期刊文献+
共找到10篇文章
< 1 >
每页显示 20 50 100
Permission and role automatic assigning of user in role-based access control 被引量:4
1
作者 韩道军 卓汉逵 +1 位作者 夏兰亭 李磊 《Journal of Central South University》 SCIE EI CAS 2012年第4期1049-1056,共8页
Role mining and setup affect the usage of role-based access control(RBAC).Traditionally,user's role and permission assigning are manipulated by security administrator of system.However,the cost is expensive and th... Role mining and setup affect the usage of role-based access control(RBAC).Traditionally,user's role and permission assigning are manipulated by security administrator of system.However,the cost is expensive and the operating process is complex.A new role analyzing method was proposed by generating mappings and using them to provide recommendation for systems.The relation among sets of permissions,roles and users was explored by generating mappings,and the relation between sets of users and attributes was analyzed by means of the concept lattice model,generating a critical mapping between the attribute and permission sets,and making the meaning of the role natural and operational.Thus,a role is determined by permission set and user's attributes.The generated mappings were used to automatically assign permissions and roles to new users.Experimental results show that the proposed algorithm is effective and efficient. 展开更多
关键词 role-based access control ROLE permission assignment concept lattice
下载PDF
校园网中的Role-based Access Control模型设计 被引量:2
2
作者 王新月 《计算机与现代化》 2004年第3期54-57,共4页
介绍了如何将Role basedAccessControl(RBAC)模型应用于校园网的访问控制系统中。其特点是通过分配和取消角色来完成用户权限的授予和取消 ,并且提供了角色分配规则和操作检查规则。安全管理人员根据需要定义各种角色 ,并设置合适的访... 介绍了如何将Role basedAccessControl(RBAC)模型应用于校园网的访问控制系统中。其特点是通过分配和取消角色来完成用户权限的授予和取消 ,并且提供了角色分配规则和操作检查规则。安全管理人员根据需要定义各种角色 ,并设置合适的访问权限 ,而用户根据其责任和资历被指派为不同的角色。根据系统的实际需求 。 展开更多
关键词 校园网 role-based access control模型 设计 访问控制系统 角色分配规则
下载PDF
A General Attribute and Rule Based Role-Based Access Control Model
3
作者 朱一群 李建华 张全海 《Journal of Shanghai Jiaotong university(Science)》 EI 2007年第6期719-724,共6页
Growing numbers of users and many access control policies which involve many different resource attributes in service-oriented environments bring various problems in protecting resource.This paper analyzes the relatio... Growing numbers of users and many access control policies which involve many different resource attributes in service-oriented environments bring various problems in protecting resource.This paper analyzes the relationships of resource attributes to user attributes in all policies, and propose a general attribute and rule based role-based access control(GAR-RBAC) model to meet the security needs. The model can dynamically assign users to roles via rules to meet the need of growing numbers of users. These rules use different attribute expression and permission as a part of authorization constraints, and are defined by analyzing relations of resource attributes to user attributes in many access policies that are defined by the enterprise. The model is a general access control model, and can support many access control policies, and also can be used to wider application for service. The paper also describes how to use the GAR-RBAC model in Web service environments. 展开更多
关键词 ATTRIBUTE RULE user-role ASSIGNMENT role-based access control(RBAC) access policy
下载PDF
A Cache Considering Role-Based Access Control and Trust in Privilege Management Infrastructure
4
作者 ZHANG Shaomin WANG Baoyi ZHOU Lihua 《Wuhan University Journal of Natural Sciences》 CAS 2006年第6期1827-1830,共4页
PMI (privilege management infrastructure) is used to perform access control to resource in an E-commerce or E-government system. With the ever-increasing need for secure transaction, the need for systems that offer ... PMI (privilege management infrastructure) is used to perform access control to resource in an E-commerce or E-government system. With the ever-increasing need for secure transaction, the need for systems that offer a wide variety of QoS (quality-of-service) features is also growing. In order to improve the QoS of PMI system, a cache based on RBAC (Role-based Access control) and trust is proposed. Our system is realized based on Web service. How to design the cache based on RBAC and trust in the access control model is deseribed in detail. The algorithm to query role permission in cache and to add records in cache is dealt with. The policy to update cache is introduced also. 展开更多
关键词 access control RBAC(role-based access controd TRUST CACHE PMI (privilege management infrastructure)
下载PDF
Attribute-based access control policy specification language 被引量:6
5
作者 叶春晓 钟将 冯永 《Journal of Southeast University(English Edition)》 EI CAS 2008年第3期260-263,共4页
This paper first introduces attribute expression to describe attribute-based access control policy.Secondly,an access control policy enforcement language named A-XACML (attribute-XACML)is proposed,which is an extens... This paper first introduces attribute expression to describe attribute-based access control policy.Secondly,an access control policy enforcement language named A-XACML (attribute-XACML)is proposed,which is an extension of XACML.A-XACML is used as a simple,flexible way to express and enforce access control policies,especially attribute-based access control policy,in a variety of environments.The language and schema support include data types,functions,and combining logic which allow simple and complex policies to be defined.Finally,a system architecture and application case of user-role assignment is given to show how attribute expressions and A-XACML work in access control policy description and enforcement.The case shows that attribute expression and A-XACML can describe and enforce the complex access control policy in a simple and flexible way. 展开更多
