协同环境中基于RBAC模型的访问控制策略

协同系统具有动态性和群体性的特点,其权限管理比传统软件系统复杂。传统数据库系统中的访问控制机制比较简单,远不能满足协同系统的要求。针对共享资源访问控制策略的授权方式复杂、授权粒度不细致的问题,引入角色机制,把角色访问并发控制策略应用到系统中,设计基于角色的系统功能权限的位映射算法。该算法降低了授权管理的复杂性,增强了系统安全性。     

面向用户角色的细粒度自主访问控制机制

基于访问控制表(ACL)的细粒度自主访问控制机制可以实现针对单个用户或用户组的访问授权,但是在实际使用中可能造成不适当授权或权限撤销不及时的缺陷.基于可信Kylin操作系统的角色定权(RBA)机制,在自主授权中引入了用户角色约束,提出了一种面向用户角色的细粒度自主访问控制机制,实现了针对单个用户在承担特定角色时的访问授权,一旦用户不再承担该角色,访问授权可以及时撤销,有效解决了ACL不适当授权的问题.     

基于RBAC的B/S系统访问控制设计与实现

基于角色的访问控制模型RBAC通过引入角色实现了用户和访问控制权限的逻辑分离,简化了系统授权过程,提高了权限管理模块的可重用性,是当前信息系统权限管理的主流策略。基于RBAC设计实现了一个B/S系统下通用的权限管理模块,通过客户端脚本控制页面访问操作,支持部分页呈现。     

基于角色-权限的普适计算受限委托方法

针对普适计算跨区域访问控制中的委托授权限制问题,在角色-权限分配中根据权限的重要程度关联信任阈值和访问时间限制,设计了一种基于角色的访问控制(RBAC)模型的以角色-权限为委托单位的受限委托方法。通过证明执行模型与委托条件的一致性,表明该方法能够满足普适计算权限委托限制的要求,可以灵活地支持基于角色-权限的临时性和可执行角色集的依赖性。     

基于认证可信度的用户权限控制技术研究

认证可信度体现了用户身份的可信程度。本文基于用户认证可信度实施用户登录限制、用户角色获取限制及角色强制访问控制策略权限限制,提出了基于认证可信度的用户权限控制技术。将认证可信度与用户访问系统结合,要求用户访问系统必须具有相应的认证可信度,具有重要身份的用户必须通过重要的身份认证机制的认证。在角色定权中结合认证可信度,根据用户认证可信度确定用户可以激活的角色,确定角色被激活后的访问控制权限,并参与到各强制访问控制策略实施中,真正实现认证与访问授权的有机统一,解决权限的不当获取。最后指出了进一步研究的内容。     

基于TRBAC的协同设计动态访问控制

针对协同设计过程中由于任务执行的动态性承担任务的角色与权限之间的动态分配问题,在协同设计访问控制中引入任务关联,提出一种基于任务/角色的动态访问控制模型TRBAC,给出TRBAC的形式化描述。论述基于TRBAC的协同设计动态访问过程,设计其访问授权及控制算法。以凸轮组协同设计为例,通过引入TRBAC模型,实现其动态访问控制。     

一种基于活动序列的协同设计访问控制模型

为了确保在多用户协同设计环境中对文档及视图访问权限的动态分配与回收、提出了基于活动序列的访问控制模型,采用赋色Petri网描述并实现了模型中活动序列依赖关系约束、角色构造、分配与回收,权限冲突检测等功能。该模型将共享的文档和视图空间按照活动序列划分,把角色分配、回收与活动序列相关联,解决了使用单用户设计软件协同设计中授权用户对访问对象具有持久权限的问题。最后,以协作角色申请过程为例,说明了模型是如何实现访问权限动态分配与回收,以此说明该模型能够适应协同设计中权限随活动变化的访问控制需求。     

工作流系统中授权控制模型设计与实现

工作流技术是实现企业信息管理系统的核心技术之一,授权控制是保证工作流系统中信息安全的一种重要手段.本文在对几种授权控制模型研究的基础上,选择了基于角色的访问控制作为工作流系统的授权控制模型.基于角色的授权实现了用户与访问权限的逻辑分离,方便了权限管理;通过不同授权粒度实现了对企业各种资源分配和访问.     

