Role based access control is one of the widely used access control models.There are investigations in the literature that use knowledge representation mechanisms such as formal concept analysis(FCA),description logics...Role based access control is one of the widely used access control models.There are investigations in the literature that use knowledge representation mechanisms such as formal concept analysis(FCA),description logics,and Ontology for representing access control mechanism.However,while using FCA,investigations reported in the literature so far work on the logic that transforms the three dimensional access control matrix into dyadic formal contexts.This transformation is mainly to derive the formal concepts,lattice structure and implications to represent role hierarchy and constraints of RBAC.In this work,we propose a methodology that models RBAC using triadic FCA without transforming the triadic access control matrix into dyadic formal contexts.Our discussion is on two lines of inquiry.We present how triadic FCA can provide a suitable representation of RBAC policy and we demonstrate how this representation follows role hierarchy and constraints of RBAC on sample healthcare network available in the literature.展开更多
Constraint is an important aspect of role based access control and is sometimes argued to be the principal motivation for role based access control (RBAC). But so far few authors have discussed consistency maintenan...Constraint is an important aspect of role based access control and is sometimes argued to be the principal motivation for role based access control (RBAC). But so far few authors have discussed consistency maintenance for constraint in RBAC model. Based on researches of constraints among roles and types of inconsistency among constraints, this paper introduces corresponding formal rules, rule based reasoning and corresponding methods to detect, avoid and resolve these inconsistencies. Finally, the paper introduces briefly the application of consistency maintenance in ZD PDM, an enterprise oriented product data management (PDM) system.展开更多
Although the five-degree-of-freedom magnetic levitation system composed of two conical bearingless switched reluctance motors(CBSRMs)owns the simplest structure,the torque and levitation forces are coupled greatly.The...Although the five-degree-of-freedom magnetic levitation system composed of two conical bearingless switched reluctance motors(CBSRMs)owns the simplest structure,the torque and levitation forces are coupled greatly.Therefore,it is difficult to make the rotor rotate and be fully levitated simultaneously.To solve this problem,two different role division control strategies are proposed in this paper,i.e.individual role division and mutual role division control strategies.The difference between them is the selection of motor which controls the torque or the axial force.In order to understand the characteristics of control variables,the principle and mathematical model of CBSRM are introduced.After that,two control strategies are explained in detail.To verify the demonstrated performance,the simulations are completed with MATLAB/Simulink.展开更多
The main causes of non-point source pollution in Taihu Lake are the improper ways of crop production, animal husbandry, and daily runoff. The paper discusses the relationship between countrywomen and non-point source ...The main causes of non-point source pollution in Taihu Lake are the improper ways of crop production, animal husbandry, and daily runoff. The paper discusses the relationship between countrywomen and non-point source pollution control by 731 questionnaires in Weidu village and 466 questionnaires in Dapu Town. The roles of countrywomen have changed in families and they have close relationship with non-point source pollution. Furthermore, we discuss the possibility and methods of organizing countrywomen in non-point source pollution control.展开更多
Access control in multi-domain environments is an important question in building coalition between domains. Based on the RBAC access control model and the concepts of secure domain, the role delegation and role mappin...Access control in multi-domain environments is an important question in building coalition between domains. Based on the RBAC access control model and the concepts of secure domain, the role delegation and role mapping are proposed, which support the third-party authorization. A distributed RBAC model is then presented. Finally implementation issues are discussed.展开更多
The secure interaction among multiple security domains is a major concern. In this paper, we highlight the issues of secure interoperability among multiple security domains operating under the widely accepted Role Bas...The secure interaction among multiple security domains is a major concern. In this paper, we highlight the issues of secure interoperability among multiple security domains operating under the widely accepted Role Based Access Control (RBAC) model. We propose a model called CRBAC that easily establishes a global policy for roles mapping among multiple security domains. Our model is based on an extension of the RBAC model. Also, multiple security domains were composed to one abstract security domain. Also roles in the multiple domains are translated to permissions of roles in the abstract security domain. These permissions keep theirs hierarchies. The roles in the abstract security domain implement roles mapping among the multiple security domains. Then, authorized users of any security domain can transparently access resources in the multiple domains.展开更多
