针对在Visual Studio 2010中的VB.NET下如何访问VFP表的方法进行了研究和讨论。常用的访问数据库表的方式有ADO、RDO和Ole Db等。主要讨论了ADO和RDO两种访问VFP表的方式。研究发现ADO方式访问VFP表存在一些BUG,会使程序出现异常。使用...针对在Visual Studio 2010中的VB.NET下如何访问VFP表的方法进行了研究和讨论。常用的访问数据库表的方式有ADO、RDO和Ole Db等。主要讨论了ADO和RDO两种访问VFP表的方式。研究发现ADO方式访问VFP表存在一些BUG,会使程序出现异常。使用RDO方式访问VFP表,在软件发布时,需要将VFP的ODBC驱动程序vfpodbc.dll、组件文件Interop.RDO.dll和文件MSRDO20.dll进行打包,并对MSRDO20.dll进行注册。本文中给出了MSRDO20.dll的注册项和注册值,以及在应用Setup Factory 9建立的软件安装包中所要输入的注册代码。展开更多
This paper first introduces attribute expression to describe attribute-based access control policy.Secondly,an access control policy enforcement language named A-XACML (attribute-XACML)is proposed,which is an extens...This paper first introduces attribute expression to describe attribute-based access control policy.Secondly,an access control policy enforcement language named A-XACML (attribute-XACML)is proposed,which is an extension of XACML.A-XACML is used as a simple,flexible way to express and enforce access control policies,especially attribute-based access control policy,in a variety of environments.The language and schema support include data types,functions,and combining logic which allow simple and complex policies to be defined.Finally,a system architecture and application case of user-role assignment is given to show how attribute expressions and A-XACML work in access control policy description and enforcement.The case shows that attribute expression and A-XACML can describe and enforce the complex access control policy in a simple and flexible way.展开更多
Data organization requires high efficiency for large amount of data applied in the digital mine system. A new method of storing massive data of block model is proposed to meet the characteristics of the database, incl...Data organization requires high efficiency for large amount of data applied in the digital mine system. A new method of storing massive data of block model is proposed to meet the characteristics of the database, including ACID-compliant, concurrency support, data sharing, and efficient access. Each block model is organized by linear octree, stored in LMDB(lightning memory-mapped database). Geological attribute can be queried at any point of 3D space by comparison algorithm of location code and conversion algorithm from address code of geometry space to location code of storage. The performance and robustness of querying geological attribute at 3D spatial region are enhanced greatly by the transformation from 3D to 2D and the method of 2D grid scanning to screen the inner and outer points. Experimental results showed that this method can access the massive data of block model, meeting the database characteristics. The method with LMDB is at least 3 times faster than that with etree, especially when it is used to read. In addition, the larger the amount of data is processed, the more efficient the method would be.展开更多
A new role hierarchy model for RBAC (role-based access control) is presented and its features are illustrated through examples. Some new concepts such as private permission, public permission and special permission ar...A new role hierarchy model for RBAC (role-based access control) is presented and its features are illustrated through examples. Some new concepts such as private permission, public permission and special permission are introduced, based on the RRA97 model. Some new role-role inheriting forms such as normal inheritance, private inheritance, public inheritance and special-without inheritance are defined. Based on the ideas mentioned, the new role hierarchy model is formulated. It is easier and more comprehensible to describe role-role relationships through the new model than through the traditional ones. The new model is closer to the real world and its mechanism is more powerful. Particularly it is more suitable when used in large-scale role hierarchies.展开更多
To describe and integrate various policies applied in different domains, the definition of the family of OntoRBAC based on the ontology of a general role-based access control (RBAC) policy is proposed, which can sup...To describe and integrate various policies applied in different domains, the definition of the family of OntoRBAC based on the ontology of a general role-based access control (RBAC) policy is proposed, which can support and extend the RBAC96 model. The uniform ontology-based description mechanism of secure policies is applied in OntoRBAC, which can be used to describe different secure policies in distributed systems and integrate policies in semantic level with upper concepts. In addition, some rules have been defined to reason within the OntoRBAC to extend the inference algorithms in ontology, which makes the system accommodate itself to RBAC policies better.展开更多
To enhance the practicability of the trust negotiation system, an agent based automated trust negotiation model (ABAM) is proposed. The ABAM introduces an agent to keep the negotiation process with no human interven...To enhance the practicability of the trust negotiation system, an agent based automated trust negotiation model (ABAM) is proposed. The ABAM introduces an agent to keep the negotiation process with no human intervention. Meanwhile, the ABAM specifies the format of a meta access control policy, and adopts credentials with flexible format to meet the requirements of access control policies instead of disclosing the whole contents of a certificate. Furthermore, the ABAM uses asymmetric functions with a high security intensity to encrypt the transmitting message, which can prevent information from being attacked. Finally, the ABAM presents a new negotiation protocol to guide the negotiation process. A use case is studied to illuminate that the ABAM is sound and reasonable. Compared with the existing work, the intelligence, privacy and negotiation efficiency are improved in the ABAM.展开更多
