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部