浅谈访问控制模型

随着面向服务架构(SOA)的出现以及企业信息化的迅速发展,企业应用系统的安全问题越来越重要,因此,必须为企业系统提供更有效的访问控制模型,分析一些流行的访问控制策略、访问控制机制和访问控制模型,然后对基于角色的访问控制模型进行改进。     

基于安全域的信息系统访问控制模型研究

本文通过对企业信息系统中基于角色的访问控制模型(RBAC,Role Based Access Control)的原理及优劣势分析,阐述一种新型的、基于安全域的访问控制模型。该模型在继承了RBAC模型通过角色简化权限访问控制过程的方法基础上,进一步细分操作对象和操作方式,将角色和操作方式封装为可被操作对象复用的安全域,以进一步降低权限管理复杂度。     

基于角色访问控制的分布式数据库管理系统模型

介绍分布式数据库应用系统结构及其安全性,提出基于角色的访问控制模型方法,分析基于角色的访问控制模型的原理和模型结构,利用这种方法能有效提高数据库安全性。并以干部管理系统为例对其做详细介绍。     

网络教育系统中访问控制技术需求分析及设计

针对网络教育系统结构特点，分析其访问控制需求，研究保证系统安全的基础上，针对其资源和用户的特点，改进基于角色的访问控制模型，力求使其能在增加系统安全的同时，简化系统管理。     

改进的基于角色的访问控制(RBAC)模型

在基于角色的访问控制(RBAC)模型的基础上,提出一种多级权限访问控制模型。该模型采用树形结构进行权限的多级分配,细化权限控制粒度,能够更加灵活地对系统进行访问控制,满足大多数系统的访问控制授权方案。     

探析基于角色的访问控制

基于角色访问控制(RBAC)是一种方便、安全、高效的访问控制机制和重要的信息安全技术,它在满足企业信息系统安全需求方面显示了极大的优势。因此,对RBAC模型进行深入的研究,剖析角色访问控制的原则,得出应遵循职责分离原则的结论。     

基于合约的Web服务个性化访问控制方法

在无中心Web服务环境中,用户访问服务的历史行为数据由多个服务提供方分散管理,难以形成全局的用户信任度视图,难以根据用户信任度和使用需求实施个性化的访问控制。本文提出一种基于智能合约的个性化访问控制方法(SC-PAC)。通过结合前期的研究成果为SC-PAC提供高质量的用户历史行为数据,实现有可靠数据保障的可信计算服务,通过智能合约中的策略配置及可信度计算模型参数调整,实现服务提供商(SP)对不同用户的个性化的访问控制。在实验环节为SC-PAC设计了一个新的信任模型,并对该信任模型及基于SC-PAC方法的访问控制进行了实验设计。对结果的分析表明,本文提出的SC-PAC方法能够允许SP通过智能合约中的计算信任模型、参数及访问控制策略选择,实现对用户的个性化访问控制,并且依据准确的用户历史行为数据提供更可靠的可信度判断,可以有效保护服务。     

RBAC在化学药品管理系统中的应用

在基于Web访问的管理信息系统中,系统的安全性问题至关重要。而采用基于角色访问控制(RBAC)模型可以有效地解决系统安全性问题。结合"化学药品管理"系统设计与实现,详细论述角色访问具体的安全机制,通过限制系统中各种角色对系统的操作,有效地解决了Web页面安全访问和控制数据库的问题。     

基于Petri网的信息系统强制访问控制模型研究

在安全级格模型、BLP、Biba安全模型的基础上,为解决信息系统对信息安全性的要求,针对传统BLP模型的多级安全策略并投有阻止信息的非法修改的弱点,利用现有Petri网数学模型,结合网络应用,对强制访问控制模型进行分析研究,对模型的安全性进行验证,实践证明,能够有效地改善信息系统的总体安全策略.     

一种异地协同设计中的安全策略

异地协同设计是典型的多用户参与的多任务系统,用户之间存在大量的协作过程。安全性是协同设计实施的关键问题。基于广域网协同设计系统的特点,提出了基于角色的多层强制访问控制和基于信息流的访问控制相结合的安全模型,讨论了该模型下的安全策略。     

A Cross-Tenant RBAC Model for Collaborative Cloud Services

Tenants in the cloud computing environment share various services, including storage, network, computing, and applications. For better use of services in the cloud computing environment, tenants collaborate in tasks, resulting in challenges to the traditional access control. This study proposes a cross-tenant role-based access control (CT-RBAC) model for collaborative cloud services. This model covers the CT-RBAC0, CT-RBAC1, CT-RBAC2, and CT-RBAC3 models. The model not only extends the RBAC model in the multi-tenant cloud computing mode but also includes four types of authorization modes among tenants. Consequently, the role inheritance constraint is increased, and fine-grained authorization access among trusted tenants is realized.     

