This paper first introduces attribute expression to describe attribute-based access control policy.Secondly,an access control policy enforcement language named A-XACML (attribute-XACML)is proposed,which is an extens...This paper first introduces attribute expression to describe attribute-based access control policy.Secondly,an access control policy enforcement language named A-XACML (attribute-XACML)is proposed,which is an extension of XACML.A-XACML is used as a simple,flexible way to express and enforce access control policies,especially attribute-based access control policy,in a variety of environments.The language and schema support include data types,functions,and combining logic which allow simple and complex policies to be defined.Finally,a system architecture and application case of user-role assignment is given to show how attribute expressions and A-XACML work in access control policy description and enforcement.The case shows that attribute expression and A-XACML can describe and enforce the complex access control policy in a simple and flexible way.展开更多
To describe and integrate various policies applied in different domains, the definition of the family of OntoRBAC based on the ontology of a general role-based access control (RBAC) policy is proposed, which can sup...To describe and integrate various policies applied in different domains, the definition of the family of OntoRBAC based on the ontology of a general role-based access control (RBAC) policy is proposed, which can support and extend the RBAC96 model. The uniform ontology-based description mechanism of secure policies is applied in OntoRBAC, which can be used to describe different secure policies in distributed systems and integrate policies in semantic level with upper concepts. In addition, some rules have been defined to reason within the OntoRBAC to extend the inference algorithms in ontology, which makes the system accommodate itself to RBAC policies better.展开更多
A new role hierarchy model for RBAC (role-based access control) is presented and its features are illustrated through examples. Some new concepts such as private permission, public permission and special permission ar...A new role hierarchy model for RBAC (role-based access control) is presented and its features are illustrated through examples. Some new concepts such as private permission, public permission and special permission are introduced, based on the RRA97 model. Some new role-role inheriting forms such as normal inheritance, private inheritance, public inheritance and special-without inheritance are defined. Based on the ideas mentioned, the new role hierarchy model is formulated. It is easier and more comprehensible to describe role-role relationships through the new model than through the traditional ones. The new model is closer to the real world and its mechanism is more powerful. Particularly it is more suitable when used in large-scale role hierarchies.展开更多
Role mining and setup affect the usage of role-based access control(RBAC).Traditionally,user's role and permission assigning are manipulated by security administrator of system.However,the cost is expensive and th...Role mining and setup affect the usage of role-based access control(RBAC).Traditionally,user's role and permission assigning are manipulated by security administrator of system.However,the cost is expensive and the operating process is complex.A new role analyzing method was proposed by generating mappings and using them to provide recommendation for systems.The relation among sets of permissions,roles and users was explored by generating mappings,and the relation between sets of users and attributes was analyzed by means of the concept lattice model,generating a critical mapping between the attribute and permission sets,and making the meaning of the role natural and operational.Thus,a role is determined by permission set and user's attributes.The generated mappings were used to automatically assign permissions and roles to new users.Experimental results show that the proposed algorithm is effective and efficient.展开更多
Role based access control is one of the widely used access control models.There are investigations in the literature that use knowledge representation mechanisms such as formal concept analysis(FCA),description logics...Role based access control is one of the widely used access control models.There are investigations in the literature that use knowledge representation mechanisms such as formal concept analysis(FCA),description logics,and Ontology for representing access control mechanism.However,while using FCA,investigations reported in the literature so far work on the logic that transforms the three dimensional access control matrix into dyadic formal contexts.This transformation is mainly to derive the formal concepts,lattice structure and implications to represent role hierarchy and constraints of RBAC.In this work,we propose a methodology that models RBAC using triadic FCA without transforming the triadic access control matrix into dyadic formal contexts.Our discussion is on two lines of inquiry.We present how triadic FCA can provide a suitable representation of RBAC policy and we demonstrate how this representation follows role hierarchy and constraints of RBAC on sample healthcare network available in the literature.展开更多
Towards the crossing and coupling permissions in tasks existed widely in many fields and considering the design of role view must rely on the activities of the tasks process,based on Role Based Accessing Control (RBAC...Towards the crossing and coupling permissions in tasks existed widely in many fields and considering the design of role view must rely on the activities of the tasks process,based on Role Based Accessing Control (RBAC) model,this paper put forward a Role Tree-Based Access Control (RTBAC) model. In addition,the model definition and its constraint formal description is also discussed in this paper. RTBAC model is able to realize the dynamic organizing,self-determination and convenience of the design of role view,and guarantee the least role permission when task separating in the mean time.展开更多