An access control model is proposed based on the famous Bell-LaPadula (BLP) model.In the proposed model,hierarchical relationships among departments are built,a new concept named post is proposed,and assigning secur...An access control model is proposed based on the famous Bell-LaPadula (BLP) model.In the proposed model,hierarchical relationships among departments are built,a new concept named post is proposed,and assigning security tags to subjects and objects is greatly simplified.The interoperation among different departments is implemented through assigning multiple security tags to one post, and the more departments are closed on the organization tree,the more secret objects can be exchanged by the staff of the departments.The access control matrices of the department,post and staff are defined.By using the three access control matrices,a multi granularity and flexible discretionary access control policy is implemented.The outstanding merit of the BLP model is inherited,and the new model can guarantee that all the information flow is under control.Finally,our study shows that compared to the BLP model,the proposed model is more flexible.展开更多
For sparse storage and quick access to projection matrix based on vector type, this paper proposes a method to solve the problems of the repetitive computation of projection coefficient, the large space occupation and...For sparse storage and quick access to projection matrix based on vector type, this paper proposes a method to solve the problems of the repetitive computation of projection coefficient, the large space occupation and low retrieval efficiency of projection matrix in iterative reconstruction algorithms, which calculates only once the projection coefficient and stores the data sparsely in binary format based on the variable size of library vector type. In the iterative reconstruction process, these binary files are accessed iteratively and the vector type is used to quickly obtain projection coefficients of each ray. The results of the experiments show that the method reduces the memory space occupation of the projection matrix and the computation of projection coefficient in iterative process, and accelerates the reconstruction speed.展开更多
A 1.8-V 64-kb four-way set-associative CMOS cache memory implemented by 0.18μm/1.8V 1P6M logic CMOS technology for a super performance 32-b RISC microprocessor is presented.For comparison,a conventional parallel acce...A 1.8-V 64-kb four-way set-associative CMOS cache memory implemented by 0.18μm/1.8V 1P6M logic CMOS technology for a super performance 32-b RISC microprocessor is presented.For comparison,a conventional parallel access cache with the same storage and organization is also designed and simulated using the same technology.Simulation results indicate that by using sequential access,power reduction of 26% on a cache hit and 35% on a cache miss is achieved.High-speed approaches including modified current-mode sense amplifier and split dynamic tag comparators are adopted to achieve fast data access.Simulation results indicate that a typical clock to data access of 2.7ns is achieved...展开更多
In most existing CP-ABE schemes, there is only one authority in the system and all the public keys and private keys are issued by this authority, which incurs ciphertext size and computation costs in the encryption an...In most existing CP-ABE schemes, there is only one authority in the system and all the public keys and private keys are issued by this authority, which incurs ciphertext size and computation costs in the encryption and decryption operations that depend at least linearly on the number of attributes involved in the access policy. We propose an efficient multi-authority CP-ABE scheme in which the authorities need not interact to generate public information during the system initialization phase. Our scheme has constant ciphertext length and a constant number of pairing computations. Our scheme can be proven CPA-secure in random oracle model under the decision q-BDHE assumption. When user's attributes revocation occurs, the scheme transfers most re-encryption work to the cloud service provider, reducing the data owner's computational cost on the premise of security. Finally the analysis and simulation result show that the schemes proposed in this thesis ensure the privacy and secure access of sensitive data stored in the cloud server, and be able to cope with the dynamic changes of users' access privileges in large-scale systems. Besides, the multi-authority ABE eliminates the key escrow problem, achieves the length of ciphertext optimization and enhances the effi ciency of the encryption and decryption operations.展开更多
Role based access control is one of the widely used access control models.There are investigations in the literature that use knowledge representation mechanisms such as formal concept analysis(FCA),description logics...Role based access control is one of the widely used access control models.There are investigations in the literature that use knowledge representation mechanisms such as formal concept analysis(FCA),description logics,and Ontology for representing access control mechanism.However,while using FCA,investigations reported in the literature so far work on the logic that transforms the three dimensional access control matrix into dyadic formal contexts.This transformation is mainly to derive the formal concepts,lattice structure and implications to represent role hierarchy and constraints of RBAC.In this work,we propose a methodology that models RBAC using triadic FCA without transforming the triadic access control matrix into dyadic formal contexts.Our discussion is on two lines of inquiry.We present how triadic FCA can provide a suitable representation of RBAC policy and we demonstrate how this representation follows role hierarchy and constraints of RBAC on sample healthcare network available in the literature.展开更多
