Constraint is an important aspect of role based access control and is sometimes argued to be the principal motivation for role based access control (RBAC). But so far few authors have discussed consistency maintenan...Constraint is an important aspect of role based access control and is sometimes argued to be the principal motivation for role based access control (RBAC). But so far few authors have discussed consistency maintenance for constraint in RBAC model. Based on researches of constraints among roles and types of inconsistency among constraints, this paper introduces corresponding formal rules, rule based reasoning and corresponding methods to detect, avoid and resolve these inconsistencies. Finally, the paper introduces briefly the application of consistency maintenance in ZD PDM, an enterprise oriented product data management (PDM) system.展开更多
Role based access control is one of the widely used access control models.There are investigations in the literature that use knowledge representation mechanisms such as formal concept analysis(FCA),description logics...Role based access control is one of the widely used access control models.There are investigations in the literature that use knowledge representation mechanisms such as formal concept analysis(FCA),description logics,and Ontology for representing access control mechanism.However,while using FCA,investigations reported in the literature so far work on the logic that transforms the three dimensional access control matrix into dyadic formal contexts.This transformation is mainly to derive the formal concepts,lattice structure and implications to represent role hierarchy and constraints of RBAC.In this work,we propose a methodology that models RBAC using triadic FCA without transforming the triadic access control matrix into dyadic formal contexts.Our discussion is on two lines of inquiry.We present how triadic FCA can provide a suitable representation of RBAC policy and we demonstrate how this representation follows role hierarchy and constraints of RBAC on sample healthcare network available in the literature.展开更多
The secure interaction among multiple security domains is a major concern. In this paper, we highlight the issues of secure interoperability among multiple security domains operating under the widely accepted Role Bas...The secure interaction among multiple security domains is a major concern. In this paper, we highlight the issues of secure interoperability among multiple security domains operating under the widely accepted Role Based Access Control (RBAC) model. We propose a model called CRBAC that easily establishes a global policy for roles mapping among multiple security domains. Our model is based on an extension of the RBAC model. Also, multiple security domains were composed to one abstract security domain. Also roles in the multiple domains are translated to permissions of roles in the abstract security domain. These permissions keep theirs hierarchies. The roles in the abstract security domain implement roles mapping among the multiple security domains. Then, authorized users of any security domain can transparently access resources in the multiple domains.展开更多
Towards the crossing and coupling permissions in tasks existed widely in many fields and considering the design of role view must rely on the activities of the tasks process,based on Role Based Accessing Control (RBAC...Towards the crossing and coupling permissions in tasks existed widely in many fields and considering the design of role view must rely on the activities of the tasks process,based on Role Based Accessing Control (RBAC) model,this paper put forward a Role Tree-Based Access Control (RTBAC) model. In addition,the model definition and its constraint formal description is also discussed in this paper. RTBAC model is able to realize the dynamic organizing,self-determination and convenience of the design of role view,and guarantee the least role permission when task separating in the mean time.展开更多
A dynamic Web application, which can help the departments of enterprise to collaborate with each other conveniently, is proposed. Several popular design solutions are introduced at first. Then, dynamic Web system is c...A dynamic Web application, which can help the departments of enterprise to collaborate with each other conveniently, is proposed. Several popular design solutions are introduced at first. Then, dynamic Web system is chosen for developing the file access and control system. Finally, the paper gives the detailed process of the design and implementation of the system, which includes some key problems such as solutions of document management and system security. Additionally, the limitations of the system as well as the suggestions of further improvement are also explained.展开更多
The rapid increase in resource sharing across domains in the cloud comput- ing environment makes the task of managing inter-domain access control policy integration difficult for the security administrators. Al- thoug...The rapid increase in resource sharing across domains in the cloud comput- ing environment makes the task of managing inter-domain access control policy integration difficult for the security administrators. Al- though a number of policy integration and sec- urity analysis mechanisms have been devel- oped, few focus on enabling the average ad- ministrator by providing an intuitive cognitive sense about the integrated policies, which considerably undermines the usability factor. In this paper we propose a visualization flame- work for inter-domain access control policy integration, which integrates Role Based Ac- cess Control (RBAC) policies on the basis of role-mapping and then visualizes the inte- grated result. The role mapping algorithm in the framework considers the hybrid role hier- archy. It can not only satisfy the security con- straints of non-cyclic inheritance and separa- tion of duty but also make visualization easier. The framework uses role-permission trees and semantic substrates to visualize the integrated policies. Through the interactive policy query visualization, the average administrator can gain an intuitive understanding of the policy integration result.展开更多
In distributed systems independent agents need to interact with each other to accomplish their task. Modern peer-to-peer computing technologies always concern with enabling interaction among agents and help them coope...In distributed systems independent agents need to interact with each other to accomplish their task. Modern peer-to-peer computing technologies always concern with enabling interaction among agents and help them cooperate with each other. But in fact, access control should also be considered to limit interaction to make it harmless. This paper proposed a proxy based rule regulated interaction (PBRRI) model. Role based access control is introduced for security concerns. Regulation rules are enforced in a distributed manner so that PBRRI can be applied to the open distributed systems such as Internet.展开更多
Web service composition is a low cost and efficient way to leverage the existing resource and implementation.In current Web service composition implementations,the issue of how to define the role for a new composite W...Web service composition is a low cost and efficient way to leverage the existing resource and implementation.In current Web service composition implementations,the issue of how to define the role for a new composite Web service has been little addressed.Adjusting the access control policy for a new composite Web service always causes substantial administration overhead from the security administrator.Furthermore,the distributed nature of Web service based applications makes traditional role mining methods obsolete.In this paper,we analyze the minimal role mining problem for Web service composition,and prove that this problem is NP-complete.We propose a sub-optimal greedy algorithm based on the analysis of necessary role mapping for interoperation across multiple domains.Simulation shows the effectiveness of our algorithm,and compared to the existing methods,our algorithm has significant performance advantages.We also demonstrate the practical application of our method in a real agent based Web service system.The results show that our method could find the minimal role mapping efficiently.展开更多
文摘Constraint is an important aspect of role based access control and is sometimes argued to be the principal motivation for role based access control (RBAC). But so far few authors have discussed consistency maintenance for constraint in RBAC model. Based on researches of constraints among roles and types of inconsistency among constraints, this paper introduces corresponding formal rules, rule based reasoning and corresponding methods to detect, avoid and resolve these inconsistencies. Finally, the paper introduces briefly the application of consistency maintenance in ZD PDM, an enterprise oriented product data management (PDM) system.
