Role-based network embedding aims to embed role-similar nodes into a similar embedding space,which is widely used in graph mining tasks such as role classification and detection.Roles are sets of nodes in graph networ...Role-based network embedding aims to embed role-similar nodes into a similar embedding space,which is widely used in graph mining tasks such as role classification and detection.Roles are sets of nodes in graph networks with similar structural patterns and functions.However,the rolesimilar nodes may be far away or even disconnected from each other.Meanwhile,the neighborhood node features and noise also affect the result of the role-based network embedding,which are also challenges of current network embedding work.In this paper,we propose a Role-based network Embedding via Quantum walk with weighted Features fusion(REQF),which simultaneously considers the influence of global and local role information,node features,and noise.Firstly,we capture the global role information of nodes via quantum walk based on its superposition property which emphasizes the local role information via biased quantum walk.Secondly,we utilize the quantum walkweighted characteristic function to extract and fuse features of nodes and their neighborhood by different distributions which contain role information implicitly.Finally,we leverage the Variational Auto-Encoder(VAE)to reduce the effect of noise.We conduct extensive experiments on seven real-world datasets,and the results show that REQF is more effective at capturing role information in the network,which outperforms the best baseline by up to 14.6% in role classification,and 23% in role detection on average.展开更多
Role mining and setup affect the usage of role-based access control(RBAC).Traditionally,user's role and permission assigning are manipulated by security administrator of system.However,the cost is expensive and th...Role mining and setup affect the usage of role-based access control(RBAC).Traditionally,user's role and permission assigning are manipulated by security administrator of system.However,the cost is expensive and the operating process is complex.A new role analyzing method was proposed by generating mappings and using them to provide recommendation for systems.The relation among sets of permissions,roles and users was explored by generating mappings,and the relation between sets of users and attributes was analyzed by means of the concept lattice model,generating a critical mapping between the attribute and permission sets,and making the meaning of the role natural and operational.Thus,a role is determined by permission set and user's attributes.The generated mappings were used to automatically assign permissions and roles to new users.Experimental results show that the proposed algorithm is effective and efficient.展开更多
Growing numbers of users and many access control policies which involve many different resource attributes in service-oriented environments bring various problems in protecting resource.This paper analyzes the relatio...Growing numbers of users and many access control policies which involve many different resource attributes in service-oriented environments bring various problems in protecting resource.This paper analyzes the relationships of resource attributes to user attributes in all policies, and propose a general attribute and rule based role-based access control(GAR-RBAC) model to meet the security needs. The model can dynamically assign users to roles via rules to meet the need of growing numbers of users. These rules use different attribute expression and permission as a part of authorization constraints, and are defined by analyzing relations of resource attributes to user attributes in many access policies that are defined by the enterprise. The model is a general access control model, and can support many access control policies, and also can be used to wider application for service. The paper also describes how to use the GAR-RBAC model in Web service environments.展开更多
PMI (privilege management infrastructure) is used to perform access control to resource in an E-commerce or E-government system. With the ever-increasing need for secure transaction, the need for systems that offer ...PMI (privilege management infrastructure) is used to perform access control to resource in an E-commerce or E-government system. With the ever-increasing need for secure transaction, the need for systems that offer a wide variety of QoS (quality-of-service) features is also growing. In order to improve the QoS of PMI system, a cache based on RBAC (Role-based Access control) and trust is proposed. Our system is realized based on Web service. How to design the cache based on RBAC and trust in the access control model is deseribed in detail. The algorithm to query role permission in cache and to add records in cache is dealt with. The policy to update cache is introduced also.展开更多
Role-Based Encryption (RBE) realizes access control mechanisms over encrypted data according to the widely adopted hierarchical RBAC model. In this paper, we present a practical RBE scheme with revocation mechanism ...Role-Based Encryption (RBE) realizes access control mechanisms over encrypted data according to the widely adopted hierarchical RBAC model. In this paper, we present a practical RBE scheme with revocation mechanism based on partial-order key hierarchy with respect to the public key infrastructure, in which each user is assigned with a unique private-key to support user identification, and each role corresponds to a public group-key that is used to encrypt data. Based on this key hierarchy structure, our RBE scheme allows a sender to directly specify a role for encrypting data, which can be decrypted by all senior roles, as well as to revoke any subgroup of users and roles. We give a full proof of security of our scheme against hierarchical collusion attacks. In contrast to the existing solutions for encrypted file systems, our scheme not only supports dynamic joining and revoking users, but also has shorter ciphertexts and constant-size decryption keys.展开更多