基于角色的访问控制

基于角色的访问控制(RBAC)是一个最新的授权方案。它通过分配和取消角色来完成用户权限的授予和取消,并且提供角色分配规则。整个访问控制过程被分成两个部分,即访问权限与角色相关联,角色再与用户关联,从而实现了用户与访问权限的逻辑分离。它比强制访问控制(MAC)和自主访问控制(DAC)更适用于非军事的数据处理。本文从以下几方面介绍了基于角色的访问控制:概述,定义,最小特权策略,职责分离和结论。     

B/S应用系统中的细粒度权限管理模型①

针对B/S模式下的油库网络信息系统的实际需求,为提高用户权限管理的动态性和授权访问的安全性,结合基于角色的访问控制原理,提出了一种在B/S应用系统中针对用户人员复杂、职务变动频繁特点的细粒度权限管理模型。该模型把资源的访问权限按细粒度分解,实现了由粗到细,不同级别的权限控制,既可进行角色授权也可直接用户授权,大大改善了用户权限管理的灵活性和可扩展性。     

A note on a problem on ω-limit sets of N–dimensional skew-product maps

In 2003, Balibrea et al. stated the problem of finding a skew-product map G on 𝕀³ holding ω _G ={0}×𝕀²=ω _G (x, y, z) for any (x, y, z)∈𝕀³, x≠0. We present a method for constructing skew-product maps F on 𝕀 ⁿ⁺¹ holding ω _F ={0}×𝕀 ⁿ =ω _F (x ₁, x ₂, …, x _n+1), (x ₁, x ₂, …, x _n+1)∈𝕀 ⁿ⁺¹, x ₁≠0.     

Asymptotic relation of M- and P-estimators of location

Let T_n and M_n be the P-estimator (Pitman-like estimator) and M_n the M-estimator of the location parameter θ, respectively, both generated by function ρ with the derivative ψ=ρ: It is demonstrated that, under some assumptions on the underlying distribution function F, the difference M_n-T_n is of the order o_p(n^-1/2) in the case of Huber's function ψ. It is further shown that M_n-T_n=o_p(n^-1) if ψ is sufficiently smooth.     

A transformation of non-linear dynamical systems with a single singular singularly perturbed differential equation†

Singularly perturbed state differential equations of the form [xdot] = f(x, z, t, ?), x(t₀, ?) = x₀(?); μ(?)? = g(x, z, t, ?), z(t₀ ?) = z₀(?) with lim μ(?) = 0; ?, μ > 0 are considered, where the nominal equation 0 = g(x, z, t, 0)^{? → ∞} does not have to be solvable for z. A fairly general transformation of the above system into a form [xdot]^* = f ^*(x^*, z, t; z(1),...,z^(d?1), ? ); μ^*(?)z^(d)= g^*(x^*. z(⁰),...z^(d?1), t; ?), with dim x^* = dim x ?(d ? 1), d ? 1 is proposed. The transformed system stands a better chance of being analysed by existing methods (especially by those proposed by Hoppensteadt (1971) and Hoppensteadt and Mi ranker (1976)) than the original singular singularly perturbed form. Informative examples are presented.     

On reducing the number of states in a PDA

A transformation is presented which converts any pushdown automaton (PDA)M ₀ withn ₀ states andp ₀ stack symbols into an equivalent PDAM withn states and n ₀ /n² p ₀ stack symbols into an equivalent ofn, 1n ₀. This transformation preserves realtime behavior but not derterminism. The transformation is proved to be the best possible one in the following sense: for each choice of the parametersn ₀ + 1 stack symbols for any desired value realtime PDAM ₀ such that any equivalent PDAM (whether realtime or not) havingn states must have at least (n ₀ /n)² p₀ stack symbols. Furthermore, the loss of deterministic behavior cannot be avoided, since for each choice ofn ₀ andp ₀, there is a deterministic PDAM ₀ such that no equivalent PDAM with fewer states can be deterministic.This research was supported in part by the National Science Foundation under Grants MCS76-10076 and MCS76-10076A01.     

A generalization of the Schützenberger product of finite monoids

For each n?1, an n-ary product ? on finite monoids is constructed. This product has the following property: Let Σ be a finite alphabet and Σ¹ the free monoid generated by Σ. For i = 1, …,n, let A_i be a recognizable subset of Σ¹, M(A_i) the syntactic monoid of A_n and M(A₁?A_n) the syntactic monoid of the concatenation product A₁?A_n. Then M(A₁?A_n)< ? (M(A₁),…,M(A_n)). The case n = 2 was studied by Schützenberger. As an application of the generalized product, I prove the theorem of Brzozowski and Knast that the dot-depth hierarchy of star-free sets is infinite.     