基金the financial support from Department of Science and Technology,Government of India under the grant:SR/CSRI/118/2014
文摘Role based access control is one of the widely used access control models.There are investigations in the literature that use knowledge representation mechanisms such as formal concept analysis(FCA),description logics,and Ontology for representing access control mechanism.However,while using FCA,investigations reported in the literature so far work on the logic that transforms the three dimensional access control matrix into dyadic formal contexts.This transformation is mainly to derive the formal concepts,lattice structure and implications to represent role hierarchy and constraints of RBAC.In this work,we propose a methodology that models RBAC using triadic FCA without transforming the triadic access control matrix into dyadic formal contexts.Our discussion is on two lines of inquiry.We present how triadic FCA can provide a suitable representation of RBAC policy and we demonstrate how this representation follows role hierarchy and constraints of RBAC on sample healthcare network available in the literature.
基金Supported by the National Natural Science Foun-dation of China(60403027) the Natural Science Foundation of HubeiProvince(2005ABA258) the Open Foundation of State Key Labo-ratory of Software Engineering(SKLSE05-07)
文摘The secure interaction among multiple security domains is a major concern. In this paper, we highlight the issues of secure interoperability among multiple security domains operating under the widely accepted Role Based Access Control (RBAC) model. We propose a model called CRBAC that easily establishes a global policy for roles mapping among multiple security domains. Our model is based on an extension of the RBAC model. Also, multiple security domains were composed to one abstract security domain. Also roles in the multiple domains are translated to permissions of roles in the abstract security domain. These permissions keep theirs hierarchies. The roles in the abstract security domain implement roles mapping among the multiple security domains. Then, authorized users of any security domain can transparently access resources in the multiple domains.
基金Knowledge Innovation Project and Intelligent Infor mation Service and Support Project of the Shanghai Education Commission, China
文摘Towards the crossing and coupling permissions in tasks existed widely in many fields and considering the design of role view must rely on the activities of the tasks process,based on Role Based Accessing Control (RBAC) model,this paper put forward a Role Tree-Based Access Control (RTBAC) model. In addition,the model definition and its constraint formal description is also discussed in this paper. RTBAC model is able to realize the dynamic organizing,self-determination and convenience of the design of role view,and guarantee the least role permission when task separating in the mean time.
基金Supported by the National Natural Science Foun-dation of China (60503036)
文摘A dynamic Web application, which can help the departments of enterprise to collaborate with each other conveniently, is proposed. Several popular design solutions are introduced at first. Then, dynamic Web system is chosen for developing the file access and control system. Finally, the paper gives the detailed process of the design and implementation of the system, which includes some key problems such as solutions of document management and system security. Additionally, the limitations of the system as well as the suggestions of further improvement are also explained.
基金supported in part by National Key Basic Research Program of China (973 Program) under Grant No.2013CB329603National Natural Science Foundation of China under Grant No.60903191
文摘The rapid increase in resource sharing across domains in the cloud comput- ing environment makes the task of managing inter-domain access control policy integration difficult for the security administrators. Al- though a number of policy integration and sec- urity analysis mechanisms have been devel- oped, few focus on enabling the average ad- ministrator by providing an intuitive cognitive sense about the integrated policies, which considerably undermines the usability factor. In this paper we propose a visualization flame- work for inter-domain access control policy integration, which integrates Role Based Ac- cess Control (RBAC) policies on the basis of role-mapping and then visualizes the inte- grated result. The role mapping algorithm in the framework considers the hybrid role hier- archy. It can not only satisfy the security con- straints of non-cyclic inheritance and separa- tion of duty but also make visualization easier. The framework uses role-permission trees and semantic substrates to visualize the integrated policies. Through the interactive policy query visualization, the average administrator can gain an intuitive understanding of the policy integration result.
文摘In distributed systems independent agents need to interact with each other to accomplish their task. Modern peer-to-peer computing technologies always concern with enabling interaction among agents and help them cooperate with each other. But in fact, access control should also be considered to limit interaction to make it harmless. This paper proposed a proxy based rule regulated interaction (PBRRI) model. Role based access control is introduced for security concerns. Regulation rules are enforced in a distributed manner so that PBRRI can be applied to the open distributed systems such as Internet.
文摘Web service composition is a low cost and efficient way to leverage the existing resource and implementation.In current Web service composition implementations,the issue of how to define the role for a new composite Web service has been little addressed.Adjusting the access control policy for a new composite Web service always causes substantial administration overhead from the security administrator.Furthermore,the distributed nature of Web service based applications makes traditional role mining methods obsolete.In this paper,we analyze the minimal role mining problem for Web service composition,and prove that this problem is NP-complete.We propose a sub-optimal greedy algorithm based on the analysis of necessary role mapping for interoperation across multiple domains.Simulation shows the effectiveness of our algorithm,and compared to the existing methods,our algorithm has significant performance advantages.We also demonstrate the practical application of our method in a real agent based Web service system.The results show that our method could find the minimal role mapping efficiently.
