Group role assignment(GRA)is originally a complex problem in role-based collaboration(RBC).The solution to GRA provides modelling techniques for more complex problems.GRA with constraints(GRA+)is categorized as a clas...Group role assignment(GRA)is originally a complex problem in role-based collaboration(RBC).The solution to GRA provides modelling techniques for more complex problems.GRA with constraints(GRA+)is categorized as a class of complex assignment problems.At present,there are few generally efficient solutions to this category of problems.Each special problem case requires a specific solution.Group multi-role assignment(GMRA)and GRA with conflicting agents on roles(GRACAR)are two problem cases in GRA+.The contributions of this paper include:1)The formalization of a new problem of GRA+,called group multi-role assignment with conflicting roles and agents(GMAC),which is an extension to the combination of GMRA and GRACAR;2)A practical solution based on an optimization platform;3)A sufficient condition,used in planning,for solving GMAC problems;and 4)A clear presentation of the benefits in avoiding conflicts when dealing with GMAC.The proposed methods are verified by experiments,simulations,proofs and analysis.展开更多
For a given graph G, a k-role assignment of G is a surjective function ?such that , where N(x) and N(y) are the neighborhoods of x and y, respectively. Furthermore, as we limit the number of different roles in the nei...For a given graph G, a k-role assignment of G is a surjective function ?such that , where N(x) and N(y) are the neighborhoods of x and y, respectively. Furthermore, as we limit the number of different roles in the neighborhood of an individual, we call r a restricted size k-role assignment. When the hausdorff distance between the sets of roles assigned to their neighbors is at most 1, we call r a k-threshold close role assignment. In this paper we study the graphs that have k-role assignments, restricted size k-role assignments and k-threshold close role assignments, respectively. By the end we discuss the maximal and minimal graphs which have k-role assignments.展开更多
Teachers and students play important roles in teaching activity,and they are the most essential parts of the system.The relationship between teachers and students,the core schooling interpersonal relationship,directly...Teachers and students play important roles in teaching activity,and they are the most essential parts of the system.The relationship between teachers and students,the core schooling interpersonal relationship,directly determines whether the teach ing activities can go smoothly or not,and is an important index to measure the quality of teachers and students'school life,and also is an important factor that affects the social function of education.For a long time,relationship between teachers and students has been a hot topic in education and in different sectors of the society.This dissertation aims at discussing the teacher-student role changing in interactive teaching mode to provide reference for building a harmonious relationship between teachers and stu dents.展开更多
Role mining and setup affect the usage of role-based access control(RBAC).Traditionally,user's role and permission assigning are manipulated by security administrator of system.However,the cost is expensive and th...Role mining and setup affect the usage of role-based access control(RBAC).Traditionally,user's role and permission assigning are manipulated by security administrator of system.However,the cost is expensive and the operating process is complex.A new role analyzing method was proposed by generating mappings and using them to provide recommendation for systems.The relation among sets of permissions,roles and users was explored by generating mappings,and the relation between sets of users and attributes was analyzed by means of the concept lattice model,generating a critical mapping between the attribute and permission sets,and making the meaning of the role natural and operational.Thus,a role is determined by permission set and user's attributes.The generated mappings were used to automatically assign permissions and roles to new users.Experimental results show that the proposed algorithm is effective and efficient.展开更多
This paper first reviewed a controversial case in which a teacher ran away from his students in a earthquake. Several educational ethnic questions were aroused from the case: Is protecting students part of teacher'...This paper first reviewed a controversial case in which a teacher ran away from his students in a earthquake. Several educational ethnic questions were aroused from the case: Is protecting students part of teacher's job? To what extent should it be applied? etc. Then the author aims to answer these questions based on a real case study from philosophical perspective, that is, analyzing teacher's role(i) as a human being;(ii) as a educator;(iii) as a educatee. Finally the paper concludes that teachers should protect their students even under life threatening circumstances.展开更多