With the rapid growth in the availability of digital health-related data,there is a great demand for the utilization of intelligent information systems within the healthcare sector.These systems can manage and manipul...With the rapid growth in the availability of digital health-related data,there is a great demand for the utilization of intelligent information systems within the healthcare sector.These systems can manage and manipulate this massive amount of health-related data and encourage different decision-making tasks.They can also provide various sustainable health services such as medical error reduction,diagnosis acceleration,and clinical services quality improvement.The intensive care unit(ICU)is one of the most important hospital units.However,there are limited rooms and resources in most hospitals.During times of seasonal diseases and pandemics,ICUs face high admission demand.In line with this increasing number of admissions,determining health risk levels has become an essential and imperative task.It creates a heightened demand for the implementation of an expert decision support system,enabling doctors to accurately and swiftly determine the risk level of patients.Therefore,this study proposes a fuzzy logic inference system built on domain-specific knowledge graphs,as a proof-of-concept,for tackling this healthcare-related issue.The system employs a combination of two sets of fuzzy input parameters to classify health risk levels of new admissions to hospitals.The proposed system implemented utilizes MATLAB Fuzzy Logic Toolbox via several experiments showing the validity of the proposed system.展开更多
This paper first introduces attribute expression to describe attribute-based access control policy.Secondly,an access control policy enforcement language named A-XACML (attribute-XACML)is proposed,which is an extens...This paper first introduces attribute expression to describe attribute-based access control policy.Secondly,an access control policy enforcement language named A-XACML (attribute-XACML)is proposed,which is an extension of XACML.A-XACML is used as a simple,flexible way to express and enforce access control policies,especially attribute-based access control policy,in a variety of environments.The language and schema support include data types,functions,and combining logic which allow simple and complex policies to be defined.Finally,a system architecture and application case of user-role assignment is given to show how attribute expressions and A-XACML work in access control policy description and enforcement.The case shows that attribute expression and A-XACML can describe and enforce the complex access control policy in a simple and flexible way.展开更多
To describe and integrate various policies applied in different domains, the definition of the family of OntoRBAC based on the ontology of a general role-based access control (RBAC) policy is proposed, which can sup...To describe and integrate various policies applied in different domains, the definition of the family of OntoRBAC based on the ontology of a general role-based access control (RBAC) policy is proposed, which can support and extend the RBAC96 model. The uniform ontology-based description mechanism of secure policies is applied in OntoRBAC, which can be used to describe different secure policies in distributed systems and integrate policies in semantic level with upper concepts. In addition, some rules have been defined to reason within the OntoRBAC to extend the inference algorithms in ontology, which makes the system accommodate itself to RBAC policies better.展开更多
Growing numbers of users and many access policies that involve many different resource attributes in service-oriented environments cause various problems in protecting resource. This paper analyzes the relationships o...Growing numbers of users and many access policies that involve many different resource attributes in service-oriented environments cause various problems in protecting resource. This paper analyzes the relationships of resource attributes to user attributes based on access policies for Web services, and proposes a general attribute based role-based access control(GARBAC) model. The model introduces the notions of single attribute expression, composite attribute expression, and composition permission, defines a set of elements and relations among its elements and makes a set of rules, assigns roles to user by inputing user's attributes values. The model is a general access control model, can support more granularity resource information and rich access control policies, also can be used to wider application for services. The paper also describes how to use the GARBAC model in Web services environments.展开更多