关键词 role-based access control POLICY XML XACML
下载PDF
Novel scheme to specify and integrate RBAC policy based on ontology 被引量:1
6
作者 孙小林 卢正鼎 +2 位作者 李瑞轩 王治刚 文坤梅 《Journal of Southeast University(English Edition)》 EI CAS 2007年第3期394-398,共5页
To describe and integrate various policies applied in different domains, the definition of the family of OntoRBAC based on the ontology of a general role-based access control (RBAC) policy is proposed, which can sup... To describe and integrate various policies applied in different domains, the definition of the family of OntoRBAC based on the ontology of a general role-based access control (RBAC) policy is proposed, which can support and extend the RBAC96 model. The uniform ontology-based description mechanism of secure policies is applied in OntoRBAC, which can be used to describe different secure policies in distributed systems and integrate policies in semantic level with upper concepts. In addition, some rules have been defined to reason within the OntoRBAC to extend the inference algorithms in ontology, which makes the system accommodate itself to RBAC policies better. 展开更多
关键词 ONTOLOGY POLICY role-based access control
下载PDF
基于角色的动态分级权限控制模型 被引量:1
7
作者 易可可 郑敏 +1 位作者 钱向东 顾真彦 《宝钢技术》 CAS 2009年第1期19-22,共4页
企业级WEB ERP应用系统中,对于业务管理层级分明、用户多而分散、权限难以集中管理的系统,传统的RBAC(Role-based Access Control)模型难以满足实际业务系统的需求。基于RBAC模型的基本思想,对角色概念进行了扩展和增强,提出了一种通过... 企业级WEB ERP应用系统中,对于业务管理层级分明、用户多而分散、权限难以集中管理的系统,传统的RBAC(Role-based Access Control)模型难以满足实际业务系统的需求。基于RBAC模型的基本思想,对角色概念进行了扩展和增强,提出了一种通过资源和角色的分级分层定义,权限分布式逐级控制模型,优化企业管理流程。在实现技术上,定义了人力资源管理区树结构,更加直观地体现了层次结构,简化了授权配置。 展开更多
关键词 role-based access control(RBAC) 分级权限管理 B/S模式 访问控制
下载PDF
General Attribute Based RBAC Model for Web Services 被引量:3
8
作者 ZHU Yiqun LI Jianhua ZHANG Quanhai 《Wuhan University Journal of Natural Sciences》 CAS 2008年第1期81-86,共6页
Growing numbers of users and many access policies that involve many different resource attributes in service-oriented environments cause various problems in protecting resource. This paper analyzes the relationships o... Growing numbers of users and many access policies that involve many different resource attributes in service-oriented environments cause various problems in protecting resource. This paper analyzes the relationships of resource attributes to user attributes based on access policies for Web services, and proposes a general attribute based role-based access control(GARBAC) model. The model introduces the notions of single attribute expression, composite attribute expression, and composition permission, defines a set of elements and relations among its elements and makes a set of rules, assigns roles to user by inputing user's attributes values. The model is a general access control model, can support more granularity resource information and rich access control policies, also can be used to wider application for services. The paper also describes how to use the GARBAC model in Web services environments. 展开更多
关键词 ATTRIBUTE RULE user-role assignment role-based access control (RBAC) access policy
下载PDF
Least Privileges and Role’s Inheritance of RBAC 被引量:3
9
作者 HAN Lan-sheng HONG Fan Asiedu Baffour Kojo 《Wuhan University Journal of Natural Sciences》 EI CAS 2006年第1期185-187,共3页
The main advantages of role-based access control (RBAC) are able to support the well-known security principles and roles'inheritance. But for there remains a lack of specific definition and the necessary formalizat... The main advantages of role-based access control (RBAC) are able to support the well-known security principles and roles'inheritance. But for there remains a lack of specific definition and the necessary formalization for RBAC, it is hard to realize RBAC in practical work. Our contribution here is to formalize the main relations of RBAC and take first step to propose concepts of action closure and deta closure of a role, based on which we got the specification and algorithm for the least privileges of a role. We propose that roles' inheritance should consist of inheritance of actions and inheritance of data, and then we got the inheritance of privileges among roles, which can also be supported by existing exploit tools. 展开更多
关键词 role-based access control least privileges role's inheritance
下载PDF
Design of Secure Distributed Intrusion Detection Systems 被引量:5
10
作者 GUO Dai fei, YANG Yi xian, HU Zheng ming (Information Security Center, Beijing University of Posts and Telecommunications, Beijing 100876, P. R. China) 《The Journal of China Universities of Posts and Telecommunications》 EI CSCD 2002年第2期17-24,共8页
Intrusion Detection System(IDS)have received a great deal ofattention because of their excellent ability of preventing networkincidents. Recently, many efficient approaches have been proposed toimprove detection abili... Intrusion Detection System(IDS)have received a great deal ofattention because of their excellent ability of preventing networkincidents. Recently, many efficient approaches have been proposed toimprove detection ability of IDS. While the self-protection abilityof IDS is relatively worse and easy to be exploited by attackers,this paper gives a scheme of Securely Distributed Intrusion DetectionSystem(SDIDS). This system adopts special measurements to enforce thesecurity of IDS components. A new secure mechanism combiningrole-based access control and attribute certificate is used to resistattack to communication. 展开更多
关键词 SDIDS attribute certificate role-based access control CIDF
原文传递
上一页 1 下一页 到第
使用帮助 返回顶部