dRBAC模型的安全分析

dRBAC模型是适应于动态结盟环境的分布式信任管理和访问控制机制,具有第三方委托、值属性和证书预定等三个特征.但dRBAC模型存在一些不足,体现在以下几个方面：委托的深度没有控制;委托链的循环搜索;角色的隐式提升;职责分离原则的违背等.本文针对dRBAC模型存在的问题进行了详细的讨论,提出了合理的解决方案,提高了dRBAC模型的安全性和实用性.     

基于Clark-Wilson的属性证书授权模型

本文采用Clark-Wilson完整型模型,使用属性证书作为权限传递的载体,结合授权管理基础设施（PMI）实现基于角色的授权模型,并提出一种形式化描述架构,描述权限、证书和相关的授权;基于语义的演算过程对给定的属性证书集和撤销证书集可以验证某种权限是否有效;采用Alloy形式化语言来定义模型,并且给出描述扩展Clark-Wilson的方法。     

基于LDAP的属性证书在企业中的应用

在实际中,存在多个应用供用户来访问,不同的用户只能访问相对应的应用。本文介绍了在实际应用中用LDAP来存储授权策略、PMI属性证书和属性证书撤销列表,实现了统一的管理授权策略和属性证书,保证了只有经过授权的用户才能访问某个特定的应用,并讨论了基于JNDI来访问LDAP服务器的方法。     

基于PKI、PMI的数字图书馆安全管理

为了解决网络应用系统的安全问题,需要对应用系统进行一定的改造。论文探讨了基于PKI和PMI的数字图书馆安全易管理模型,提出基于PKI和PMI技术体系的访问控制方案。使用公钥证书实现对用户的身份认证,使用属性证书实现用户的授权访问。     

基于角色访问控制的权限管理系统

介绍了一种基于角色的权限管理系统的架构.该架构使用X.509属性证书来存储用户角色.授权管理基础设施(PMI)具有权限的分配、委派、发布功能及访问控制请求的处理与决策功能,为整个系统提供统一的授权管理和访问控制服务,实现全系统统一的授权的访问控制策略与机制.     

基于PMI的OA安全模型设计与实现

鉴于OA系统中的非授权用户非法操作和合法用户的越权操作,以及PKI的公钥证书(PKC)只能提供身份验证,无法实现权限管理等问题,提出了一种基于PMI(权限管理基础设施)权限管理的OA安全模型.该模型使用PKI的公钥证书和PMI的属性证书进行身份验证和权限管理,防止了非法和越权操作,授权更具公正性和权威性.实践结果表明,该安全模型可以解决OA系统中用户的非授权访问、不可否认性和数据文件的保密性、完整性等安全性问题.     

电子政务基于属性证书的访问控制模型

随着我国电子政务的发展,如何保障电子政务中的资源信息不被非法访问已成为当务之急。如何进行用户对资源和服务使用的限制,决定主体是否对客体有权限进行某种操作,即对用户进行访问控制的问题信息安全研究中的重要方面。授权来源于访问控制,即先对用户进行授权,然后根据用户具有的权限来进行访问控制。属性证书包含了一系列用户的权限信息,所以属性证书可以看作是权限信息的载体。根据属性证书中用户的权限信息可以对用户访问资源进行控制,基干角色的访问控制(RBAC)是一种新兴的访问控制技术和理念,是将用户划分成与其职能和职位相符合的角色,根据角色赋予相应操作权限,以减少授权管理的复杂性,降低管理开销和为管理员提供一个比较好的实现复杂安全政策的环境,是传统的自主访问控制和强制访问控制的升级和替代。RBAC的建模和实现技术是目前RBAC技术研究的热点和难点。NRBAC模型是一种更接近现实情况的模型。基于属性证书和电子政务中存在的特殊要求和特点,结合RBAC96、ARBAC97模型以及NRBAC模型,构造了一个适合电子政务系统使用的基于角色的安全访问控制模型eGA-NRBAC;利用该访问控制模型解决了电子政务工程中授权管理系统和授权服务系统的工程化实现问题。测试和实际使用都证明了此访问控制模型的正确性、可行性和可靠性。     

企业级PMI系统的设计与实现

提出了一种采用基于角色访问控制(RBAC)的企业级PMI实现方案。使用公钥证书实现对用户的身份认证，使用属性证书实现对用户的授权访问，使用策略证书定制企业的安全策略，可以方便灵活地实现企业网络资源的安全访问控制。     