In several countries,the ageing population contour focuses on high healthcare costs and overloaded health care environments.Pervasive health care monitoring system can be a potential alternative,especially in the COVI...In several countries,the ageing population contour focuses on high healthcare costs and overloaded health care environments.Pervasive health care monitoring system can be a potential alternative,especially in the COVID-19 pandemic situation to help mitigate such problems by encouraging healthcare to transition from hospital-centred services to self-care,mobile care and home care.In this aspect,we propose a pervasive system to monitor the COVID’19 patient’s conditions within the hospital and outside by monitoring their medical and psychological situation.It facilitates better healthcare assistance,especially for COVID’19 patients and quarantined people.It identies the patient’s medical and psychological condition based on the current context and activities using a fuzzy context-aware reasoning engine based model.Fuzzy reasoning engine makes decisions using linguistic rules based on inference mechanisms that support the patient condition identication.Linguistics rules are framed based on the fuzzy set attributes belong to different context types.The fuzzy semantic rules are used to identify the relationship among the attributes,and the reasoning engine is used to ensure precise real-time context interpretation and current evaluation of the situation.Outcomes are measured using a fuzzy logic-based context reasoning system under simulation.The results indicate the usefulness of monitoring the COVID’19 patients based on the current context.展开更多
The main advantages of role-based access control (RBAC) are able to support the well-known security principles and roles'inheritance. But for there remains a lack of specific definition and the necessary formalizat...The main advantages of role-based access control (RBAC) are able to support the well-known security principles and roles'inheritance. But for there remains a lack of specific definition and the necessary formalization for RBAC, it is hard to realize RBAC in practical work. Our contribution here is to formalize the main relations of RBAC and take first step to propose concepts of action closure and deta closure of a role, based on which we got the specification and algorithm for the least privileges of a role. We propose that roles' inheritance should consist of inheritance of actions and inheritance of data, and then we got the inheritance of privileges among roles, which can also be supported by existing exploit tools.展开更多
To meet the authorization administration requirements in a distributedcomputer network environment, this paper extends the role-based access control model with multipleapplication dimensions and establishes a new acce...To meet the authorization administration requirements in a distributedcomputer network environment, this paper extends the role-based access control model with multipleapplication dimensions and establishes a new access control model ED-RBAC(Extended Role Based AccessControl Model) for the distributed environment. We propose an extendable hierarchical authorizationassignment framework and design effective role-registeringi role-applying and role-assigningprotocol with symmetric and asymmetric cryptographic systems. The model can be used to simplifyauthorization administration in a distributed environment with multiple applications.展开更多
Intrusion Detection System(IDS)have received a great deal ofattention because of their excellent ability of preventing networkincidents. Recently, many efficient approaches have been proposed toimprove detection abili...Intrusion Detection System(IDS)have received a great deal ofattention because of their excellent ability of preventing networkincidents. Recently, many efficient approaches have been proposed toimprove detection ability of IDS. While the self-protection abilityof IDS is relatively worse and easy to be exploited by attackers,this paper gives a scheme of Securely Distributed Intrusion DetectionSystem(SDIDS). This system adopts special measurements to enforce thesecurity of IDS components. A new secure mechanism combiningrole-based access control and attribute certificate is used to resistattack to communication.展开更多
An increasing number of social computational systems consist of a great amount of autonomous entities and operate in highly dynamic and unpredictable environments. To construct such systems needs to seek high-level ab...An increasing number of social computational systems consist of a great amount of autonomous entities and operate in highly dynamic and unpredictable environments. To construct such systems needs to seek high-level abstrac- tion to manage the complexity of the systems and novel mechanism to support their characteristics, i.e., dynamism and flexibility. Agent-oriented programming (AOP) is con- sidered as a potential paradigm for developing such systems by exhibiting a number of characteristics, such as autonomy, flexibility, social ability, etc. However, current researches on AOP mainly focus on the construction of multi-agent system (MAS) with theory and language facilities inspired from arti- ficial intelligence (AI) and distributed AI, seldom considering and integrating the proven principles and practices of pro- gramming and software engineering. Moreover, abstractions and mechanism based on AI are inadequate for developing dynamic and flexible MAS in open environment. This paper proposes a novel AOP approach, namely Oragent, for con- structing and implementing dynamic and flexible systems. From a software engineering perspective, Oragent integrates organizational concepts and mechanism into AOP language, and support the dynamism and flexibility with explicit prim- itives. The proposed approach consists of a programming model and a corresponding programming language. This paper presents the syntax and formal operational semanticsof Oragent language, and studies a case to demonstrate our approach.展开更多
基金supported in part by the National Nature Science Foundation of China(Grant 62172065)the Natural Science Foundation of Chongqing(Grant cstc2020jcyjmsxmX0137).
