共查询到20条相似文献,搜索用时 171 毫秒
1.
《现代电子技术》2018,(1):147-151
针对交互式电子技术手册应用中的管理和安全保密需求,在分析传统访问控制模型的基础上,提出基于型号装备-角色的访问控制模型。该模型包括用户、型号装备、装备用户、角色、权限、操作访问控制规则、数据访问控制规则等,支持功能操作权限和数据权限分离,支持以型号装备结构为基础的细粒度数据访问控制以及以角色、装备用户为基础的功能操作访问控制定义和管理,给出了权限定义和权限计算方法。根据IETM的功能及数据访问控制需求,对交互式电子技术手册访问控制进行软件功能、控制流程及数据模型设计。采用J2EE及Web Service技术开发模块组件,实现交互式电子技术手册层级式、细粒度访问控制。 相似文献
2.
3.
多级安全数据库的安全策略需要各种模型来表达,访问控制模型是其中之一.强制访问控制(MAC)模型保证多级数据库中的信息流动符合系统的安全策略.利用基于角色的访问控制(RBAC)来实现MAC能方便多级安全数据库的权限管理.提出了一种MAC与RBAC的综合模型,定义了多级角色与内部角色的概念,并给出了综合模型中经过修改后的操作,使得系统能自动地完成符合强制访问控制策略的用户权限的管理.该模型方便了管理员的权限管理,适合用户较多,安全层次比较复杂的多级关系数据库系统.最后给出了模型的部分实现机制. 相似文献
4.
5.
针对CSCW系统的特点及其对用户访问控制的特殊要求,本文在RBAC(基于角色的访问控制)模型的基础上进行了优化,并引入Command设计模式,设计并实现了分级、细粒度的权限管理模型.该模型结合用户权限驱动的动态多级导航,在很大程度上提高了CSCW系统的易用性.系统的实现基于统一的基类,大大提高了代码复用,几乎无需修改现有程序就可以把本系统无缝的集成到现有CSCW系统中.实验证明,该方案不仅可以满足大中型CSCW系统对权限管理的需求,而且能随组织结构或安全需求的变化而变化,具有很好的灵活性和可操作性. 相似文献
6.
基于角色的访问控制(RBAC)主要研究将用户划分成与其在组织结构体系相一致的角色,是一种解决统一资源访问控制的有效方法.然而,大型煤矿ERP系统中涉及了大量的资源和用户,这些资源和用户还处于不断的变化中.传统的RBAC模型难以满足大型ERP在权限管理时复杂多变、灵活快捷的要求.在研发一个大型国有煤矿权限系统的过程中,提出了一种扩充的RBAC动态权限管理模型,引进用户组、权限组来强化角色的权限分配,大大增强了大型ERP对权限管理的便捷性和灵活性. 相似文献
7.
8.
基于角色的访问控制是目前应用在系统控制用户访问中比较主流的一门技术。在此针对医疗系统的特点,在基于角色的访问控制模型的基础上,分析医疗系统中的访问主体和客体,引入角色,将权限和角色相关联,重点研究不同用户对记录的访问控制,提出一个访问控制算法,通过分配用户适当的角色,然后授予用户适当的访问权限,使用户和访问权限逻辑分离,从而提高了在医疗系统中权限分配和访问控制的灵活性与安全性。 相似文献
9.
10.
11.
现有的PMI矩阵控制模型都是针对用户本身绑定权限、颁发属性证书,忽略了用户所处终端环境的安全性,容易给对安全性要求较高的网络资源留下安全隐患。文章通过引入安全评估,提出了一种基于终端环境安全的PMI访问控制模型,可以很好地解决上述问题。 相似文献
12.
卿昱 《信息安全与通信保密》2008,(8):89-93
随着计算机应用系统的日益庞大,用户身份认证、访问控制和权限管理成为应用系统安全关注的焦点。如何结合PKI、PMI技术为应用系统提供一种统一的身份认证、授权管理和访问控制是论文想要探讨的问题。文中介绍了一种基于PKI的PMI授权管理访问控制模型,并提出了基于属性证书实现访问控制的方法。 相似文献
13.
文章利用PKI/PMI技术,设计了一个Web应用安全整体方案,实现身份认证和访问控制功能,采用基于角色的访问控制思想,将属性证书分为角色分配证书和角色规范证书,分别用来表示用户的角色和角色对应的权限,并通过在校园网中的应用来说明具体身份认证和安全访问控制的实现方法。 相似文献
14.
