期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

一种改进UCONB的服务网格授权策略规范 被引量:1

Improved UCON_B Authorization Policy Specification for Service Grid
下载PDF
导出
摘要 针对基于职责行动的授权策略规范表达能力弱的缺陷,为了在服务网格中实现决策组件与执行组件的合理分工,促进独立授权过程的并发执行,提出一种基于改进UCONB的授权策略规范.用委托凭证处理过程的状态组合替换原来简单的访问状态,决策组件根据请求时系统状态输出合理的委托凭证,根据系统状态的变化再决策可转换委托凭证的处理状态.该规范有效避免了相同访问请求重复产生委托凭证,委托凭证能真实反映授权的实际需求. To keep free from weak capability of express of the policy specification based on obligation action decision-making, realize reasonable task assigning between decision component and execution component, and improve concurrent enforce of independent authorization processes in service grid, an improved UCONB-Based authorization policy specification is proposed. Delegation certification processing statuses are defined to replace the simple access status. Decision component can make the reasonable delegation certification based on the system status when a request arrives, and also make decision to change the delegation certification processing status when the system status is changed. This method effectively avoids that the same access requests generate the delegation certification repeatedly, and the delegation certification really reflects actual demands of autho- rization.
作者 桂劲松 陈志刚 胡玉平 邓晓衡 刘安丰
机构地区 中南大学信息科学与工程学院 广东商学院信息学院
出处 《小型微型计算机系统》 CSCD 北大核心 2009年第3期391-397,共7页 Journal of Chinese Computer Systems
基金 国家自然科学基金项目(60573127)资助 湖南省自然科学基金项目(06JJ30032)资助
关键词 服务网格 授权决策 委托凭证 策略规范 service grid authorization decision delegation certification policy specification
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献12

  • 1Park J, Sandhu R. Towards usage control models: beyond traditional access control [C]. In: Proceedings of the 7th ACM Symposium on Access Control Models and Technologies (SACMAT02). Monterey, California, USA: ACM, 2002, 57-64.
  • 2Park J, Sandhu R. The UCONABC usage control model [J], ACM Transaction on Information and System Security, 2004,7 (1): 128-174.
  • 3Zhang Xin-wen. Francesco Parisi-Presicce, Ravi Sandhu, et al. Formal model and policy specification of usage control[J]. ACM Transactions on Information and System Security (TISSEC), 2005, 8(4): 351-387.
  • 4Pearlman L, Welch V, Foster 1, et al. A community authorization service for group eollaboration[A]. IEEE 3rd International Workshop on Policies for Distributed Systems and Networks [C]. Washington D. C: IEEE Computer Society, 2002,50-59.
  • 5Thompson M, Essiari A, Mudumbai S. Certificate based authorization policy in a PKI environment[J]. ACM Transactions on Information and System Security (TISSEC), 2003, 6(4): 566- 588.
  • 6Foster I, Jennings N R, Kesselman C. Brain meets brawn: Why grid and agents need each other[C]. In.. Proceedings of the 3rd International Conference on Autonomous Agents and Multi-Agent Systems(AAMAS' 04), New York, USA, 2004, 8-15.
  • 7Ferraiolo D F, Sandhu R, Gavrila S. Proposed NIST standard for role-based access eontrol[J]. ACM Transaction on Information and System Security, 2001,4(3): 224-274.
  • 8徐震,李斓,冯登国.基于角色的受限委托模型[J].软件学报,2005,16(5):970-978. 被引量:52
  • 9Strembeck M. Conflict checking of separation of duty constraints in RBAC - implementation experiences [C]. In: Proceedings of the Conference on Software Engineering (SE.04). Innsbruck, Austria, 2004,224-229.
  • 10翟征德.基于量化角色的可控委托模型[J].计算机学报,2006,29(8):1401-1407. 被引量:33

二级参考文献40

  • 1徐震,李斓,冯登国.基于角色的受限委托模型[J].软件学报,2005,16(5):970-978. 被引量:52
  • 2Xu Z, Feng DG, Li L, Chen H. UC-RBAC: A usage constrained role-base access control model. In: Qing SH, Gollmann D, Zhou JY, eds. Proc. of the 5th Int'l Conf. on Information and Communications Security. LNCS 2836, Heidelberg: Springer-Verlag, 2003.337-347.
  • 3Gasser M, McDermott E. An architecture for practical delegation in a distributed system. In: Cooper D, Lunt T, eds. Proc. of the1990 IEEE Computer Society Symp. on Research in Security and Privacy. Oakland: IEEE Computer Society Press, 1990. 20-30.
  • 4Gladny HM. Access control for large collections. ACM Trans. on Information Systems, 1997,15(2):154-194.
  • 5Moffett JD, Sloman MS. The source ofauthority for commercial access control. IEEE Computer, 1988,21(2):59-69.
  • 6Nagaratnam N, Lea D. Practical delegation for secure distributed object environments. Distributed Systems Engineering, 1998,5(4):168-178.
  • 7Bandmann O, Dam M, Firozabadi BS. Constrained delegation. In: Proc. of thc 23rd Annual IEEE Symp. on Security and Privacy.Oakland: IEEE Computer Society Press, 2002. 131-143. http://csdl.computer.org/comp/proceedings/sp/2002/1543/00/15430131abs.htm
  • 8Niezette M, Stevenne J. An efficient symbolic representation of periodic time. In: Finin TW, Nicholas CK, Yesha Y, eds. Proc. of the 1st Int'l Conf. on Information and Knowledge Management. LNCS 752, Springer-Verlag, 1992.
  • 9Ferriaolo D, Cugini J,Kuhn R. Role-Based access control (RBAC): Features and motivations. In: Proc. of the 11th Annual Computer Security Application Conf. New Orleans: IEEE Computer Society Press, 1995. 241-248. http://csrc.nist.gov/rbac/ferraiolo-cugini-kuhn-95.pdf
  • 10Sandhu RS, Coyne EJ, Feinstein HL, Youman CE. Role-Based access control models. IEEE Computer, 1996,29(2):38-47.

共引文献71

引证文献1

二级引证文献3

小型微型计算机系统
2009年 第3期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部