Access control in a grid environment is a challenging issue because the heterogeneous nature and independent administration of geographically dispersed resources in grid require access control to use fine-grained poli...Access control in a grid environment is a challenging issue because the heterogeneous nature and independent administration of geographically dispersed resources in grid require access control to use fine-grained policies. We established a task-and-role-based access-control model for computational grid (CG-TRBAC model), integrating the concepts of role-based access control (RBAC) and task-based access control (TBAC). In this model, condition restrictions are defined and concepts specifically tailored to Workflow Management System are simplified or omitted so that role assignment and security administration fit computational grid better than traditional models; permissions are mutable with the task status and system variables, and can be dynamically controlled. The CG-TRBAC model is proved flexible and extendible. It can implement different control policies. It embodies the security principle of least privilege and executes active dynamic authorization. A task attribute can be extended to satisfy different requirements in a real grid system.展开更多
Growing numbers of users and many access control policies which involve many different resource attributes in service-oriented environments bring various problems in protecting resource.This paper analyzes the relatio...Growing numbers of users and many access control policies which involve many different resource attributes in service-oriented environments bring various problems in protecting resource.This paper analyzes the relationships of resource attributes to user attributes in all policies, and propose a general attribute and rule based role-based access control(GAR-RBAC) model to meet the security needs. The model can dynamically assign users to roles via rules to meet the need of growing numbers of users. These rules use different attribute expression and permission as a part of authorization constraints, and are defined by analyzing relations of resource attributes to user attributes in many access policies that are defined by the enterprise. The model is a general access control model, and can support many access control policies, and also can be used to wider application for service. The paper also describes how to use the GAR-RBAC model in Web service environments.展开更多
访问控制是应用系统中的重要问题之一。传统的基于角色的访问控制(RBAC)方案需要预先定义和同步用户-角色赋值关系,这会带来管理成本和同步开销,并且限制了应用系统的灵活性和动态性。文章提出一种基于策略的动态角色分配模型(Policy-ba...访问控制是应用系统中的重要问题之一。传统的基于角色的访问控制(RBAC)方案需要预先定义和同步用户-角色赋值关系,这会带来管理成本和同步开销,并且限制了应用系统的灵活性和动态性。文章提出一种基于策略的动态角色分配模型(Policy-based Dynamic Role Assignment Model——PDRA),它无需同步用户就可以自定义角色,并通过策略匹配的方式实现动态分配。模型完全兼容RBAC,可以成为RBAC良好的扩展机制。文章给出了模型的定义和算法,评估了模型的性能,并在华东师范大学的数据治理平台中进行了应用,验证了该方案的可行性和有效性。展开更多
Powerful expressive ability of semantic information, to be easily computed and flexibility are basic features of digital product model (DPM). Using ontology and object-oriented principle (OOP) together to cope with pr...Powerful expressive ability of semantic information, to be easily computed and flexibility are basic features of digital product model (DPM). Using ontology and object-oriented principle (OOP) together to cope with problems in modeling is brought forward in this paper. The two are widely used and do well in modeling, but they each alone cannot cope with all issues and new challenges. Three basic requests are pointed out in DPM modeling. Status, problems, and root of current non-semantic and semantic models are introduced. Ontology, OOP, and their difference are introduced. It is found that the two are entirely complementary with each other. How to assign the roles and to cooperate for the two in coping with the three basic issues in DPM modeling are explained in detail.展开更多
基金supported in part by Natural Sciences and Engineering Research Council,Canada(NSERC)(RGPIN-2018-04818)the funding from the Innovation for Defence Excellence and Security(IDEaS)Program from the Canadian Department of National Defence(DND)。
文摘Group role assignment(GRA)is originally a complex problem in role-based collaboration(RBC).The solution to GRA provides modelling techniques for more complex problems.GRA with constraints(GRA+)is categorized as a class of complex assignment problems.At present,there are few generally efficient solutions to this category of problems.Each special problem case requires a specific solution.Group multi-role assignment(GMRA)and GRA with conflicting agents on roles(GRACAR)are two problem cases in GRA+.The contributions of this paper include:1)The formalization of a new problem of GRA+,called group multi-role assignment with conflicting roles and agents(GMAC),which is an extension to the combination of GMRA and GRACAR;2)A practical solution based on an optimization platform;3)A sufficient condition,used in planning,for solving GMAC problems;and 4)A clear presentation of the benefits in avoiding conflicts when dealing with GMAC.The proposed methods are verified by experiments,simulations,proofs and analysis.
文摘For a given graph G, a k-role assignment of G is a surjective function ?such that , where N(x) and N(y) are the neighborhoods of x and y, respectively. Furthermore, as we limit the number of different roles in the neighborhood of an individual, we call r a restricted size k-role assignment. When the hausdorff distance between the sets of roles assigned to their neighbors is at most 1, we call r a k-threshold close role assignment. In this paper we study the graphs that have k-role assignments, restricted size k-role assignments and k-threshold close role assignments, respectively. By the end we discuss the maximal and minimal graphs which have k-role assignments.