The systematical structure of the role-based access control was analyzed,giving a full description of the definitions of user,user access,and the relation between post role and access. It puts forward a role-based acc...The systematical structure of the role-based access control was analyzed,giving a full description of the definitions of user,user access,and the relation between post role and access. It puts forward a role-based access control management which is relatively independent in the applied system. This management achieves the control on user's access by distribution and cancel of role-play,which is a better solution to the problems of the access control management for the applied system. Besides,a complete scheme for the realization of this access control was provided.展开更多
In indigenous and contemporary societies, different elements of social and political institutions have come up with various inner mechanisms that are unique to their societies that can adjudicate in conflict situation...In indigenous and contemporary societies, different elements of social and political institutions have come up with various inner mechanisms that are unique to their societies that can adjudicate in conflict situations. In traditional, indigenous Yoruba societies, agba (elders) were usually relied upon as agents and institutions of conflict resolution in view of certain qualities possessed by this category of people. This paper focuses attention on the role of agba (elders) in conflict resolution at various levels of Yoruba life. We acknowledge that agba (elders) have performed these roles in traditional, indigenous Yoruba societies. The opinion expressed in this paper is that agba, as theoretical and practical conflict resolution mechanism, can be philosophically developed and used as an alternative model to the current means of resolving conflicts through wars and terrorism and other forms of violence by aggrieved individuals and groups in national and international arenas.展开更多
The rapid increase in resource sharing across domains in the cloud comput- ing environment makes the task of managing inter-domain access control policy integration difficult for the security administrators. Al- thoug...The rapid increase in resource sharing across domains in the cloud comput- ing environment makes the task of managing inter-domain access control policy integration difficult for the security administrators. Al- though a number of policy integration and sec- urity analysis mechanisms have been devel- oped, few focus on enabling the average ad- ministrator by providing an intuitive cognitive sense about the integrated policies, which considerably undermines the usability factor. In this paper we propose a visualization flame- work for inter-domain access control policy integration, which integrates Role Based Ac- cess Control (RBAC) policies on the basis of role-mapping and then visualizes the inte- grated result. The role mapping algorithm in the framework considers the hybrid role hier- archy. It can not only satisfy the security con- straints of non-cyclic inheritance and separa- tion of duty but also make visualization easier. The framework uses role-permission trees and semantic substrates to visualize the integrated policies. Through the interactive policy query visualization, the average administrator can gain an intuitive understanding of the policy integration result.展开更多
基金The National High Technology Research and Development Program of China(863Program)(No.2007AA01Z445)
文摘This paper first introduces attribute expression to describe attribute-based access control policy.Secondly,an access control policy enforcement language named A-XACML (attribute-XACML)is proposed,which is an extension of XACML.A-XACML is used as a simple,flexible way to express and enforce access control policies,especially attribute-based access control policy,in a variety of environments.The language and schema support include data types,functions,and combining logic which allow simple and complex policies to be defined.Finally,a system architecture and application case of user-role assignment is given to show how attribute expressions and A-XACML work in access control policy description and enforcement.The case shows that attribute expression and A-XACML can describe and enforce the complex access control policy in a simple and flexible way.
基金The National Natural Science Foundation of China(No60403027)
文摘To describe and integrate various policies applied in different domains, the definition of the family of OntoRBAC based on the ontology of a general role-based access control (RBAC) policy is proposed, which can support and extend the RBAC96 model. The uniform ontology-based description mechanism of secure policies is applied in OntoRBAC, which can be used to describe different secure policies in distributed systems and integrate policies in semantic level with upper concepts. In addition, some rules have been defined to reason within the OntoRBAC to extend the inference algorithms in ontology, which makes the system accommodate itself to RBAC policies better.
文摘A new role hierarchy model for RBAC (role-based access control) is presented and its features are illustrated through examples. Some new concepts such as private permission, public permission and special permission are introduced, based on the RRA97 model. Some new role-role inheriting forms such as normal inheritance, private inheritance, public inheritance and special-without inheritance are defined. Based on the ideas mentioned, the new role hierarchy model is formulated. It is easier and more comprehensible to describe role-role relationships through the new model than through the traditional ones. The new model is closer to the real world and its mechanism is more powerful. Particularly it is more suitable when used in large-scale role hierarchies.