Motta G.H.M.B. Furuie S.S. 《IEEE transactions on information technology in biomedicine》2003,7(3):202-207
The design of proper models for authorization and access control for electronic patient record (EPR) is essential to a wide scale use of EPR in large health organizations. In this paper, we propose a contextual role-based access control authorization model aiming to increase the patient privacy and the confidentiality of patient data, whereas being flexible enough to consider specific cases. This model regulates user's access to EPR based on organizational roles. It supports a role-tree hierarchy with authorization inheritance; positive and negative authorizations; static and dynamic separation of duties based on weak and strong role conflicts. Contextual authorizations use environmental information available at access time, like user/patient relationship, in order to decide whether a user is allowed to access an EPR resource. This enables the specification of a more flexible and precise authorization policy, where permission is granted or denied according to the right and the need of the user to carry out a particular job function. 相似文献
15.
In order to solve the problem that Hadoop cloud platform could not dynamically control user access request,a Hadoop cloud dynamic access control model based on user behavior assessment (DACUBA) was proposed.The model first collected the user instruction sequence in real time and the user behavior contour was obtained by parallel command sequence learning (PCSL).Then the global K model was established by using the forward profile,the subsequent sequence was classified and the classification results were evaluated.The evaluation results were combined with the improved Hadoop access control mechanism to make the cloud platform users’ access rights change dynamically with their own behaviors.Experimental results demonstrate that the model algorithm is effective and the dynamic access control mechanism is feasible. 相似文献
16.
张春琴 《信息安全与通信保密》2011,(6):72-74
由于移动自组织网络(MANET)的分布式、多跳和自组织的特点,使得节点的身份无法区分,导致恶意节点与自私节点大量存在,接入和访问权限控制成为这个网络结构安全性能的一个瓶颈,而日趋成熟的PKI/PMI(公钥基础设施/授权管理基础设施)体系能够在这方面提供必要的安全平台支撑。这里基于PKI/PMI分析了其在MANET中的应用前景,并根据MANET的特点对原有的模型进行了研究。 相似文献
17.
Achieving distributed user access control in sensor networks 总被引:1,自引:0,他引:1
User access control in sensor networks defines a process of granting user an access right to the stored information. It is essential for future real sensor network deployment in which sensors may provide users with different services in terms of data and resource accesses. A centralized access control mechanism requires the base station to be involved whenever a user requests to get authenticated and access the information stored in the sensor node, which is inefficient, not scalable, and is exposed to many potential attacks along long communication paths. In this paper, we propose a distributed user access control under a realistic adversary model in which sensors can be compromised and user may collude. We split the access control into local authentication conducted by a group of sensors physically close to a user, and a light remote authentication based on the endorsement of the local sensors. We implement the access control protocols on a testbed of TelosB motes. Our analysis and experimental results show that our schemes are feasible for real access control requirements. 相似文献
18.
一种基于属性证书和角色的访问控制模型 总被引:3,自引:2,他引:3
基于角色的访问控制是安全系统中保护资源的有效手段之一.基于对面向对象RBAC模型的分析,引入PMI属性证书,提出一种面向对象的访问控制模型AC-ORBAC,给出形式化描述,该模型通过属性证书实现角色授权访问控制,使访问控制的管理更为灵活,对职责分离进行了讨论.同时结合PKI实现了一种面向对象的基于角色和属性证书的访问控制方法. 相似文献
19.
虽然UCON模型包含了传统访问控制、信任管理、DRM三个问题领域,是下一代访问控制技术的发展方向,但是它不能解决空间数据库系统和基于移动用户位置的信息服务系统中空间动态授权。本文将空间授权规则引入到UCON模型中,提出了一个支持空间特性的面向使用的访问控制模型GEO—UCON,并给出了在空间环境下的授权规则,扩展了传统的UCON模型的空间安全描述能力。 相似文献
20.
Meriem Zerkouk Paulo Cavalcante Abdallah Mhamed Jerome Boudy Belhadri Messabih 《Mobile Networks and Applications》2014,19(3):392-403
With the growing proportion of dependant people (ageing, disabled users), Tele-assistance and Tele-monitoring platforms will play a significant role to deliver an efficient and less-costly remote care in their assistive living environments. Sensor based technology would greatly contribute to get valuable information which should help to provide personalized access to the services available within their living spaces. However, current access control models remain unsuitable due to the lack of completeness, flexibility and adaptability to the user profile. In this paper, we propose a new access control model based on the user capabilities and behavior. This model is evaluated using the data sensed from our tele-monitoring platform in order to assist automatically the dependent people according to the occurred situation. The design of our model is a dynamic ontology and evolving security policy according to the access rules that are used in the inference engine to provide the right service according to the user’s needs. Our security policy reacts according to the detected distress situation derived from the data combination of both the wearable devices and the pervasive sensors. The security policy is managed through the classification and reasoning process. Our classification process aims to extract the behavior patterns which are obtained by mining the data set issued from our Tele-monitoring platform according to the discriminating attributes: fall, posture, movement, time, user presence, pulse and emergency call. Our reasoning process aims to explore the recognized context and the extracted behavior patterns which set up the rule engine to infer the right decision security policy. 相似文献