基于E-RBAC模型的通用用户权限配置的实现

传统的用户权限配置虽然有些采用RBAC模型,但都是针对具体业务系统,成为信息系统的一个功能模块,灵活性差,且缺乏通用性.为此,提出基于E-RBAC模型策略和应用Web技术,实现Web型信息系统中用户权限配置的通用性.     

How international is Computers and Composition?

In this article, I examine to what extent Computers and Composition: An International Journal for Teachers of Writing is international. My analysis of several aspects of the journal indicates limited international scope. I also discuss two issues important when considering the potential international scope of computers and writing research and practices: the differing uses of computers for writing by different language users and the differing concepts of identity and self in different cultures in relation to writing. I conclude with concrete suggestions for broadening our perspectives on computers and writing and making this journal truly international.     

计算网格中统一的用户管理研究

分析了在计算网格中用户管理要解决的问题，描述了用户分类和用户权限限制，提出了一个统一的用户管理系统，并且详细论述了用户管理的一些关键技术实现，包括用户管理流程、记账机制、标识协议设计和访问远程集群几方面，并已在研制的计算网格JobCenter-Grid中加以实现。     

Structurally noise resistant classifier for multi-modal person verification

In this letter we propose a piece-wise linear (PL) classifier for use as the decision stage in a two-modal verification system, comprised of a face and a speech expert. The classifier utilizes a fixed decision boundary that has been specifically designed to account for the effects of noisy audio conditions. Experimental results on the VidTIMIT database show that in clean conditions, the proposed classifier is outperformed by a traditional weighted summation decision stage (using both fixed and adaptive weights). Using white Gaussian noise to corrupt the audio data resulted in the PL classifier obtaining better performance than the fixed approach and similar performance to the adaptive approach. Using a more realistic noise type, namely “operations room” noise from the NOISEX-92 corpus, resulted in the PL classifier obtaining better performance than both the fixed and adaptive approaches. The better results in this case stem from the PL classifier not making a direct assumption about the type of noise that causes the mismatch between training and testing conditions (unlike the adaptive approach). Moreover, the PL classifier has the advantage of having a fixed (non-adaptive, thus simpler) structure.     

Expert Identity construct in analysing prerequisites for expertise development: a case study of nuclear power plant operators’ on-the-job training

This article discusses how shifting the focus of research to the emotional side of human actions and cognition could create new perspectives on the problem of how to support the human operator in the control of rare disturbances. A new construct, Expert Identity, is described. A qualitative study of the specific problems with changing the operator generation at a nuclear power plant is presented. The results indicate that the current identity of the trainees is more or less still one of the trainees. The conceived demands of operator work and the perceived learning opportunities are characterised by a dichotomy: disturbances or other exceptional situations emerge as different from daily work. The key challenge and motive for the trainees in the development of expertise is to achieve not only an adequate degree of competence but also to construct confidence in being able to cope with potential disturbance situations.

USBKey身份认证系统的设计与实现

系统地介绍了在研制开发利用计算机的标准USB接口及实现一种低成本、高可靠、简便易用、基于硬件(USBKey)的身份认证系统的过程中所攻克的关键技术及实现方法,包括用于实现实时监测用户是否在线的心跳机制、USBKey ID的惟一性方案、加密方案、用户的公钥、用户的私钥以及扰码的加密算法及记录方法、读码、写码、通信时的安全机制等.     

用ECDSA协议实现试卷分析系统数字签名的设计

为了适应高校新的培养和管理模式,设计了基于校园网的试卷分析系统.在该系统中,成绩和试卷分析内容的录入,由教师登录到试卷分析管理系统直接录入,然后加上数字签名,有效地防止了非法用户录入或者修改试卷分析的内容以及学生的成绩.由于椭圆曲线离散对数问题具有抗攻击性强、计算量小、处理速度快等优点,因此本文中的数字签名采用基于椭圆曲线的ECDSA协议,提高了系统的效率和安全性.     

Advanced Authentication Mechanisms for Identity and Access Management in Cloud Computing

Identity management is based on the creation and management of user identities for granting access to the cloud resources based on the user attributes. The cloud identity and access management (IAM) grants the authorization to the end-users to perform different actions on the specified cloud resources. The authorizations in the IAM are grouped into roles instead of granting them directly to the end-users. Due to the multiplicity of cloud locations where data resides and due to the lack of a centralized user authority for granting or denying cloud user requests, there must be several security strategies and models to overcome these issues. Another major concern in IAM services is the excessive or the lack of access level to different users with previously granted authorizations. This paper proposes a comprehensive review of security services and threats. Based on the presented services and threats, advanced frameworks for IAM that provide authentication mechanisms in public and private cloud platforms. A threat model has been applied to validate the proposed authentication frameworks with different security threats. The proposed models proved high efficiency in protecting cloud platforms from insider attacks, single sign-on failure, brute force attacks, denial of service, user privacy threats, and data privacy threats.     

基于运营商网络的零信任架构落地方案研究

本文介绍了零信任思想及相关概念,结合企业安全战略目标预期、现状调研、规划蓝图、规划设计等内容,提出了基于运营商现网建设情况的零信任架构解决方案,根据实际情况适当加强和补充了安全短板,建立以用户身份为中心,以终端设备、访问行为为决策要素的安全架构,总结出适合运营商网络的零信任架构的场景落地及推广建议。     

基于SET协议的一种身份认证新模型

SET是电子商务中最有生命力的一种标准 ,也提出了一种最为完善的身份认证模型 ,但极其复杂 ,计算量过大 .本文通过引入身份标识码和支付期有效码等概念 ,提出了一种身份认证新模型 ,减少了计算量 ,且确保了信息的安全性、完整性和不可抵赖性