文摘Role-based network embedding aims to embed role-similar nodes into a similar embedding space,which is widely used in graph mining tasks such as role classification and detection.Roles are sets of nodes in graph networks with similar structural patterns and functions.However,the rolesimilar nodes may be far away or even disconnected from each other.Meanwhile,the neighborhood node features and noise also affect the result of the role-based network embedding,which are also challenges of current network embedding work.In this paper,we propose a Role-based network Embedding via Quantum walk with weighted Features fusion(REQF),which simultaneously considers the influence of global and local role information,node features,and noise.Firstly,we capture the global role information of nodes via quantum walk based on its superposition property which emphasizes the local role information via biased quantum walk.Secondly,we utilize the quantum walkweighted characteristic function to extract and fuse features of nodes and their neighborhood by different distributions which contain role information implicitly.Finally,we leverage the Variational Auto-Encoder(VAE)to reduce the effect of noise.We conduct extensive experiments on seven real-world datasets,and the results show that REQF is more effective at capturing role information in the network,which outperforms the best baseline by up to 14.6% in role classification,and 23% in role detection on average.
基金Project(61003140) supported by the National Natural Science Foundation of ChinaProject(013/2010/A) supported by Macao Science and Technology Development FundProject(10YJC630236) supported by Social Science Foundation for the Youth Scholars of Ministry of Education of China
文摘Role mining and setup affect the usage of role-based access control(RBAC).Traditionally,user's role and permission assigning are manipulated by security administrator of system.However,the cost is expensive and the operating process is complex.A new role analyzing method was proposed by generating mappings and using them to provide recommendation for systems.The relation among sets of permissions,roles and users was explored by generating mappings,and the relation between sets of users and attributes was analyzed by means of the concept lattice model,generating a critical mapping between the attribute and permission sets,and making the meaning of the role natural and operational.Thus,a role is determined by permission set and user's attributes.The generated mappings were used to automatically assign permissions and roles to new users.Experimental results show that the proposed algorithm is effective and efficient.
基金The National Natural Science Foundation of China(No60402019No60672068)
文摘Growing numbers of users and many access control policies which involve many different resource attributes in service-oriented environments bring various problems in protecting resource.This paper analyzes the relationships of resource attributes to user attributes in all policies, and propose a general attribute and rule based role-based access control(GAR-RBAC) model to meet the security needs. The model can dynamically assign users to roles via rules to meet the need of growing numbers of users. These rules use different attribute expression and permission as a part of authorization constraints, and are defined by analyzing relations of resource attributes to user attributes in many access policies that are defined by the enterprise. The model is a general access control model, and can support many access control policies, and also can be used to wider application for service. The paper also describes how to use the GAR-RBAC model in Web service environments.
基金Supported by the National Tenth Five-rear Planfor Scientific and Technological Development of China (413160501)the National Natural Science Foundation of China (50477038)
文摘PMI (privilege management infrastructure) is used to perform access control to resource in an E-commerce or E-government system. With the ever-increasing need for secure transaction, the need for systems that offer a wide variety of QoS (quality-of-service) features is also growing. In order to improve the QoS of PMI system, a cache based on RBAC (Role-based Access control) and trust is proposed. Our system is realized based on Web service. How to design the cache based on RBAC and trust in the access control model is deseribed in detail. The algorithm to query role permission in cache and to add records in cache is dealt with. The policy to update cache is introduced also.