An effective and reliable access control is crucial to a PDM system.This article has discussed the commonly used access control models,analyzed their advantages and disadvantages,and proposed a new Role and Object bas...An effective and reliable access control is crucial to a PDM system.This article has discussed the commonly used access control models,analyzed their advantages and disadvantages,and proposed a new Role and Object based access control model that suits the particular needs of a PDM system.The new model has been implemented in a commercial PDM system,which has demonstrated enhanced flexibility and convenience.展开更多
Towards the crossing and coupling permissions in tasks existed widely in many fields and considering the design of role view must rely on the activities of the tasks process,based on Role Based Accessing Control (RBAC...Towards the crossing and coupling permissions in tasks existed widely in many fields and considering the design of role view must rely on the activities of the tasks process,based on Role Based Accessing Control (RBAC) model,this paper put forward a Role Tree-Based Access Control (RTBAC) model. In addition,the model definition and its constraint formal description is also discussed in this paper. RTBAC model is able to realize the dynamic organizing,self-determination and convenience of the design of role view,and guarantee the least role permission when task separating in the mean time.展开更多
Growing numbers of users and many access control policies which involve many different resource attributes in service-oriented environments bring various problems in protecting resource.This paper analyzes the relatio...Growing numbers of users and many access control policies which involve many different resource attributes in service-oriented environments bring various problems in protecting resource.This paper analyzes the relationships of resource attributes to user attributes in all policies, and propose a general attribute and rule based role-based access control(GAR-RBAC) model to meet the security needs. The model can dynamically assign users to roles via rules to meet the need of growing numbers of users. These rules use different attribute expression and permission as a part of authorization constraints, and are defined by analyzing relations of resource attributes to user attributes in many access policies that are defined by the enterprise. The model is a general access control model, and can support many access control policies, and also can be used to wider application for service. The paper also describes how to use the GAR-RBAC model in Web service environments.展开更多
While Role-Based Access Control Model (RBAC) is being analyzed, the concept of Role of Time-domain Based Access Control Model (T-RBAC) is put forward. With time-domain added, both time-domain and authority control rol...While Role-Based Access Control Model (RBAC) is being analyzed, the concept of Role of Time-domain Based Access Control Model (T-RBAC) is put forward. With time-domain added, both time-domain and authority control roles. The basic idea of T-RBAC is introduced and described formally, and the safely of this model is analyzed. The research shows that T-RBAC fulfills both rules of information security, which are principle of least privilege and separation of duties. With practical application of T-RBCA, it can handle most of the time-related or authority-related problems. What’s more, it also increases the security level, flexibility and dynamic adaptation of the system and has lower complexity than system only handled by authority. This model also can solve conflicts caused by authority.展开更多
PMI (privilege management infrastructure) is used to perform access control to resource in an E-commerce or E-government system. With the ever-increasing need for secure transaction, the need for systems that offer ...PMI (privilege management infrastructure) is used to perform access control to resource in an E-commerce or E-government system. With the ever-increasing need for secure transaction, the need for systems that offer a wide variety of QoS (quality-of-service) features is also growing. In order to improve the QoS of PMI system, a cache based on RBAC (Role-based Access control) and trust is proposed. Our system is realized based on Web service. How to design the cache based on RBAC and trust in the access control model is deseribed in detail. The algorithm to query role permission in cache and to add records in cache is dealt with. The policy to update cache is introduced also.展开更多
Hyperimmune sera (HIS), raised against crude giardia antigen, on in vitro interaction, caused more agglutination of Giardia lamblia trophozoites. Heat inactivated HIS possessed a comparable agglutinating activity as t...Hyperimmune sera (HIS), raised against crude giardia antigen, on in vitro interaction, caused more agglutination of Giardia lamblia trophozoites. Heat inactivated HIS possessed a comparable agglutinating activity as the non-inactivated controls. Non-inactivated normal (unimmunized) serum caused immobilization of Giardia trophozoite, which was checked on heat inactivation. Antibodies in immune sera are mainly responsible for agglutination, whereas the heat labile non-immune components control the mobility of the intestinal parasite.展开更多
