共查询到20条相似文献,搜索用时 78 毫秒
1.
为了解决多级环境中敏感资源的安全性问题,提出了多级环境下基于角色和本体的访问控制方法.通过使用本体等语义技术,构造了一个结合基于角色的访问控制和Bell-LaPadula (BLP)模型的访问控制模型.根据角色的继承关系推导用户及资源之间安全级别的高低关系,在为角色指派权限时按照BLP模型进行授权的限制.实验表明,该方法在保证多级安全特性的前提下实现了用户权限的自动分配,消除了角色权限继承带来的安全隐患,为多级环境下的访问控制提供了一种新的思路. 相似文献
2.
基于行为的结构化文档多级访问控制 总被引:1,自引:0,他引:1
针对当前云计算环境中因缺乏多级安全机制而使结构化文档容易产生信息泄露和非授权访问等问题,提出基于行为的多级访问控制(action-based multilevel access control model,AMAC)模型并给出策略的形式化描述.利用信息流中的不干扰理论建立AMAC不干扰模型,并证明AMAC模型中多级访问控制策略的安全性.与已有访问控制模型的比较与分析表明,AMAC模型既可以利用角色、上下文和用户访问行为以提高访问控制策略的灵活性,还可以依据用户,用户访问行为和结构化文档的安全等级实现多级安全机制. 相似文献
3.
为了应用多级安全策略,阻止信息流向不受信任的目的地,将BLP模型完整性增强的安全策略扩展到多级安全网络中,基于信息流的强制访问控制机制提出一个应用于多级安全网络的安全策略模型.该模型主要为网络层和数据链路层数据流提供相应的安全策略,很好地保证网络中数据流的机密性和完整性. 相似文献
4.
5.
一种BLP模型的量化分析方法 总被引:2,自引:0,他引:2
BLP模型是最为经典的强制访问控制模型,它基于一个信息流策略,通过允许低安全级别到高安全级别的单向信息流动,来实现多级的强制访问控制.但对实际中普遍存在的高安全级别到低安全级别的下向信息流动,BLP模型并没有给出理论解决方法.本文对BLP模型提出一种量化的分析方法以分析下向信息流动的安全性.这一方法基于Shannon信息论中条件熵的概念,提出用安全门限来度量信息安全的方法.特别地,这一分析方法给出了下向信息流安全的条件,并证明了该条件下系统仍保持其保密性. 相似文献
6.
随着计算机安全需求的日益增加,作为安全操作系统研究方向之一的SELinux系统也在不断地完善。将访问控制向量矩阵与SELinux的访问控制机制相结合,并配合用于机密性保护的BLP模型和用于完整性保护的Biba模型,提出了基于向量矩阵的多级安全访问控制实现方法,并在SELinux系统中予以实现。 相似文献
7.
一种基于环境安全的角色访问控制模型研究 总被引:5,自引:1,他引:4
基于角色的访问控制RBAC(role-based access control)能够降低访问控制管理工作的复杂性,但在动态变化的网络环境中,单纯依靠用户身份属性进行角色和许可分配,不能完全满足网络安全服务的要求.提出ESRBAC(en-vironment security role-based access control)模型,将角色与环境安全性相关联,只有用户的环境达到一定安全级别时,其角色对应的许可方才有效.给出了模型的定义及基本语义,并用一种适合于描述模型运行的形式化工具对一个具体的实例进行了分析. 相似文献
8.
9.
BLP模型通过允许低安全级别到高安全级别的信息流动,保证了信息的机密性。但是不能解决普遍存在的下向信息流。而Clark-Wilson模型通过可监控的状态转换提供了完整性保护。提出的模型以BLP控制策略为基础,并在Clark-Wilson模型的监控下,允许下向信息流的流动。证明了该模型是安全的,可行的。 相似文献
10.
针对常用的访问控制模型不能很好地解决多级多域信息系统的访问控制问题,分析了多级多域信息系统的结构特征,提出并实现了一种基于安全级别的访问控制模型。实验结果表明,该访问控制模型达到了预定的目标,可以针对多级多域信息系统的各要素分别进行安全级别设定,通过对安全级别的比较进行访问控制。基于安全级别的访问控制模型相对常用的访问控制模型,具有在多级多域信息系统上更容易部署、对权限的变更反应更为迅速,并且能够限制不安全的信息流动等特点。 相似文献
11.
张涛 《计算机测量与控制》2015,23(1):86-89
为了设计一种具有低成本、低功耗、易操作、功能强且可靠性高的煤矿井下安全分站,针对煤矿安全生产实际,文章提出了采用MCS-51系列单片机为核心、具有CAN总线通信接口的煤矿井下安全监控分站的设计方案;首先给出煤矿井下安全监控分站的整体构架设计,然后着重阐述模拟量输入信号处理系统的设计过程,最后说明单片机最小系统及其键盘、显示、报警、通信等各个组成部分的设计;为验证设计方案的可行性与有效性,使用Proteus软件对设计内容进行仿真验证,设计的煤矿井下安全监控分站具有瓦斯、温度等模拟量参数超标报警功能和电机开停、风门开闭等开关量指示功能;仿真结果表明:设计的煤矿井下安全监控分站具有一定的实际应用价值. 相似文献
12.