基金supported by the National Development and Reform Commission under Project"A Cloud-based service for monitoring security threats in mobile Internet"and"A monitoring platform for web safe browsing"supported by the National Science Foundation of USA under Grant Nos.NSF-IIS-0900970and NSFCNS-0831360
文摘Role-Based Encryption (RBE) realizes access control mechanisms over encrypted data according to the widely adopted hierarchical RBAC model. In this paper, we present a practical RBE scheme with revocation mechanism based on partial-order key hierarchy with respect to the public key infrastructure, in which each user is assigned with a unique private-key to support user identification, and each role corresponds to a public group-key that is used to encrypt data. Based on this key hierarchy structure, our RBE scheme allows a sender to directly specify a role for encrypting data, which can be decrypted by all senior roles, as well as to revoke any subgroup of users and roles. We give a full proof of security of our scheme against hierarchical collusion attacks. In contrast to the existing solutions for encrypted file systems, our scheme not only supports dynamic joining and revoking users, but also has shorter ciphertexts and constant-size decryption keys.
基金funded by the Deanship of Scientific Research at Umm Al-Qura University,Makkah,Kingdom of Saudi Arabia.Under Grant Code:22UQU4281755DSR05.
文摘With the rapid growth in the availability of digital health-related data,there is a great demand for the utilization of intelligent information systems within the healthcare sector.These systems can manage and manipulate this massive amount of health-related data and encourage different decision-making tasks.They can also provide various sustainable health services such as medical error reduction,diagnosis acceleration,and clinical services quality improvement.The intensive care unit(ICU)is one of the most important hospital units.However,there are limited rooms and resources in most hospitals.During times of seasonal diseases and pandemics,ICUs face high admission demand.In line with this increasing number of admissions,determining health risk levels has become an essential and imperative task.It creates a heightened demand for the implementation of an expert decision support system,enabling doctors to accurately and swiftly determine the risk level of patients.Therefore,this study proposes a fuzzy logic inference system built on domain-specific knowledge graphs,as a proof-of-concept,for tackling this healthcare-related issue.The system employs a combination of two sets of fuzzy input parameters to classify health risk levels of new admissions to hospitals.The proposed system implemented utilizes MATLAB Fuzzy Logic Toolbox via several experiments showing the validity of the proposed system.
基金The National High Technology Research and Development Program of China(863Program)(No.2007AA01Z445)
文摘This paper first introduces attribute expression to describe attribute-based access control policy.Secondly,an access control policy enforcement language named A-XACML (attribute-XACML)is proposed,which is an extension of XACML.A-XACML is used as a simple,flexible way to express and enforce access control policies,especially attribute-based access control policy,in a variety of environments.The language and schema support include data types,functions,and combining logic which allow simple and complex policies to be defined.Finally,a system architecture and application case of user-role assignment is given to show how attribute expressions and A-XACML work in access control policy description and enforcement.The case shows that attribute expression and A-XACML can describe and enforce the complex access control policy in a simple and flexible way.
基金The National Natural Science Foundation of China(No60403027)
文摘To describe and integrate various policies applied in different domains, the definition of the family of OntoRBAC based on the ontology of a general role-based access control (RBAC) policy is proposed, which can support and extend the RBAC96 model. The uniform ontology-based description mechanism of secure policies is applied in OntoRBAC, which can be used to describe different secure policies in distributed systems and integrate policies in semantic level with upper concepts. In addition, some rules have been defined to reason within the OntoRBAC to extend the inference algorithms in ontology, which makes the system accommodate itself to RBAC policies better.
基金Supported by the National Natural Science Foundation of China (60402019, 60772098 and 60672068)
文摘Growing numbers of users and many access policies that involve many different resource attributes in service-oriented environments cause various problems in protecting resource. This paper analyzes the relationships of resource attributes to user attributes based on access policies for Web services, and proposes a general attribute based role-based access control(GARBAC) model. The model introduces the notions of single attribute expression, composite attribute expression, and composition permission, defines a set of elements and relations among its elements and makes a set of rules, assigns roles to user by inputing user's attributes values. The model is a general access control model, can support more granularity resource information and rich access control policies, also can be used to wider application for services. The paper also describes how to use the GARBAC model in Web services environments.