访问控制是应用系统中的重要问题之一。传统的基于角色的访问控制(RBAC)方案需要预先定义和同步用户-角色赋值关系,这会带来管理成本和同步开销,并且限制了应用系统的灵活性和动态性。文章提出一种基于策略的动态角色分配模型(Policy-ba...访问控制是应用系统中的重要问题之一。传统的基于角色的访问控制(RBAC)方案需要预先定义和同步用户-角色赋值关系,这会带来管理成本和同步开销,并且限制了应用系统的灵活性和动态性。文章提出一种基于策略的动态角色分配模型(Policy-based Dynamic Role Assignment Model——PDRA),它无需同步用户就可以自定义角色,并通过策略匹配的方式实现动态分配。模型完全兼容RBAC,可以成为RBAC良好的扩展机制。文章给出了模型的定义和算法,评估了模型的性能,并在华东师范大学的数据治理平台中进行了应用,验证了该方案的可行性和有效性。展开更多
基金the financial support from Department of Science and Technology,Government of India under the grant:SR/CSRI/118/2014
文摘Role based access control is one of the widely used access control models.There are investigations in the literature that use knowledge representation mechanisms such as formal concept analysis(FCA),description logics,and Ontology for representing access control mechanism.However,while using FCA,investigations reported in the literature so far work on the logic that transforms the three dimensional access control matrix into dyadic formal contexts.This transformation is mainly to derive the formal concepts,lattice structure and implications to represent role hierarchy and constraints of RBAC.In this work,we propose a methodology that models RBAC using triadic FCA without transforming the triadic access control matrix into dyadic formal contexts.Our discussion is on two lines of inquiry.We present how triadic FCA can provide a suitable representation of RBAC policy and we demonstrate how this representation follows role hierarchy and constraints of RBAC on sample healthcare network available in the literature.
文摘Constraint is an important aspect of role based access control and is sometimes argued to be the principal motivation for role based access control (RBAC). But so far few authors have discussed consistency maintenance for constraint in RBAC model. Based on researches of constraints among roles and types of inconsistency among constraints, this paper introduces corresponding formal rules, rule based reasoning and corresponding methods to detect, avoid and resolve these inconsistencies. Finally, the paper introduces briefly the application of consistency maintenance in ZD PDM, an enterprise oriented product data management (PDM) system.
基金supported by the National Natural Science Foundations of China (Nos. 51877107,51577087,51477074)
文摘Although the five-degree-of-freedom magnetic levitation system composed of two conical bearingless switched reluctance motors(CBSRMs)owns the simplest structure,the torque and levitation forces are coupled greatly.Therefore,it is difficult to make the rotor rotate and be fully levitated simultaneously.To solve this problem,two different role division control strategies are proposed in this paper,i.e.individual role division and mutual role division control strategies.The difference between them is the selection of motor which controls the torque or the axial force.In order to understand the characteristics of control variables,the principle and mathematical model of CBSRM are introduced.After that,two control strategies are explained in detail.To verify the demonstrated performance,the simulations are completed with MATLAB/Simulink.
文摘The main causes of non-point source pollution in Taihu Lake are the improper ways of crop production, animal husbandry, and daily runoff. The paper discusses the relationship between countrywomen and non-point source pollution control by 731 questionnaires in Weidu village and 466 questionnaires in Dapu Town. The roles of countrywomen have changed in families and they have close relationship with non-point source pollution. Furthermore, we discuss the possibility and methods of organizing countrywomen in non-point source pollution control.
文摘Access control in multi-domain environments is an important question in building coalition between domains. Based on the RBAC access control model and the concepts of secure domain, the role delegation and role mapping are proposed, which support the third-party authorization. A distributed RBAC model is then presented. Finally implementation issues are discussed.
基金Supported by the National Natural Science Foun-dation of China(60403027) the Natural Science Foundation of HubeiProvince(2005ABA258) the Open Foundation of State Key Labo-ratory of Software Engineering(SKLSE05-07)
文摘The secure interaction among multiple security domains is a major concern. In this paper, we highlight the issues of secure interoperability among multiple security domains operating under the widely accepted Role Based Access Control (RBAC) model. We propose a model called CRBAC that easily establishes a global policy for roles mapping among multiple security domains. Our model is based on an extension of the RBAC model. Also, multiple security domains were composed to one abstract security domain. Also roles in the multiple domains are translated to permissions of roles in the abstract security domain. These permissions keep theirs hierarchies. The roles in the abstract security domain implement roles mapping among the multiple security domains. Then, authorized users of any security domain can transparently access resources in the multiple domains.
