排序方式: 共有119条查询结果,搜索用时 31 毫秒
1.
2.
3.
文章提出了针对“整合分级的RBAC访问控制”系统的改进模型。新模型充分发挥了基于角色和分级两套访问控制逻辑的优点,并通过引入XACML,有效地实现了策略管理和访问判决的标准化、统一化,在角色定义的基础上实现了两种逻辑的无缝整合。 相似文献
4.
P. Mazzoleni B. Crispo S. Sivasubramanian E. Bertino 《The Journal of supercomputing》2009,49(1):108-126
In this paper, we present a novel resource brokering service for grid systems which considers authorization policies of the
grid nodes in the process of selecting the resources to be assigned to a request. We argue such an integration is needed to
avoid scheduling requests onto resources the policies of which do not authorize their execution. Our service, implemented
in Globus as a part of Monitoring and Discovery Service (MDS), is based on the concept of fine-grained access control (FGAC) which enables participating grid nodes to specify fine-grained policies concerning the conditions under which grid
clients can access their resources. Since the process of evaluating authorization policies, in addition to checking the resource
requirements, can be a potential bottleneck for a large scale grid, we also analyze the problem of the efficient evaluation
of FGAC policies. In this context, we present GroupByRule, a novel method for policy organization and compare its performance with other strategies.
相似文献
E. BertinoEmail: |
5.
访问控制策略是PMI(授权管理基础设施)中的重要因素,它决定着PMI系统的灵活性和适应应用的能力。通过分析目前广泛存在的3种访问控制策略DAC、MAC及RBAC的优势与不足,提出了将三者有机结合、实现一种基于条件的访问控制策略。利用XACML语言对策略进行了描述,并对采用这种策略的PMI系统进行了设计和部分功能的实现。 相似文献
6.
面向Web服务的基于属性的访问控制研究 总被引:4,自引:1,他引:4
Web服务是一种新的面向服务的计算模式,由于其异构性、多域性和高度动态性,它提出了独特的安全挑战。一个关键的安全挑战就是要设计有效的访问控制机制。但目前存在的访问控制机制大多是基于身份的,存在严重的管理规模和控制粒度问题。本文提出利用基于属性的访问控制(Attribute-Based Access Control,ABAC)机制来处理Web服务的访问控制问题。ABAC采用相关实体的属性进行授权决策,能解决管理规模问题,并提供细粒度的控制。另外,文中对ABAC进行了建模,讨论了其应用,最后还给出了一种实施框架。 相似文献
7.
8.
Rafael Marín-LópezAuthor Vitae Fernando Pereñíguez Author VitaeGabriel López Author Vitae Alejandro Pérez-Méndez Author Vitae 《Computer Standards & Interfaces》2011,33(5):494-504
Kerberos is a well-known standard protocol which is becoming one of the most widely deployed for authentication and key distribution in application services. However, whereas service providers use the protocol to control their own subscribers, they do not widely deploy Kerberos infrastructures to handle subscribers coming from foreign domains, as happens in network federations. Instead, the deployment of Authentication, Authorization and Accounting (AAA) infrastructures has been preferred for that operation. Thus, the lack of a correct integration between these infrastructures and Kerberos limits the service access only to service provider's subscribers. To avoid this limitation, we design an architecture which integrates a Kerberos pre-authentication mechanism, based on the use of the Extensible Authentication Protocol (EAP), and advanced authorization, based on the standards SAML and XACML, to link the end user authentication and authorization performed through an AAA infrastructure with the delivery of Kerberos tickets in the service provider's domain. We detail the interfaces, protocols, operation and extensions required for our solution. Moreover, we discuss important aspects such as the implications on existing standards. 相似文献
9.
面向网络化制造系统的用户访问控制研究 总被引:6,自引:0,他引:6
针对网络化制造系统的安全和管理问题,集成了基于角色的访问控制(RBAC)、基于任务的访问控制(TBAC)、关系驱动的访问控制(RDAC),以及基于企业联盟的访问控制(CBAC)方法,提出了一种综合访问控制模型。模型包括网络化制造系统的用户和资源层次关系模型、访问控制参考模型和访问控制过程模型,定义了各模型中的相关元素和关系,给出了各级约束验证和授权的表达,并利用可扩展的访问控制标记语言(XACML)实现了该方法。在绍兴轻纺区域网络化制造系统中的应用结果表明,该方法有效地减轻了系统安全维护与管理的代价。 相似文献
10.
EPC IS在物联网中处于核心地位,它担负着对大量EPC数据和PML文件的处理解析任务.在传统的EPCIS的基础上,结合可扩展的访问控制高标识语言(XACML),提出了一种带权限管理的EPC IS设计方案,以解决企业之间互相访问EPC IS所带来的一系列安全问题.首先介绍了传统的EPC IS的架构和作用以及所带来的安全隐患,然后引入了XACML,重点分析如何实现权限管理,最后针对跨企业的供应链管理系统给出一个带权限管理的EPC IS设计方案. 相似文献