共查询到20条相似文献,搜索用时 171 毫秒
1.
2.
3.
4.
在多维数字媒体场景中,用户期望利用环境、时态等因素实现访问权限的自我约束。针对该需求,综合环境、时态、角色定义授权属性,提出面向多维数字媒体的访问控制机制,该机制定义用户—授权属性分配关系和授权属性—访问权限分配关系,根据用户的ID、属性信息、所处环境和时态、角色,用户—授权属性分配关系为用户分配相应授权属性;根据用户所赋予的授权属性,授权属性—访问权限分配关系为用户分配相应访问权限。引入约束条件,用户通过设置约束条件进行访问权限的自我约束,实现访问权限随环境、时态、角色等因素的变化而动态缩减。使用Z符号对该机制进行形式化描述,通过实例分析验证其可行性,与现有工作的比较表明所提机制支持最小权限、职责分离、数据抽象等安全原则,支持访问权限的动态缩减。 相似文献
5.
6.
基于角色的访问控制是目前应用在系统控制用户访问中比较主流的一门技术。在此针对医疗系统的特点,在基于角色的访问控制模型的基础上,分析医疗系统中的访问主体和客体,引入角色,将权限和角色相关联,重点研究不同用户对记录的访问控制,提出一个访问控制算法,通过分配用户适当的角色,然后授予用户适当的访问权限,使用户和访问权限逻辑分离,从而提高了在医疗系统中权限分配和访问控制的灵活性与安全性。 相似文献
7.
文章给出了一种基于角色的PMI系统的授权策略的构成与实现,可以为大型企业多种信息应用平台和网络中分布式应用系统提供一种用户权限的集中统一的管理。并从几个方面对怎样实现RBAC授权策略作了详细的说明,通过对策略的管理,能很好地实现基于RBAC的授权。 相似文献
8.
张燕燕 《信息安全与通信保密》2005,(2):179-182
本文描述的权限管理基础设施(PMI)的总体框架,不同于以前的授权管理方案,使用属性证书表示用户的权限,使用XML格式的策略表示受控资源的访问规则。最后,提出了一个可行的属性证书发放中心(AA)的构建方案,AA采用基于角色的授权管理模型,能够为权限管理框架上的业务系统提供属性证书管理。 相似文献
9.
文中提出了一套保护用户隐私的数据加密与安全存储方案,选择了适合的加密算法和密钥管理方案。通过对比分析不同加密算法的安全性和效率,最终选择了AES 256,RSA等加密算法,并设计了三级密钥管理方案,实现了对密钥的安全存储和分发。在数据存储方面,以eMMC存储器为存储介质,实现了基于角色和权限的访问控制机制,确保用户只能访问其被授权的数据。 相似文献
10.
随着应用服务提供商(ASP)模式的发展,为解决集成了越来越多应用服务的ASP平台与用户之间复杂的管理需求,提出了一种ASP模式下用户授权代理机制的角色访问控制(UD-RBAc)模型.文中对UD_RBAC模型形式化描述,细致地分析了其构成要素、用户授权代理管理模式和实施策略.采用LDAP目录访问协议统一存储用户身份和权限信息,通过代理策略保护应用服务资源,实现对用户的访问进行分级授权和控制. 相似文献
11.
尹晓晖 《信息安全与通信保密》2008,(12):107-108
论文深入剖析了RB—RBAC此完成权限自动分配的授权管理方法。难以解决的授权管理问题。模型并结合用户的身份管理,提出了一种根据用户属性它能满足分布环境、用户数量巨大、权限分配关系复杂、制定授权规则,并据使用传统的管理方法 相似文献
12.
Wei Yu Sriram Chellappan Dong Xuan Wei Zhao 《International Journal of Communication Systems》2006,19(7):727-750
More and more applications in the Internet are requiring an intelligent service infrastructure to provide customized services. In this paper, we present an infrastructure, which can transparently and effectively provide customized active‐services to end users and dynamically adapt to changing customized policies in large distributed heterogeneous environments. The infrastructure consists of two components: the policy agent and middleware box. Particularly, our technologies include: (1) Generic active‐service based infrastructure, where the policy agent can integrate policies requested by applications, and middleware boxes can transparently execute services and (2) Distributed policy processing in the middleware box. We study two policy partitioning schemes to achieve conflict‐free policies for distributed policy processing and guarantee the correctness of the policy execution. We conduct extensive performance evaluations on different schemes proposed. Our experimental results demonstrate that our policy partitioning schemes can effectively generate partition‐capable and conflict‐free policy sets. The evaluation results also show that distributed policy processing can achieve over 70% increase in performance/price ratio with proper assignment of the policy distribution degree compared to a purely centralized approach. Copyright © 2005 John Wiley & Sons, Ltd. 相似文献
13.
14.