文摘Teachers and students play important roles in teaching activity,and they are the most essential parts of the system.The relationship between teachers and students,the core schooling interpersonal relationship,directly determines whether the teach ing activities can go smoothly or not,and is an important index to measure the quality of teachers and students'school life,and also is an important factor that affects the social function of education.For a long time,relationship between teachers and students has been a hot topic in education and in different sectors of the society.This dissertation aims at discussing the teacher-student role changing in interactive teaching mode to provide reference for building a harmonious relationship between teachers and stu dents.
基金Project(61003140) supported by the National Natural Science Foundation of ChinaProject(013/2010/A) supported by Macao Science and Technology Development FundProject(10YJC630236) supported by Social Science Foundation for the Youth Scholars of Ministry of Education of China
文摘Role mining and setup affect the usage of role-based access control(RBAC).Traditionally,user's role and permission assigning are manipulated by security administrator of system.However,the cost is expensive and the operating process is complex.A new role analyzing method was proposed by generating mappings and using them to provide recommendation for systems.The relation among sets of permissions,roles and users was explored by generating mappings,and the relation between sets of users and attributes was analyzed by means of the concept lattice model,generating a critical mapping between the attribute and permission sets,and making the meaning of the role natural and operational.Thus,a role is determined by permission set and user's attributes.The generated mappings were used to automatically assign permissions and roles to new users.Experimental results show that the proposed algorithm is effective and efficient.
文摘This paper first reviewed a controversial case in which a teacher ran away from his students in a earthquake. Several educational ethnic questions were aroused from the case: Is protecting students part of teacher's job? To what extent should it be applied? etc. Then the author aims to answer these questions based on a real case study from philosophical perspective, that is, analyzing teacher's role(i) as a human being;(ii) as a educator;(iii) as a educatee. Finally the paper concludes that teachers should protect their students even under life threatening circumstances.
基金Funded by the Natural Science Foundation of China under Grant Nos. 60503040 and 60403027.
文摘Access control in a grid environment is a challenging issue because the heterogeneous nature and independent administration of geographically dispersed resources in grid require access control to use fine-grained policies. We established a task-and-role-based access-control model for computational grid (CG-TRBAC model), integrating the concepts of role-based access control (RBAC) and task-based access control (TBAC). In this model, condition restrictions are defined and concepts specifically tailored to Workflow Management System are simplified or omitted so that role assignment and security administration fit computational grid better than traditional models; permissions are mutable with the task status and system variables, and can be dynamically controlled. The CG-TRBAC model is proved flexible and extendible. It can implement different control policies. It embodies the security principle of least privilege and executes active dynamic authorization. A task attribute can be extended to satisfy different requirements in a real grid system.
基金The National Natural Science Foundation of China(No60402019No60672068)
文摘Growing numbers of users and many access control policies which involve many different resource attributes in service-oriented environments bring various problems in protecting resource.This paper analyzes the relationships of resource attributes to user attributes in all policies, and propose a general attribute and rule based role-based access control(GAR-RBAC) model to meet the security needs. The model can dynamically assign users to roles via rules to meet the need of growing numbers of users. These rules use different attribute expression and permission as a part of authorization constraints, and are defined by analyzing relations of resource attributes to user attributes in many access policies that are defined by the enterprise. The model is a general access control model, and can support many access control policies, and also can be used to wider application for service. The paper also describes how to use the GAR-RBAC model in Web service environments.
文摘访问控制是应用系统中的重要问题之一。传统的基于角色的访问控制(RBAC)方案需要预先定义和同步用户-角色赋值关系,这会带来管理成本和同步开销,并且限制了应用系统的灵活性和动态性。文章提出一种基于策略的动态角色分配模型(Policy-based Dynamic Role Assignment Model——PDRA),它无需同步用户就可以自定义角色,并通过策略匹配的方式实现动态分配。模型完全兼容RBAC,可以成为RBAC良好的扩展机制。文章给出了模型的定义和算法,评估了模型的性能,并在华东师范大学的数据治理平台中进行了应用,验证了该方案的可行性和有效性。
基金Supported by the Ministries’ Basic Research Foundation, China Knowledge Engineering Platform for Enterprise Innovative Design(No. B0920060901)
文摘Powerful expressive ability of semantic information, to be easily computed and flexibility are basic features of digital product model (DPM). Using ontology and object-oriented principle (OOP) together to cope with problems in modeling is brought forward in this paper. The two are widely used and do well in modeling, but they each alone cannot cope with all issues and new challenges. Three basic requests are pointed out in DPM modeling. Status, problems, and root of current non-semantic and semantic models are introduced. Ontology, OOP, and their difference are introduced. It is found that the two are entirely complementary with each other. How to assign the roles and to cooperate for the two in coping with the three basic issues in DPM modeling are explained in detail.
