Role mining and setup affect the usage of role-based access control(RBAC).Traditionally,user's role and permission assigning are manipulated by security administrator of system.However,the cost is expensive and th...Role mining and setup affect the usage of role-based access control(RBAC).Traditionally,user's role and permission assigning are manipulated by security administrator of system.However,the cost is expensive and the operating process is complex.A new role analyzing method was proposed by generating mappings and using them to provide recommendation for systems.The relation among sets of permissions,roles and users was explored by generating mappings,and the relation between sets of users and attributes was analyzed by means of the concept lattice model,generating a critical mapping between the attribute and permission sets,and making the meaning of the role natural and operational.Thus,a role is determined by permission set and user's attributes.The generated mappings were used to automatically assign permissions and roles to new users.Experimental results show that the proposed algorithm is effective and efficient.展开更多
Access control in multi-domain environments is an important question in building coalition between domains. Based on the RBAC access control model and the concepts of secure domain, the role delegation and role mappin...Access control in multi-domain environments is an important question in building coalition between domains. Based on the RBAC access control model and the concepts of secure domain, the role delegation and role mapping are proposed, which support the third-party authorization. A distributed RBAC model is then presented. Finally implementation issues are discussed.展开更多
Access control in multi-domain environments is one of the important questions of building coalition between domains. On the basis of RBAC access control model, the concepts of role delegation and role mapping are prop...Access control in multi-domain environments is one of the important questions of building coalition between domains. On the basis of RBAC access control model, the concepts of role delegation and role mapping are proposed, which support the third-party authorization. Then, a distributed RBAC model is presented. Finally the implementation issues are discussed.展开更多
Towards the crossing and coupling permissions in tasks existed widely in many fields and considering the design of role view must rely on the activities of the tasks process,based on Role Based Accessing Control (RBAC...Towards the crossing and coupling permissions in tasks existed widely in many fields and considering the design of role view must rely on the activities of the tasks process,based on Role Based Accessing Control (RBAC) model,this paper put forward a Role Tree-Based Access Control (RTBAC) model. In addition,the model definition and its constraint formal description is also discussed in this paper. RTBAC model is able to realize the dynamic organizing,self-determination and convenience of the design of role view,and guarantee the least role permission when task separating in the mean time.展开更多
Delegation mechanism in Internet of Things(IoT)allows users to share some of their permissions with others.Cloud-based delegation solutions require that only the user who has registered in the cloud can be delegated p...Delegation mechanism in Internet of Things(IoT)allows users to share some of their permissions with others.Cloud-based delegation solutions require that only the user who has registered in the cloud can be delegated permissions.It is not convenient when a permission is delegated to a large number of temporarily users.Therefore,some works like CapBAC delegate permissions locally in an offline way.However,this is difficult to revoke and modify the offline delegated permissions.In this work,we propose a traceable capability-based access control approach(TCAC)that can revoke and modify permissions by tracking the trajectories of permissions delegation.We define a time capability tree(TCT)that can automatically extract permissions trajectories,and we also design a new capability token to improve the permission verification,revocation and modification efficiency.The experiment results show that TCAC has less token verification and revocation/modification time than those of CapBAC and xDBAuth.TCAC can discover 73.3%unvisited users in the case of delegating and accessing randomly.This provides more information about the permissions delegation relationships,and opens up new possibilities to guarantee the global security in IoT delegation system.To the best of our knowledge,TCAC is the first work to capture the unvisited permissions.展开更多
访问控制是应用系统中的重要问题之一。传统的基于角色的访问控制(RBAC)方案需要预先定义和同步用户-角色赋值关系,这会带来管理成本和同步开销,并且限制了应用系统的灵活性和动态性。文章提出一种基于策略的动态角色分配模型(Policy-ba...访问控制是应用系统中的重要问题之一。传统的基于角色的访问控制(RBAC)方案需要预先定义和同步用户-角色赋值关系,这会带来管理成本和同步开销,并且限制了应用系统的灵活性和动态性。文章提出一种基于策略的动态角色分配模型(Policy-based Dynamic Role Assignment Model——PDRA),它无需同步用户就可以自定义角色,并通过策略匹配的方式实现动态分配。模型完全兼容RBAC,可以成为RBAC良好的扩展机制。文章给出了模型的定义和算法,评估了模型的性能,并在华东师范大学的数据治理平台中进行了应用,验证了该方案的可行性和有效性。展开更多
Permission delegation has become a new way for data sharing by delegating the authorized permission to other users.A flexible authorization model with strict access control policies is promising for electronic health ...Permission delegation has become a new way for data sharing by delegating the authorized permission to other users.A flexible authorization model with strict access control policies is promising for electronic health record(EHR)sharing with security.In this paper,a blockchain-based multi-hop permission delegation scheme with controllable delegation depth for EHR sharing has been presented.We use the interplanetary file system(IPFS)for storing the original EHRs.Smart contracts and proxy re-encryption technology are implemented for permission delegation.In order to ensure data security,we use attribute-based encryption to provide fine-grained access control.Additionally,blockchain is used to achieve traceability and immutability.We deploy smart contracts so that the delegation depth can be set by delegators.Security analysis of the proposed protocol shows that our solution meets the designed goals.Finally,we evaluate the proposed algorithm and implement the scheme on the Ethereum test chain.Our scheme outperforms the competition in terms of performance,according to the results of our experiments.展开更多
基金Project(61003140) supported by the National Natural Science Foundation of ChinaProject(013/2010/A) supported by Macao Science and Technology Development FundProject(10YJC630236) supported by Social Science Foundation for the Youth Scholars of Ministry of Education of China
文摘Role mining and setup affect the usage of role-based access control(RBAC).Traditionally,user's role and permission assigning are manipulated by security administrator of system.However,the cost is expensive and the operating process is complex.A new role analyzing method was proposed by generating mappings and using them to provide recommendation for systems.The relation among sets of permissions,roles and users was explored by generating mappings,and the relation between sets of users and attributes was analyzed by means of the concept lattice model,generating a critical mapping between the attribute and permission sets,and making the meaning of the role natural and operational.Thus,a role is determined by permission set and user's attributes.The generated mappings were used to automatically assign permissions and roles to new users.Experimental results show that the proposed algorithm is effective and efficient.