In modern service-oriented architectures, database access is done by a special type of services, the so-called data access services (DAS). Though, particularly in data-intensive applications, using and developing DAS are very common today, the link between the DAS and their implementation, e.g. a layer of data access objects (DAOs) encapsulating the database queries, still is not sufficiently elaborated, yet. As a result, as the number of DAS grows, finding the desired DAS for reuse and/or associated documentation can become an impossible task. In this paper we focus on bridging this gap between the DAS and their implementation by presenting a view-based, model-driven data access architecture (VMDA) managing models of the DAS, DAOs and database queries in a queryable manner. Our models support tailored views of different stakeholders and are scalable with all types of DAS implementations. In this paper we show that our view-based and model driven architecture approach can enhance software development productivity and maintainability by improving DAS documentation. Moreover, our VMDA opens a wide range of applications such as evaluating DAS usage for DAS performance optimization. Furthermore, we provide tool support and illustrate the applicability of our VMDA in a large-scale case study. Finally, we quantitatively prove that our approach performs with acceptable response times. 相似文献
13.
《Information & Management》2016,53(6):787-802
Discrepant technological events or situations that entail a problem, a misunderstanding or a difficulty with the Information Technology (IT) being employed, are common in the workplace, and can lead to frustration and avoidance behaviors. Little is known, however, about how individuals cope with these events. This paper examines these events by using a multi-method pragmatic approach informed by coping theory. The results of two studies – a critical incident study and an experiment – serve to build and test, respectively, a theoretical model that posits that individuals use a variety of strategies when dealing with these events: they experience negative emotions, make external attributions, and adopt engagement coping strategies directed at solving the event, eventually switching to a disengagement coping strategy when they feel they have no control over the situation. Furthermore, users’ efforts may result in ‘accidental’ learning as they try to overcome the discrepant IT events through engagement coping. The paper ends with a discussion of the results in light of existing literature, future opportunities for research, and implications for practice. 相似文献
14.
Distributed real-time simulation is a young technology field but its practice is under increasing demands. In recent years the author and his collaborators have been establishing a new approach called the distributed time-triggered simulation (DTS) scheme which is conceptually simple and easy to use but widely applicable. The concept was initiated in the course of developing a new-generation object-oriented real-time programming scheme called the time-triggered message-triggered object (TMO) programming scheme. Some fundamental issues inherent in distributed real-time simulation that were learned during recent experimental studies are discussed along with some approaches for resolving the issues. An execution engine developed to support both the TMOs engaged in control computation and the TMOs engaged in DTS is also discussed along with its possible extensions that will enable significantly larger-scale DTSs. 相似文献
15.
Zusammenfassung Mit zunehmender Größe der Softwaresysteme verschärfen sich die für die Software-Herstellung typischen Probleme: Beherrschen großer Objektmengen, Erhalten der Systemkonsistenz, Kontrolle der ständigen Änderungseinflüsse und Gewährleisten einer langen Lebensdauer. Die Disziplin Konfigurationsmanagement bildet den methodischen Ansatz, diese Probleme besser zu beherrschen. Software-Konfigurationsmanagement faßt die Herstellung von Softwaresystemen als eine Abfolge von kontrollierten Änderungen an gesicherten Zwischen- und Endergebnissen auf. Dargestellt werden die Objekte und Funktionen des Software-Konfigurationsmanagements sowie die hierfür in großen Software-Projekten benötigten Methoden, Instanzen und Hilfsmittel. 相似文献
16.
Recent years have seen rapid advances in various grid-related technologies, middleware, and applications. The GCC conference has become one of the largest scientific events worldwide in grid and cooperative computing. The 6th international conference on grid and cooperative computing (GCC2007) Sponsored by China Computer Federation (CCF),Institute of Computing Technology, Chinese Academy of Sciences (ICT) and Xinjiang University ,and in Cooperation with IEEE Computer Soceity ,is to be held from August 16 to 18, 2007 in Urumchi, Xinjiang, China. 相似文献
17.
《浙江大学学报:C卷英文版》2014,(11)
正http://www.zju.edu.cn/jzus http://www.springerlink.com Aim The Journals of Zhejiang University-SCIENCE(A/B/C)are edited by the international board of distinguished Chinese and foreign scientists,and are aimed to present the latest developments and achievements in scientific research in China and 相似文献
18.
Zhao-hui WU 《浙江大学学报:C卷英文版》2014,(10)
正Brain-machine interfaces(BMIs)aim at building a direct communication pathway between the brain and an external device,and represent an area of research where significant progress has been made during the past decade.Based on BMIs,mind information can be read out by neural signals to control 相似文献
19.
《浙江大学学报:C卷英文版》2014,(10)
正http://www.zju.edu.cn/jzus http://www.springerlink.com Aim The Journals of Zhejiang University-SCIENCE(A/B/C)are edited by the international board of distinguished Chinese and foreign scientists,and are aimed to present the latest developments and achievements in scientific research in China and overseas to the world’s scientific circles,especially to stimulate 相似文献