The future usage of heterogeneous databases will consist of the WWW and CORBA environments. The integration of the WWW databases and CORBA standards are discussed. These two techniques need to merge together to make d...The future usage of heterogeneous databases will consist of the WWW and CORBA environments. The integration of the WWW databases and CORBA standards are discussed. These two techniques need to merge together to make distributed usage of heterogeneous databases user friendly. In an environment integrating WWW databases and CORBA technologies, CORBA can be used to access heterogeneous data sources in the internet. This kind of applications can achieve distributed transactions to assure data consistency and integrity. The application of this technology is with a good prospect.展开更多
基金The National High Technology Research and Development Program of China(863Program)(No.2007AA01Z445)
文摘This paper first introduces attribute expression to describe attribute-based access control policy.Secondly,an access control policy enforcement language named A-XACML (attribute-XACML)is proposed,which is an extension of XACML.A-XACML is used as a simple,flexible way to express and enforce access control policies,especially attribute-based access control policy,in a variety of environments.The language and schema support include data types,functions,and combining logic which allow simple and complex policies to be defined.Finally,a system architecture and application case of user-role assignment is given to show how attribute expressions and A-XACML work in access control policy description and enforcement.The case shows that attribute expression and A-XACML can describe and enforce the complex access control policy in a simple and flexible way.
基金Projects(41572317,51374242)supported by the National Natural Science Foundation of ChinaProject(2015CX005)supported by the Innovation Driven Plan of Central South University,China
文摘Data organization requires high efficiency for large amount of data applied in the digital mine system. A new method of storing massive data of block model is proposed to meet the characteristics of the database, including ACID-compliant, concurrency support, data sharing, and efficient access. Each block model is organized by linear octree, stored in LMDB(lightning memory-mapped database). Geological attribute can be queried at any point of 3D space by comparison algorithm of location code and conversion algorithm from address code of geometry space to location code of storage. The performance and robustness of querying geological attribute at 3D spatial region are enhanced greatly by the transformation from 3D to 2D and the method of 2D grid scanning to screen the inner and outer points. Experimental results showed that this method can access the massive data of block model, meeting the database characteristics. The method with LMDB is at least 3 times faster than that with etree, especially when it is used to read. In addition, the larger the amount of data is processed, the more efficient the method would be.
文摘A new role hierarchy model for RBAC (role-based access control) is presented and its features are illustrated through examples. Some new concepts such as private permission, public permission and special permission are introduced, based on the RRA97 model. Some new role-role inheriting forms such as normal inheritance, private inheritance, public inheritance and special-without inheritance are defined. Based on the ideas mentioned, the new role hierarchy model is formulated. It is easier and more comprehensible to describe role-role relationships through the new model than through the traditional ones. The new model is closer to the real world and its mechanism is more powerful. Particularly it is more suitable when used in large-scale role hierarchies.
基金The National Natural Science Foundation of China(No60403027)
文摘To describe and integrate various policies applied in different domains, the definition of the family of OntoRBAC based on the ontology of a general role-based access control (RBAC) policy is proposed, which can support and extend the RBAC96 model. The uniform ontology-based description mechanism of secure policies is applied in OntoRBAC, which can be used to describe different secure policies in distributed systems and integrate policies in semantic level with upper concepts. In addition, some rules have been defined to reason within the OntoRBAC to extend the inference algorithms in ontology, which makes the system accommodate itself to RBAC policies better.
基金The National Natural Science Foundation of China(No60403027)
文摘To enhance the practicability of the trust negotiation system, an agent based automated trust negotiation model (ABAM) is proposed. The ABAM introduces an agent to keep the negotiation process with no human intervention. Meanwhile, the ABAM specifies the format of a meta access control policy, and adopts credentials with flexible format to meet the requirements of access control policies instead of disclosing the whole contents of a certificate. Furthermore, the ABAM uses asymmetric functions with a high security intensity to encrypt the transmitting message, which can prevent information from being attacked. Finally, the ABAM presents a new negotiation protocol to guide the negotiation process. A use case is studied to illuminate that the ABAM is sound and reasonable. Compared with the existing work, the intelligence, privacy and negotiation efficiency are improved in the ABAM.