文摘Access control in multi-domain environments is an important question in building coalition between domains. Based on the RBAC access control model and the concepts of secure domain, the role delegation and role mapping are proposed, which support the third-party authorization. A distributed RBAC model is then presented. Finally implementation issues are discussed.
文摘Access control in multi-domain environments is one of the important questions of building coalition between domains. On the basis of RBAC access control model, the concepts of role delegation and role mapping are proposed, which support the third-party authorization. Then, a distributed RBAC model is presented. Finally the implementation issues are discussed.
基金Knowledge Innovation Project and Intelligent Infor mation Service and Support Project of the Shanghai Education Commission, China
文摘Towards the crossing and coupling permissions in tasks existed widely in many fields and considering the design of role view must rely on the activities of the tasks process,based on Role Based Accessing Control (RBAC) model,this paper put forward a Role Tree-Based Access Control (RTBAC) model. In addition,the model definition and its constraint formal description is also discussed in this paper. RTBAC model is able to realize the dynamic organizing,self-determination and convenience of the design of role view,and guarantee the least role permission when task separating in the mean time.
基金This work supports in part by National Key R&D Program of China(No.2018YFB2100400)National Science Foundation of China(No.61872100)+1 种基金Industrial Internet Innovation and Development Project of China(2019)State Grid Corporation of China Co.,Ltd.technology project(No.5700-202019187A-0-0-00).
文摘Delegation mechanism in Internet of Things(IoT)allows users to share some of their permissions with others.Cloud-based delegation solutions require that only the user who has registered in the cloud can be delegated permissions.It is not convenient when a permission is delegated to a large number of temporarily users.Therefore,some works like CapBAC delegate permissions locally in an offline way.However,this is difficult to revoke and modify the offline delegated permissions.In this work,we propose a traceable capability-based access control approach(TCAC)that can revoke and modify permissions by tracking the trajectories of permissions delegation.We define a time capability tree(TCT)that can automatically extract permissions trajectories,and we also design a new capability token to improve the permission verification,revocation and modification efficiency.The experiment results show that TCAC has less token verification and revocation/modification time than those of CapBAC and xDBAuth.TCAC can discover 73.3%unvisited users in the case of delegating and accessing randomly.This provides more information about the permissions delegation relationships,and opens up new possibilities to guarantee the global security in IoT delegation system.To the best of our knowledge,TCAC is the first work to capture the unvisited permissions.
文摘访问控制是应用系统中的重要问题之一。传统的基于角色的访问控制(RBAC)方案需要预先定义和同步用户-角色赋值关系,这会带来管理成本和同步开销,并且限制了应用系统的灵活性和动态性。文章提出一种基于策略的动态角色分配模型(Policy-based Dynamic Role Assignment Model——PDRA),它无需同步用户就可以自定义角色,并通过策略匹配的方式实现动态分配。模型完全兼容RBAC,可以成为RBAC良好的扩展机制。文章给出了模型的定义和算法,评估了模型的性能,并在华东师范大学的数据治理平台中进行了应用,验证了该方案的可行性和有效性。
基金supported by the National Natural Science Foundation of China(No.62072005)Natural Science Foundation of Anhui Province,China(No.2108085Y22)Anhui Provincial Engineering Laboratory on Information Fusion and Control of Intelligent Rabot,China(No.IFCIR2020008).
文摘Permission delegation has become a new way for data sharing by delegating the authorized permission to other users.A flexible authorization model with strict access control policies is promising for electronic health record(EHR)sharing with security.In this paper,a blockchain-based multi-hop permission delegation scheme with controllable delegation depth for EHR sharing has been presented.We use the interplanetary file system(IPFS)for storing the original EHRs.Smart contracts and proxy re-encryption technology are implemented for permission delegation.In order to ensure data security,we use attribute-based encryption to provide fine-grained access control.Additionally,blockchain is used to achieve traceability and immutability.We deploy smart contracts so that the delegation depth can be set by delegators.Security analysis of the proposed protocol shows that our solution meets the designed goals.Finally,we evaluate the proposed algorithm and implement the scheme on the Ethereum test chain.Our scheme outperforms the competition in terms of performance,according to the results of our experiments.
