The secure interaction among multiple security domains is a major concern. In this paper, we highlight the issues of secure interoperability among multiple security domains operating under the widely accepted Role Bas...The secure interaction among multiple security domains is a major concern. In this paper, we highlight the issues of secure interoperability among multiple security domains operating under the widely accepted Role Based Access Control (RBAC) model. We propose a model called CRBAC that easily establishes a global policy for roles mapping among multiple security domains. Our model is based on an extension of the RBAC model. Also, multiple security domains were composed to one abstract security domain. Also roles in the multiple domains are translated to permissions of roles in the abstract security domain. These permissions keep theirs hierarchies. The roles in the abstract security domain implement roles mapping among the multiple security domains. Then, authorized users of any security domain can transparently access resources in the multiple domains.展开更多
A dynamic Web application, which can help the departments of enterprise to collaborate with each other conveniently, is proposed. Several popular design solutions are introduced at first. Then, dynamic Web system is c...A dynamic Web application, which can help the departments of enterprise to collaborate with each other conveniently, is proposed. Several popular design solutions are introduced at first. Then, dynamic Web system is chosen for developing the file access and control system. Finally, the paper gives the detailed process of the design and implementation of the system, which includes some key problems such as solutions of document management and system security. Additionally, the limitations of the system as well as the suggestions of further improvement are also explained.展开更多
Web service composition is a low cost and efficient way to leverage the existing resource and implementation.In current Web service composition implementations,the issue of how to define the role for a new composite W...Web service composition is a low cost and efficient way to leverage the existing resource and implementation.In current Web service composition implementations,the issue of how to define the role for a new composite Web service has been little addressed.Adjusting the access control policy for a new composite Web service always causes substantial administration overhead from the security administrator.Furthermore,the distributed nature of Web service based applications makes traditional role mining methods obsolete.In this paper,we analyze the minimal role mining problem for Web service composition,and prove that this problem is NP-complete.We propose a sub-optimal greedy algorithm based on the analysis of necessary role mapping for interoperation across multiple domains.Simulation shows the effectiveness of our algorithm,and compared to the existing methods,our algorithm has significant performance advantages.We also demonstrate the practical application of our method in a real agent based Web service system.The results show that our method could find the minimal role mapping efficiently.展开更多
基金Supported by the National Natural Science Foun-dation of China(60403027) the Natural Science Foundation of HubeiProvince(2005ABA258) the Open Foundation of State Key Labo-ratory of Software Engineering(SKLSE05-07)
文摘The secure interaction among multiple security domains is a major concern. In this paper, we highlight the issues of secure interoperability among multiple security domains operating under the widely accepted Role Based Access Control (RBAC) model. We propose a model called CRBAC that easily establishes a global policy for roles mapping among multiple security domains. Our model is based on an extension of the RBAC model. Also, multiple security domains were composed to one abstract security domain. Also roles in the multiple domains are translated to permissions of roles in the abstract security domain. These permissions keep theirs hierarchies. The roles in the abstract security domain implement roles mapping among the multiple security domains. Then, authorized users of any security domain can transparently access resources in the multiple domains.
基金Supported by the National Natural Science Foun-dation of China (60503036)
文摘A dynamic Web application, which can help the departments of enterprise to collaborate with each other conveniently, is proposed. Several popular design solutions are introduced at first. Then, dynamic Web system is chosen for developing the file access and control system. Finally, the paper gives the detailed process of the design and implementation of the system, which includes some key problems such as solutions of document management and system security. Additionally, the limitations of the system as well as the suggestions of further improvement are also explained.
文摘Web service composition is a low cost and efficient way to leverage the existing resource and implementation.In current Web service composition implementations,the issue of how to define the role for a new composite Web service has been little addressed.Adjusting the access control policy for a new composite Web service always causes substantial administration overhead from the security administrator.Furthermore,the distributed nature of Web service based applications makes traditional role mining methods obsolete.In this paper,we analyze the minimal role mining problem for Web service composition,and prove that this problem is NP-complete.We propose a sub-optimal greedy algorithm based on the analysis of necessary role mapping for interoperation across multiple domains.Simulation shows the effectiveness of our algorithm,and compared to the existing methods,our algorithm has significant performance advantages.We also demonstrate the practical application of our method in a real agent based Web service system.The results show that our method could find the minimal role mapping efficiently.