基金The National Natural Science Foundation of China(No.60403027,60773191,70771043)the National High Technology Research and Development Program of China(863 Program)(No.2007AA01Z403)
文摘An access control model is proposed based on the famous Bell-LaPadula (BLP) model.In the proposed model,hierarchical relationships among departments are built,a new concept named post is proposed,and assigning security tags to subjects and objects is greatly simplified.The interoperation among different departments is implemented through assigning multiple security tags to one post, and the more departments are closed on the organization tree,the more secret objects can be exchanged by the staff of the departments.The access control matrices of the department,post and staff are defined.By using the three access control matrices,a multi granularity and flexible discretionary access control policy is implemented.The outstanding merit of the BLP model is inherited,and the new model can guarantee that all the information flow is under control.Finally,our study shows that compared to the BLP model,the proposed model is more flexible.
基金National Natural Science Foundation of China(No.6171177)
文摘For sparse storage and quick access to projection matrix based on vector type, this paper proposes a method to solve the problems of the repetitive computation of projection coefficient, the large space occupation and low retrieval efficiency of projection matrix in iterative reconstruction algorithms, which calculates only once the projection coefficient and stores the data sparsely in binary format based on the variable size of library vector type. In the iterative reconstruction process, these binary files are accessed iteratively and the vector type is used to quickly obtain projection coefficients of each ray. The results of the experiments show that the method reduces the memory space occupation of the projection matrix and the computation of projection coefficient in iterative process, and accelerates the reconstruction speed.
文摘A 1.8-V 64-kb four-way set-associative CMOS cache memory implemented by 0.18μm/1.8V 1P6M logic CMOS technology for a super performance 32-b RISC microprocessor is presented.For comparison,a conventional parallel access cache with the same storage and organization is also designed and simulated using the same technology.Simulation results indicate that by using sequential access,power reduction of 26% on a cache hit and 35% on a cache miss is achieved.High-speed approaches including modified current-mode sense amplifier and split dynamic tag comparators are adopted to achieve fast data access.Simulation results indicate that a typical clock to data access of 2.7ns is achieved...
基金supported by National Natural Science Foundation of China under Grant No.60873231Natural Science Foundation of Jiangsu Province under Grant No.BK2009426+1 种基金Major State Basic Research Development Program of China under Grant No.2011CB302903Key University Science Research Project of Jiangsu Province under Grant No.11KJA520002
文摘In most existing CP-ABE schemes, there is only one authority in the system and all the public keys and private keys are issued by this authority, which incurs ciphertext size and computation costs in the encryption and decryption operations that depend at least linearly on the number of attributes involved in the access policy. We propose an efficient multi-authority CP-ABE scheme in which the authorities need not interact to generate public information during the system initialization phase. Our scheme has constant ciphertext length and a constant number of pairing computations. Our scheme can be proven CPA-secure in random oracle model under the decision q-BDHE assumption. When user's attributes revocation occurs, the scheme transfers most re-encryption work to the cloud service provider, reducing the data owner's computational cost on the premise of security. Finally the analysis and simulation result show that the schemes proposed in this thesis ensure the privacy and secure access of sensitive data stored in the cloud server, and be able to cope with the dynamic changes of users' access privileges in large-scale systems. Besides, the multi-authority ABE eliminates the key escrow problem, achieves the length of ciphertext optimization and enhances the effi ciency of the encryption and decryption operations.
基金the financial support from Department of Science and Technology,Government of India under the grant:SR/CSRI/118/2014
文摘Role based access control is one of the widely used access control models.There are investigations in the literature that use knowledge representation mechanisms such as formal concept analysis(FCA),description logics,and Ontology for representing access control mechanism.However,while using FCA,investigations reported in the literature so far work on the logic that transforms the three dimensional access control matrix into dyadic formal contexts.This transformation is mainly to derive the formal concepts,lattice structure and implications to represent role hierarchy and constraints of RBAC.In this work,we propose a methodology that models RBAC using triadic FCA without transforming the triadic access control matrix into dyadic formal contexts.Our discussion is on two lines of inquiry.We present how triadic FCA can provide a suitable representation of RBAC policy and we demonstrate how this representation follows role hierarchy and constraints of RBAC on sample healthcare network available in the literature.
文摘The future usage of heterogeneous databases will consist of the WWW and CORBA environments. The integration of the WWW databases and CORBA standards are discussed. These two techniques need to merge together to make distributed usage of heterogeneous databases user friendly. In an environment integrating WWW databases and CORBA technologies, CORBA can be used to access heterogeneous data sources in the internet. This kind of applications can achieve distributed transactions to assure data consistency and integrity. The application of this technology is with a good prospect.