基于属性证书的PMI授权管理模型应用研究

公钥基础设旌PKI技术通过方便灵活的数字证书与密钥管理机制,解决了可信的身份问题。但是,仅仅依靠PKI机制无法完全满足大型分布式网络环境下授权管理和基于角色的访问控制等需求。该文在深入研究PMI及属性证书的基础上,提出了一个基于属性证书的PMI授权管理模型,并对模型的具体实现进行了研究。     

分布式环境下的访问控制*

介绍了授权管理系统PMI,它可以有效地解决在分布式环境下的授权和访问控制问题。讨论了有关PMI的一些关键性的技术,属性证书与公钥证书之间的关系以及PMI的实现方式,并提出将要进行的研究工作。     

Crab walking of quadruped robots with a locked joint failure

Fault tolerance is an important aspect in the development of control systems for multi-legged robots since a failure in a leg may lead to a severe loss of static stability of a gait. In this paper, an algorithm for tolerating a locked joint failure is described in gait planning for a quadruped robot with crab walking. A locked joint failure is one for which a joint cannot move and is locked in place. If a failed joint is locked, the workspace of the resulting leg is constrained, but legged robots have fault tolerance capability to continue walking maintaining static stability. A strategy for fault-tolerant gaits is described and, especially, a periodic gait is presented for crab walking of a quadruped. The leg sequence and the formula of the stride length are analytically driven based on gait study and robot kinematics. The adjustment procedure from a normal gait to the proposed fault-tolerant crab gait is shown to demonstrate the applicability of the proposed scheme.     

A systemic approach to integrated E-maintenance of large engineering plants

Large engineering plants (LEPs) have certain unique features that necessitate a maintenance strategy that is a combination of both time and condition based maintenance. Although this requirement is appreciated to varying degrees by asset owners, applied research leading to a systematic development of such a maintenance strategy is the need of the day. Such a strategy should also adopt a wholesome ``systemic' approach so that the realization of the overall objectives of maintenance is maximized. E-maintenance has several potential benefits for large engineering plants. In this paper, a three pronged strategy is suggested for the successful implementation of e-maintenance for LEPs. Firstly, an integrated condition and time based maintenance framework is proposed for LEPs. Secondly, reference is drawn to models for condition and time based maintenance at systemic levels. As a part of the ab initio development of a condition monitoring system for a LEP, one of the characteristics of the condition monitoring system, namely, predictability, is discussed in detail as a sample for a systemic study. Thirdly, emphasis is laid on the information and expertise available in the domain of plant design, operation and maintenance and the same is tapped for incorporation in maintenance decision making.     

A method of stepwise benchmarking for inefficient DMUs based on the proximity-based target selection

DEA is a useful nonparametric method of measuring the relative efficiency of a DMU and yielding a reference target for an inefficient DMU. However, it is very difficult for inefficient DMUs to be efficient by benchmarking a target DMU which has different input use. Identifying appropriate benchmarks based on the similarity of input endowment makes it easier for an inefficient DMU to imitate its target DMUs. But it is rare to find out a target DMU, which is both the most efficient and similar in input endowments, in real situation. Therefore, it is necessary to provide an optimal path to the most efficient DMU on the frontier through several times of a proximity-based target selection process. We propose a dynamic method of stepwise benchmarking for inefficient DMUs to improve their efficiency gradually.The empirical study is conducted to compare the performance between the proposed method and the prior methods with a dataset collected from Canadian Bank branches. The comparison result shows that the proposed method is very practical to obtain a gradual improvement for inefficient DMUs while it assures to reach frontier eventually.     

LIY: learn-it-yourself software interfaces

An increasing number of people are becoming users of unfamiliar software. They can be genuinely "new" computer users or part of a growing group who are transferring skills and knowledge from a familiar product such as a word processor to a functionally similar, but different, unfamiliar one. The problem for users in this position is that they do not have access to training courses to teach them how to use such software and are usually forced to rely on text-based documentation. LIY is a method for producing computer-based tutorials to teach the user ofasoftware product.This paper describes how LIY is, in turn, (1) a method for application system design which recognizes the need for tutorial design (a task analysis and user interface specification provide information structures that are passed to the tutorial designer); (2) a support environment for the tutorial designer (in addition to prompting for courseware for nodes in the task analysis, LIY provides a ready-made rule base for constraining the degree of learner control available while the tutorial is in use. The designer is able to tailor this rule base for a specific tutorial); and (3) a tutorial delivery environment (the tutorial adapts to individual learners and offers a degree of learner control).     