文摘An effective and reliable access control is crucial to a PDM system.This article has discussed the commonly used access control models,analyzed their advantages and disadvantages,and proposed a new Role and Object based access control model that suits the particular needs of a PDM system.The new model has been implemented in a commercial PDM system,which has demonstrated enhanced flexibility and convenience.
基金Knowledge Innovation Project and Intelligent Infor mation Service and Support Project of the Shanghai Education Commission, China
文摘Towards the crossing and coupling permissions in tasks existed widely in many fields and considering the design of role view must rely on the activities of the tasks process,based on Role Based Accessing Control (RBAC) model,this paper put forward a Role Tree-Based Access Control (RTBAC) model. In addition,the model definition and its constraint formal description is also discussed in this paper. RTBAC model is able to realize the dynamic organizing,self-determination and convenience of the design of role view,and guarantee the least role permission when task separating in the mean time.
基金The National Natural Science Foundation of China(No60402019No60672068)
文摘Growing numbers of users and many access control policies which involve many different resource attributes in service-oriented environments bring various problems in protecting resource.This paper analyzes the relationships of resource attributes to user attributes in all policies, and propose a general attribute and rule based role-based access control(GAR-RBAC) model to meet the security needs. The model can dynamically assign users to roles via rules to meet the need of growing numbers of users. These rules use different attribute expression and permission as a part of authorization constraints, and are defined by analyzing relations of resource attributes to user attributes in many access policies that are defined by the enterprise. The model is a general access control model, and can support many access control policies, and also can be used to wider application for service. The paper also describes how to use the GAR-RBAC model in Web service environments.
文摘While Role-Based Access Control Model (RBAC) is being analyzed, the concept of Role of Time-domain Based Access Control Model (T-RBAC) is put forward. With time-domain added, both time-domain and authority control roles. The basic idea of T-RBAC is introduced and described formally, and the safely of this model is analyzed. The research shows that T-RBAC fulfills both rules of information security, which are principle of least privilege and separation of duties. With practical application of T-RBCA, it can handle most of the time-related or authority-related problems. What’s more, it also increases the security level, flexibility and dynamic adaptation of the system and has lower complexity than system only handled by authority. This model also can solve conflicts caused by authority.
基金Supported by the National Tenth Five-rear Planfor Scientific and Technological Development of China (413160501)the National Natural Science Foundation of China (50477038)
文摘PMI (privilege management infrastructure) is used to perform access control to resource in an E-commerce or E-government system. With the ever-increasing need for secure transaction, the need for systems that offer a wide variety of QoS (quality-of-service) features is also growing. In order to improve the QoS of PMI system, a cache based on RBAC (Role-based Access control) and trust is proposed. Our system is realized based on Web service. How to design the cache based on RBAC and trust in the access control model is deseribed in detail. The algorithm to query role permission in cache and to add records in cache is dealt with. The policy to update cache is introduced also.
文摘Hyperimmune sera (HIS), raised against crude giardia antigen, on in vitro interaction, caused more agglutination of Giardia lamblia trophozoites. Heat inactivated HIS possessed a comparable agglutinating activity as the non-inactivated controls. Non-inactivated normal (unimmunized) serum caused immobilization of Giardia trophozoite, which was checked on heat inactivation. Antibodies in immune sera are mainly responsible for agglutination, whereas the heat labile non-immune components control the mobility of the intestinal parasite.
文摘访问控制是应用系统中的重要问题之一。传统的基于角色的访问控制(RBAC)方案需要预先定义和同步用户-角色赋值关系,这会带来管理成本和同步开销,并且限制了应用系统的灵活性和动态性。文章提出一种基于策略的动态角色分配模型(Policy-based Dynamic Role Assignment Model——PDRA),它无需同步用户就可以自定义角色,并通过策略匹配的方式实现动态分配。模型完全兼容RBAC,可以成为RBAC良好的扩展机制。文章给出了模型的定义和算法,评估了模型的性能,并在华东师范大学的数据治理平台中进行了应用,验证了该方案的可行性和有效性。