涉密信息系统安全保密管理人员的职责要求与权限划分 总被引:1,自引:0,他引:1
涉密信息系统的安全保密管理人员包括系统管理员、安全保密管理员和安全审计员。本文分别对国家保密标准中所规定的这三类安全保密管理人员进行研究,分析各自职责。并以涉密信息系统用户账号和授权管理流程为例,说明了安全保密管理人员的权限划分原则。以此促进涉密信息系统建设使用单位对标准要求的理解和落实,同时也为涉密信息系统内业务应用系统和安全保密产品的设计开发提出了相应的功能要求。 相似文献
15.
Publish/subscribe paradigm is often adopted to create the communication infrastructure of the Internet of Things(IoT)for many clients to access enormous real-time sensor data.However,most current publish/subscribe middlewares are based on traditional ossified IP networks,which are difficult to enable Quality of Service(QoS).How to design the next generation publish/subscribe middleware has become an urgent problem.The emerging Software Defined Networking(SDN)provides new opportunities to improve the QoS of publish/subscribe facilities for delivering events in IoT owing to its customized programmability and centralized control.We can encode event topics,priorities and security policies into flow entries of SDN-enabled switches to satisfy personalized QoS needs.In this paper,we propose a cross-layer QoS enabled SDN-like publish/subscribe communication infrastructure,aiming at building an IoT platform to seamlessly connect IoT services with SDN networks and improving the QoS of delivering events.We first present an SDN-like topic-oriented publish/subscribe middleware architecture with a cross-layer QoS control framework.Then we discuss prototype implementation,including topic management,topology maintenance,event routing and policy management.In the end,we use differentiated services and cross-layer access control as cross-layer QoS scenarios to verify the prototype.Experimental results show that our middleware is effective. 相似文献
16.
To address the problem that most of the existing privacy protection methods can not satisfy the user’s personalized requirements very well in group recommendation,a user personalized privacy protection framework based on trusted client for group recommendation (UPPPF-TC-GR) followed with a group sensitive preference protection method (GSPPM) was proposed.In GSPPM,user’s historical data and privacy preference demands were collected in the trusted client,and similar users were selected in the group based on sensitive topic similarity between users.Privacy protection for users who had privacy preferences in the group was realized by randomization of cooperative disturbance to top k similar users.Simulation experiments show that the proposed GSPPM can not only satisfy privacy protection requirements for each user but also achieve better performance. 相似文献
17.
随着医疗信息化的快速发展,现行EMR系统在信息共享和安全性方面无法很好地满足医疗和患者的需要。文中基于云计算技术提出一种EMR存储云系统,为患者和医院提供统一的电子病历注册和使用服务,并重点对电子病历的访问控制策略进行了讨论,采用一般角色访问控制和用户个性化逐级授权相结合的策略,有效解决了动态授权和用户个性化需求问题,满足了患者对于信息安全性和隐私保护方面的需求。 相似文献
18.
With social networks (SNs) allowing their users to host large amounts of personal data on their platforms, privacy protection mechanisms are becoming increasingly important. The current privacy protection mechanisms offered by SNs mostly enforce access control policies based on users’ privacy settings. The task of setting privacy preferences may be tedious and confusing for the average user, who has hundreds of connections (e.g., acquaintances, colleagues, friends, etc.) and maintains an extensive profile on his main SN. Hence, users often end up with policies that do not sufficiently protect their personal information, thus facilitating potential privacy breaches and information misuse. In this paper, we propose PriMa (Privacy Manager), a privacy protection mechanism that supports semiautomated generation of access rules for users’ profile information, filling the gap between the privacy management needs of SN users and the existing SNs’ privacy protection mechanisms. PriMa access rules are generated using a multicriteria algorithm, so as to account for an extensive set of criteria to be considered when dealing with access control in SN sites. The resulting rules are simple yet powerful specifications, indicating the adequate level of protection for each user, and are dynamically adapted to the ever-changing requirements of the users’ preferences and SN configuration. We have implemented PriMa on a Drupal platform and as a third-party Facebook application. We have evaluated the performance of the PriMa application with respect to access rule generation. 相似文献
19.
To protect personal privacy and confidential preservation, access control is used to authorize legal users for safe browsing the authorized contents on photos. The access control generates an authorization rule according to each permission assignment. However, the general access control is inappropriate to apply in some social services (e.g., photos posted on Flickr and Instagram, personal image management in mobile phone) because of the increasing popularity of digital images being stored and managed. With low maintenance loads, this paper integrates the data hiding technique to propose an access control mechanism for privacy preservation. The proposed scheme changes the partial regions of a given image as random pads (called selective image encryption) and only allows the authorized people to remedy the random pads back to meaningful ones which are with similar visual qualities of original ones. 相似文献
20.
论文提出一种新的访问控制模型—基于资源抽象的角色访问控制模型(RD_RBAC)。该模型在对角色授权以及实现系统安全策略的过程中,通过对资源的二次抽象,实现减少冗余角色、降低管理复杂度,并在高校管理系统的实例中得到验证。与传统的RBAC相比,RD_RBAC具有更好的适应性和安全性。 相似文献