基金Project(61003140) supported by the National Natural Science Foundation of ChinaProject(013/2010/A) supported by Macao Science and Technology Development FundProject(10YJC630236) supported by Social Science Foundation for the Youth Scholars of Ministry of Education of China
文摘Role mining and setup affect the usage of role-based access control(RBAC).Traditionally,user's role and permission assigning are manipulated by security administrator of system.However,the cost is expensive and the operating process is complex.A new role analyzing method was proposed by generating mappings and using them to provide recommendation for systems.The relation among sets of permissions,roles and users was explored by generating mappings,and the relation between sets of users and attributes was analyzed by means of the concept lattice model,generating a critical mapping between the attribute and permission sets,and making the meaning of the role natural and operational.Thus,a role is determined by permission set and user's attributes.The generated mappings were used to automatically assign permissions and roles to new users.Experimental results show that the proposed algorithm is effective and efficient.
基金the financial support from Department of Science and Technology,Government of India under the grant:SR/CSRI/118/2014
文摘Role based access control is one of the widely used access control models.There are investigations in the literature that use knowledge representation mechanisms such as formal concept analysis(FCA),description logics,and Ontology for representing access control mechanism.However,while using FCA,investigations reported in the literature so far work on the logic that transforms the three dimensional access control matrix into dyadic formal contexts.This transformation is mainly to derive the formal concepts,lattice structure and implications to represent role hierarchy and constraints of RBAC.In this work,we propose a methodology that models RBAC using triadic FCA without transforming the triadic access control matrix into dyadic formal contexts.Our discussion is on two lines of inquiry.We present how triadic FCA can provide a suitable representation of RBAC policy and we demonstrate how this representation follows role hierarchy and constraints of RBAC on sample healthcare network available in the literature.
基金Knowledge Innovation Project and Intelligent Infor mation Service and Support Project of the Shanghai Education Commission, China
文摘Towards the crossing and coupling permissions in tasks existed widely in many fields and considering the design of role view must rely on the activities of the tasks process,based on Role Based Accessing Control (RBAC) model,this paper put forward a Role Tree-Based Access Control (RTBAC) model. In addition,the model definition and its constraint formal description is also discussed in this paper. RTBAC model is able to realize the dynamic organizing,self-determination and convenience of the design of role view,and guarantee the least role permission when task separating in the mean time.
文摘The systematical structure of the role-based access control was analyzed,giving a full description of the definitions of user,user access,and the relation between post role and access. It puts forward a role-based access control management which is relatively independent in the applied system. This management achieves the control on user's access by distribution and cancel of role-play,which is a better solution to the problems of the access control management for the applied system. Besides,a complete scheme for the realization of this access control was provided.
文摘In indigenous and contemporary societies, different elements of social and political institutions have come up with various inner mechanisms that are unique to their societies that can adjudicate in conflict situations. In traditional, indigenous Yoruba societies, agba (elders) were usually relied upon as agents and institutions of conflict resolution in view of certain qualities possessed by this category of people. This paper focuses attention on the role of agba (elders) in conflict resolution at various levels of Yoruba life. We acknowledge that agba (elders) have performed these roles in traditional, indigenous Yoruba societies. The opinion expressed in this paper is that agba, as theoretical and practical conflict resolution mechanism, can be philosophically developed and used as an alternative model to the current means of resolving conflicts through wars and terrorism and other forms of violence by aggrieved individuals and groups in national and international arenas.
基金supported in part by National Key Basic Research Program of China (973 Program) under Grant No.2013CB329603National Natural Science Foundation of China under Grant No.60903191
文摘The rapid increase in resource sharing across domains in the cloud comput- ing environment makes the task of managing inter-domain access control policy integration difficult for the security administrators. Al- though a number of policy integration and sec- urity analysis mechanisms have been devel- oped, few focus on enabling the average ad- ministrator by providing an intuitive cognitive sense about the integrated policies, which considerably undermines the usability factor. In this paper we propose a visualization flame- work for inter-domain access control policy integration, which integrates Role Based Ac- cess Control (RBAC) policies on the basis of role-mapping and then visualizes the inte- grated result. The role mapping algorithm in the framework considers the hybrid role hier- archy. It can not only satisfy the security con- straints of non-cyclic inheritance and separa- tion of duty but also make visualization easier. The framework uses role-permission trees and semantic substrates to visualize the integrated policies. Through the interactive policy query visualization, the average administrator can gain an intuitive understanding of the policy integration result.
