The systematical structure of the role-based access control was analyzed,giving a full description of the definitions of user,user access,and the relation between post role and access. It puts forward a role-based acc...The systematical structure of the role-based access control was analyzed,giving a full description of the definitions of user,user access,and the relation between post role and access. It puts forward a role-based access control management which is relatively independent in the applied system. This management achieves the control on user's access by distribution and cancel of role-play,which is a better solution to the problems of the access control management for the applied system. Besides,a complete scheme for the realization of this access control was provided.展开更多
Growing numbers of users and many access control policies which involve many different resource attributes in service-oriented environments bring various problems in protecting resource.This paper analyzes the relatio...Growing numbers of users and many access control policies which involve many different resource attributes in service-oriented environments bring various problems in protecting resource.This paper analyzes the relationships of resource attributes to user attributes in all policies, and propose a general attribute and rule based role-based access control(GAR-RBAC) model to meet the security needs. The model can dynamically assign users to roles via rules to meet the need of growing numbers of users. These rules use different attribute expression and permission as a part of authorization constraints, and are defined by analyzing relations of resource attributes to user attributes in many access policies that are defined by the enterprise. The model is a general access control model, and can support many access control policies, and also can be used to wider application for service. The paper also describes how to use the GAR-RBAC model in Web service environments.展开更多
Access and usage control is a major challenge in information and computer security in a distributed network connected environment. Many models have been proposed such as traditional access control and UCONABC. Though ...Access and usage control is a major challenge in information and computer security in a distributed network connected environment. Many models have been proposed such as traditional access control and UCONABC. Though these models have achieved their objectives in some areas, there are some issues both have not dealt with. The issue of what happens to a resource once it has been accessed rightfully. In view of this, this paper comes out with how to control resource usage by a concept known as the package concept. This concept can be implemented both with internet connection and without the internet connection to ensure continual control of resource. It packages the various types of resources with the required policies and obligations that pertain to the use of these different resources. The package concept of ensuring usage control focuses on resource by classifying them into three: Intellectual, sensitive and non-sensitive resources. Also this concept classifies access or right into three as: access to purchase, access to use temporally online and access to modify. The concept also uses biometric mechanism such as fingerprints for authentication to check redistribution of resource and a logic bomb to help ensure the fulfillment of obligations.展开更多
文摘The systematical structure of the role-based access control was analyzed,giving a full description of the definitions of user,user access,and the relation between post role and access. It puts forward a role-based access control management which is relatively independent in the applied system. This management achieves the control on user's access by distribution and cancel of role-play,which is a better solution to the problems of the access control management for the applied system. Besides,a complete scheme for the realization of this access control was provided.
基金The National Natural Science Foundation of China(No60402019No60672068)
文摘Growing numbers of users and many access control policies which involve many different resource attributes in service-oriented environments bring various problems in protecting resource.This paper analyzes the relationships of resource attributes to user attributes in all policies, and propose a general attribute and rule based role-based access control(GAR-RBAC) model to meet the security needs. The model can dynamically assign users to roles via rules to meet the need of growing numbers of users. These rules use different attribute expression and permission as a part of authorization constraints, and are defined by analyzing relations of resource attributes to user attributes in many access policies that are defined by the enterprise. The model is a general access control model, and can support many access control policies, and also can be used to wider application for service. The paper also describes how to use the GAR-RBAC model in Web service environments.
文摘Access and usage control is a major challenge in information and computer security in a distributed network connected environment. Many models have been proposed such as traditional access control and UCONABC. Though these models have achieved their objectives in some areas, there are some issues both have not dealt with. The issue of what happens to a resource once it has been accessed rightfully. In view of this, this paper comes out with how to control resource usage by a concept known as the package concept. This concept can be implemented both with internet connection and without the internet connection to ensure continual control of resource. It packages the various types of resources with the required policies and obligations that pertain to the use of these different resources. The package concept of ensuring usage control focuses on resource by classifying them into three: Intellectual, sensitive and non-sensitive resources. Also this concept classifies access or right into three as: access to purchase, access to use temporally online and access to modify. The concept also uses biometric mechanism such as fingerprints for authentication to check redistribution of resource and a logic bomb to help ensure the fulfillment of obligations.
基金国家自然科学基金(the National Natural Science Foundation of China under Grant No.60673187)国家重点基础研究发展规划(973)(the National Grand Fundamental Research 973 Program of China under Grant No.2006CB708301)+1 种基金教育部科技创新培育重点项目(No.707005)河北省科学技术研究与发展指导计划项目资助(No.07213570)