基金funding by the University of Malta’s Internal Research Grants。
文摘In several countries,the ageing population contour focuses on high healthcare costs and overloaded health care environments.Pervasive health care monitoring system can be a potential alternative,especially in the COVID-19 pandemic situation to help mitigate such problems by encouraging healthcare to transition from hospital-centred services to self-care,mobile care and home care.In this aspect,we propose a pervasive system to monitor the COVID’19 patient’s conditions within the hospital and outside by monitoring their medical and psychological situation.It facilitates better healthcare assistance,especially for COVID’19 patients and quarantined people.It identies the patient’s medical and psychological condition based on the current context and activities using a fuzzy context-aware reasoning engine based model.Fuzzy reasoning engine makes decisions using linguistic rules based on inference mechanisms that support the patient condition identication.Linguistics rules are framed based on the fuzzy set attributes belong to different context types.The fuzzy semantic rules are used to identify the relationship among the attributes,and the reasoning engine is used to ensure precise real-time context interpretation and current evaluation of the situation.Outcomes are measured using a fuzzy logic-based context reasoning system under simulation.The results indicate the usefulness of monitoring the COVID’19 patients based on the current context.
基金Supported by the National Natural Science Foun-dation of China (60403027)
文摘The main advantages of role-based access control (RBAC) are able to support the well-known security principles and roles'inheritance. But for there remains a lack of specific definition and the necessary formalization for RBAC, it is hard to realize RBAC in practical work. Our contribution here is to formalize the main relations of RBAC and take first step to propose concepts of action closure and deta closure of a role, based on which we got the specification and algorithm for the least privileges of a role. We propose that roles' inheritance should consist of inheritance of actions and inheritance of data, and then we got the inheritance of privileges among roles, which can also be supported by existing exploit tools.
文摘To meet the authorization administration requirements in a distributedcomputer network environment, this paper extends the role-based access control model with multipleapplication dimensions and establishes a new access control model ED-RBAC(Extended Role Based AccessControl Model) for the distributed environment. We propose an extendable hierarchical authorizationassignment framework and design effective role-registeringi role-applying and role-assigningprotocol with symmetric and asymmetric cryptographic systems. The model can be used to simplifyauthorization administration in a distributed environment with multiple applications.
文摘Intrusion Detection System(IDS)have received a great deal ofattention because of their excellent ability of preventing networkincidents. Recently, many efficient approaches have been proposed toimprove detection ability of IDS. While the self-protection abilityof IDS is relatively worse and easy to be exploited by attackers,this paper gives a scheme of Securely Distributed Intrusion DetectionSystem(SDIDS). This system adopts special measurements to enforce thesecurity of IDS components. A new secure mechanism combiningrole-based access control and attribute certificate is used to resistattack to communication.
文摘An increasing number of social computational systems consist of a great amount of autonomous entities and operate in highly dynamic and unpredictable environments. To construct such systems needs to seek high-level abstrac- tion to manage the complexity of the systems and novel mechanism to support their characteristics, i.e., dynamism and flexibility. Agent-oriented programming (AOP) is con- sidered as a potential paradigm for developing such systems by exhibiting a number of characteristics, such as autonomy, flexibility, social ability, etc. However, current researches on AOP mainly focus on the construction of multi-agent system (MAS) with theory and language facilities inspired from arti- ficial intelligence (AI) and distributed AI, seldom considering and integrating the proven principles and practices of pro- gramming and software engineering. Moreover, abstractions and mechanism based on AI are inadequate for developing dynamic and flexible MAS in open environment. This paper proposes a novel AOP approach, namely Oragent, for con- structing and implementing dynamic and flexible systems. From a software engineering perspective, Oragent integrates organizational concepts and mechanism into AOP language, and support the dynamism and flexibility with explicit prim- itives. The proposed approach consists of a programming model and a corresponding programming language. This paper presents the syntax and formal operational semanticsof Oragent language, and studies a case to demonstrate our approach.