On exponential observers for nonlinear systems

The aim of the paper is to identify the class of nonlinear systems that have exponential observers - a concept introduced by previous authors. It is shown that a necessary condition for the existence of an exponential observer for a nonlinear system is that the corresponding linearized system is detectable, and for local exponential stabilization problems, the condition is also sufficient.This paper gives also a theorem on the separation property for the exponential design problem, and it enables us to tell exactly to what extent the classical local linearization approach is applicable.     

A Shortest Path Based Path Planning Algorithm for Nonholonomic Mobile Robots

A path planning algorithm for a mobile robot subject to nonholonomic constraints is presented. The algorithmemploys a global- local strategy, and solves the problem in the 2D workspace of the robot, without generating the complexconfiguration space. Firstly, a visibility graph is constructed for finding a collision-free shortest path for a point. Secondly,the path for a point is evaluated to find whether it can be used as a reference to build up a feasible path for the mobile robot.If not, this path is discarded and the next shortest path is selected and evaluated until a right reference path is found. Thirdly,robot configurations are placed along the selected path in the way that the robot can move from one configuration to the nextavoiding obstacles. Lemmas are introduced to ensure that the robot travels using direct, indirect or reversal manoeuvres. Thealgorithm is computationally efficient and runs in time O(nk + n log n) for k obstacles andn vertices. The path found is near optimal in terms of distance travelled. The algorithm is tested in computersimulations and test results are presented to demonstrate its versatility in complex environments.     

Distributed multi-join query processing in data grids

Query processing in data grids is a difficult issue due to the heterogeneous, unpredictable and volatile behaviors of the grid resources. Applying join operations on remote relations in data grids is a unique and interesting problem. However, to the best of our knowledge, little is done to date on multi-join query processing in data grids. An approach for processing multi-join queries is proposed in this paper. Firstly, a relation-reduction algorithm for reducing the sizes of operand relations is presented in order to minimize data transmission cost among grid nodes. Then, a method for scheduling computer nodes in data grids is devised to parallel process multi-join queries. Thirdly, an innovative method is developed to efficiently execute join operations in a pipeline fashion. Finally, a complete algorithm for processing multi-join queries is given. Analytical and experimental results show the effectiveness and efficiency of the proposed approach.     

A Lagrange duality characterisation for stability under arbitrary switching in switched positive linear systems

The present communication is concerned with uniform exponential stability, under arbitrary switching, in discrete-time switched positive linear systems. Lagrange duality is used in order to obtain a new characterisation for uniform exponential stability which is in terms of sets of inequalities involving each of the matrices that represent the modes of the system. These sets of inequalities are shown to generalise the classical linear Lyapunov inequality that characterises, in positive matrices, the property of being Schur. Each solution to these sets of inequalities is shown to provide a representation, in terms of a number of linear functionals, for a common Lyapunov function for the switched positive linear system. A result is further presented which conveys to, a conservative upper bound on the minimum required number of linear functionals (in the above mentioned representation), and also to a method for computing them. Our proof for the aforementioned characterisation is based on another (equivalent) characterisation, in terms of the solvability of a dynamic programming equation associated to the switched positive linear system, which is also reported in the paper. In particular, it is shown that the associated dynamic programming equation has at most one solution. And this solution is shown to be convex, monotonic, positively homogeneous, and it yields a common Lyapunov function for the switched positive linear system.     

The design of optimal sampling schemes for local estimation and mapping of of regionalized variables—I: Theory and method

Surveys of materials at the earth's surface, especially soil, can be planned to make the best use of the resources for survey or to achieve a certain minimum precision provided the nature of spatial dependence is known already. A method is described for designing optimal sampling schemes. It is based on the theory of regionalized variables, and assumes that spatial dependence is expressed quantitatively in the form of the semi-variogram. It assumes also that the maximum standard error of a kriged estimate is a reasonable measure of the goodness of a sampling scheme. By sampling on a regular triangular grid, the maximum standard error is kept to a minimum for any given sampling, but a square grid is approximately equivalent where variation is isotropic. Given the semi-variogram for a variable, the sampling density for any prescribed maximum standard error is determined. Where variation is geometrically anisotropic, the same method is employed to determine sample spacing in the direction of maximum change, and the grid mesh elongated in the perpendicular direction in proportion to the anisotropy ratio.