Sylvester–Habicht Sequences and Fast Cauchy Index Computation

In this paper we show how Schönhage’s strategy for computing continued fractions (Schönhage 1971) can be combined with the theory of sub-resultants (Habicht, 1948; Collins, 1967; Brown, 1971; Brown and Traub, 1971; Loos, 1982; Gonzalez et al., 1990, 1994; Ducos, 1996; Ho and Yap, 1996; Lazard, 1998; Quitté, 1998) in order to compute the Cauchy index of a rational function or the signature of a non-singular Hankel matrix in a fast and also storage efficient way. Over the integers our algorithms have bit complexityO (M(d, σ) ·log(d)) withσ = O(dτ) where M(d,σ )  = O(dσ·log(dσ) ·loglog(dσ)) is Schönhage’s bound for multiplication of integer polynomials of degrees bounded by d and bit size bounded by σ in the multi-tape Turing machine model (Schönhage, 1982). Thus our bound isO(d²τ·log(dτ) ·loglog(dτ) ·log(d)).As a byproduct of the necessary analysis we obtain a refinement of the Sub-resultant Theorem. We present a new exact divisibility for sub-resultants in the defective case which extends the formulæ for the non-defective situation in a natural way. We also prove that the size of coefficients in the ordinary remainder sequence is quadratic in d.     

A new quantum claw-finding algorithm for three functions

Fork functionsf ₁, ...f _k, ak-tuple (x ₁, ...x _k) such thatf ₁(x ₁)=...=f _k(x _k) is called a claw off ₁, ...,f _k. In this paper, we construct a new quantum claw-finding algorithm for three functions that is efficient when the numberM of intermediate solutions is small. The known quantum claw-finding algorithm for three functions requiresO(N ^7/8 logN) queries to find a claw, but our algorithm requiresO(N ^3/4 logN) queries ifM ≤ √N andO(N ^7/12 M ^1/3 logN) queries otherwise. Thus, our algorithm is more efficient ifM≤N ^7/8. Kazuo Iwama, Ph.D.: Professor of Informatics, Kyoto University, Kyoto 606-8501, Japan. Received BE, ME, and Ph.D. degrees in Electrical Engineering from Kyoto University in 1978, 1980 and 1985, respectively. His research interests include algorithms, complexity theory and quantum computation. Editorial board of Information Processing Letters and Parallel Computing. Council Member of European Association for Theoretical Computer Science (EATCS). Akinori Kawachi: Received B.Eng. and M.Info. from Kyoto University in 2000 and 2002, respectively. His research interests are quantum computation and distributed computation.     

All Pairs Shortest Distances for Graphs with Small Integer Length Edges

There is a way to transform the All Pairs Shortest Distances (APSD) problem where the edge lengths are integers with small (?M) absolute value into a problem with edge lengths in {−1, 0, 1}. This transformation allows us to use the algorithms we developed earlier ([1]) and yields quite efficient algorithms. In this paper we give new improved algorithms for these problems. Forn=|V| the number of vertices,Mthe bound on edge length, andωthe exponent of matrix multiplication, we get the following results: 1. A directed nonnegative APSD(n, M) algorithm which runs inO(T(n, M)) time, where[formula]2. A undirected APSD(n, M) algorithm which runs inO(M^(ω+1)/2n^ωlog(Mn)) time.     

On Nonnegative matrices generating a finite multiplicative monoid

Square nonnegative matrices with the property that the multiplicative monoid M(A) generated by the matrix A is finite are characterized in several ways. At first, the least general upper bound for the cardinality of M(A) is derived. Then it is shown that any square nonnegative matrix is cogredient to a lower triangular block form with the diagonal consisting of three blocks L, A ₀, and M where L and M are strictly lower triangular, A ₀ has no zero rows or columns, and M(A) is finite if and only if. M(A ₀) is so. Several criteria for, M(A ₀) to be finite are presented. One of the normal forms of A applies very well to the characterization of the nonnegative solutions of each of the matrix equations X ^k = 0, X ^k = 1, X ^k = X, and X ^k = X ^T where k > 1 is an integer. It also leads to a polynomial time algorithm for deciding whether or not M(A) is finite, if the entries of A are nonnegative rationals.