Design of an access control module for an instrumentation gateway

This paper describes some of the preliminary work performed on a resource access control module for an instrumentation gateway. The access control module employs a variation of the popular role-based access control (RBAC) scheme described by various authors. The gateway has very little security; hence, any user able to log onto the system is able to control any resource. This module aims to implement a pluggable module whereby users are granted access to various parts of the system depending on their user rights, while giving the administrator a very powerful method of restricting access without sacrificing ease of administration.     

Controlling information access in workflow management systems using RBAC‐based model

Abstract

We developed an RBAC‐based model RBAC/WF (RBAC‐based workflow information access control) to control information access in workflow management systems. Primary features offered by the model are preventing workflow information leakage and adapting to dynamic role association change. This paper presents RBAC/ WF and proves that the model offers the mentioned features.     

Trusted P2P computing environments with role-based access control

A P2P computing environment can be an ideal platform for resource-sharing services in an organisation if it provides trust mechanisms. Current P2P technologies offer content-sharing services for non-sensitive public domains in the absence of trust mechanisms. The lack of sophisticated trust mechanisms in the current P2P environment has become a serious constraint for broader applications of the technology although it has great potential. Therefore in this work an approach for securing transactions in the P2P environment is introduced, and ways to incorporate an effective and scalable access control mechanism - role-based access control (RBAC) - into current P2P computing environments has been investigated, proposing two different architectures: requesting peer-pull (RPP) and ultrapeer-pull (UPP) architectures. To provide a mobile, session-based authentication and RBAC, especially in the RPP architecture, lightweight peer certificates (LWPCs) are developed. Finally, to prove the feasibility of the proposed ideas, the RPP and UPP RBAC architectures are implemented and their scalability and performance are evaluated     

电力LTE无线专网架构研究

电力通信接入网是电力通信网的重要组成部分,为智能电网建设提供全面的通信接入支撑。随着智能电网技术的发展与创新,迫切要求通过技术手段提升电网智能化运维水平,降低运维成本。同时,由于"互联网+"及"云技术"等新技术的应用,电力通信网络正发生着重大改变。随着配用电及光伏并网等数据采集量的不断增加,移动业务需求不断提升,接入网建设将成为通信网建设的重点和难点。该文通过研究电力3GPP长期演进（power long term evolution,LTE）无线技术的特点,以及在通信接入网等领域的应用,提出电力LTE无线专网整体网络架构,并深入研究电力LTE无线通信信道特性参数,结合目前已部署实施的电力LTE通信网络性能进行分析和测试,为电力终端通信接入网的统一建设和统一运维管理提供技术支撑,为LTE电力无线专网的推广应用奠定坚实基础。     

关于核农学创新的几点思考

文章简要介绍了我国核农学在诱变育种、核素示踪技术应用、食品辐照和辐射不育技术防治害虫等方面的研究成果和目前存在的主要问题,以及解决问题途径的思考与建议.文章认为我国的核农学正处在能否继续深入发展的关键时期,迫切需要通过加强学术创新和机制创新来提升我国核农学的发展速度与研究水平.文章强调我国核农学开展学术创新的重点应该是加强基础研究与应用基础研究,而支撑这个创新的关键点在于管理机制的创新.     

ac response of weakly superconducting structures

Measurements have been made of the ac response of the Notarys-Mercereau thin-film, weakly superconducting structure. Data on the maximum constant-voltage step size and the absolute amplitude of the applied signal necessary to achieve the maximum in step size are found to be consistent with an analytical model developed for this structure.This paper presents the results of one phase of research performed at the Jet Propulsion Laboratory, California Institute of Technology, sponsored by the National Aeronautics and Space Administration under Contract NAS 7-100.     

An algebraic approach for modelling organisation, roles and contexts in MAS

Governing the ever growing complexity of artificial systems on the one hand requires a number of expressive abstractions and different levels of interpretation, on the other hand suggests the adoption of formal / mathematical tools to (at least partially) model and predict the system behaviour. By adopting agent-oriented abstractions as the starting point, we argue that organisation, coordination and security all insist on the same conceptual space – that is, static / dynamic relations / interactions among agents –, which also represents one of the main sources of complexity for MAS, and for artificial systems in general, as well.The notion of ACC (agent coordination context) is used in this paper as the unifying core abstraction of a framework that encompasses all such issues, promoting the integration of organisation, coordination, and security. Such a framework, called RBAC-MAS, is expressed through a process algebraic model which integrates the classic organisational issues of role-based models (like RBAC) and the more recent works on interaction and coordination in MAS.     

基于Web服务的分布式仿真系统的双重访问控制

随着分布式仿真系统与Web服务技术的结合日益紧密,以及功能与资源分离的愈加明显,导致大量仿真资源暴露于网络中,传统、单一的访问控制模型已无法应对.为此提出了一种基于属性的针对功能和资源的双重访问控制模型,采用证书代理机制实现功能端单点登录,采用XACML实现资源端多属性的访问控制.详细描述了该模型的访问控制流程,目前已应用到虚拟采办系统中.通过对性能的分析和测试,证明了该双重访问控制模型的可用性和有效性.