共查询到19条相似文献,搜索用时 343 毫秒
1.
Kapadia等人提出的IRBAC2000模型是在基于角色的访问控制(role-based access control,RBAC)模型基础上,通过角色互联和动态角色转换实现管理域间的互操作.职责分离是RBAC模型3个基本安全原则之一,而IRBAC2000模型没有考虑静态职责分离可能会造成域中静态互斥角色约束违反问题.在相关研究基础上分析了该问题,提出一种新颖的基于Petri网模型的分析方法,该方法相比以前文献中的方法简单、直观.给出了根据IRBAC2000模型构造对应Petri网的算法,基于该图形化模型可直观表示IRBAC2000模型,分析和给出了IRBAC2000违反静态互斥角色(static mutual exclusive roles,SMER)约束的充分必要条件和检测算法,通过一个实例分析验证了其有效性与正确性.为了在进行角色关联和用户/角色分配操作时不会违反SMER约束,也基于Petri网分析讨论了执行两种管理操作保证安全的先决条件,为IRBAC2000模型的安全性提供了安全保证机制. 相似文献
2.
职责分离在信息系统中的实现 总被引:1,自引:0,他引:1
在信息系统中,进行合理的访问控制才可实现职责分离原则.在RBAC模型的基础上,深入探讨了互斥权限、互斥用户和互斥角色在分配关系上的各种约束.提出设置分配监管员对系统管理员的分配操作进行审计,避免系统管理员随意分配权限、角色,从而更有效地实现职责分离原则. 相似文献
3.
4.
5.
刘杰 《网络安全技术与应用》2010,(3):48-51
本文针对现有基于角色访问控制RBAC(Role_based Access Control)模型中权限分配过于复杂,以及动态性方面的不足,从实现的角度提出了一种改进的模型。通过引入用户组的概念使具有相同权限的用户加入到同一个组,然后将权限分配给该用户组,简化权限分配及管理。采用构建时约束与运行时约束相结合的方法来增加模型的动态性。最后对该改进模型进行实现。 相似文献
6.
7.
安全互操作是实现跨管理域的资源共享与保护的关键技术. Kapadia等人的IRBAC2000模型提供了一种灵活的通过角色关联和动态角色转换实现安全互操作的方法..廖俊国等人指出该模型可能违反静态互斥角色约束,对问题的原因进行了分析,提出了约束违反检测算法和添加角色关联的先决条件.首先指出廖俊国等人关于约束违反原因的分析是片面的,其检测算法和先决条件也不能保证系统不会违反约束;然后指出在给定角色关联的前提下,外域的用户/角色分配是造成约束违反的根本原因;进而提出动态角色转换违反静态互斥角色约束的充要条件和约束违反检测算法;给出了添加角色关联和用户/角色分配的先决条件,保证了模型状态始终满足静态互斥角色约束. 相似文献
8.
现有自底向上的角色工程方法挖掘规模庞大,挖掘结果存在冗余,且不能反映系统功能的安全需求。为优化角色结果,针对角色优化中的互斥约束问题,结合枚举角色挖掘,提出一种基于互斥权限约束的角色挖掘优化方法。利用用户聚类元组及互斥约束优化角色挖掘过程,通过角色职责分离对安全约束的合理性进行分析,采用矩阵分析法调整已挖掘权限的矩阵单元值,挖掘优化角色以覆盖所有权限。实验结果表明,通过权限覆盖分析法辅助挖掘的优化角色结果能够保证挖掘过程的完整性;与枚举挖掘法相比,该方法能够保证信息系统的安全性,降低角色结果的冗余度。 相似文献
9.
10.
针对单纯的RBAC模型在动态授权、细粒度授权等方面存在的不足,将属性与RBAC相结合并保持RBAC以角色为中心的核心思想,提出了两者结合的混合扩展访问控制模型HARBAC。模型支持基于属性的用户-角色分配、角色-权限分配、角色激活、会话角色权限缩减和权限继承等动态访问控制功能。对模型的元素、关系、约束和规则等进行了形式化描述。通过引入权限过滤策略对会话角色的有效权限进行进一步控制,分析研究了基于属性的会话权限缩减方法。应用实例表明HARBAC模型可有效实现动态授权和细粒度授权。HARBAC模型可与传统RBAC无缝集成,并在遵循其最小特权和职责分离等安全原则的基础上,有效降低了管理复杂度,支持灵活、动态、可扩展的细粒度访问控制。 相似文献
11.
Julio Ariel Romero Pérez Roberto Sanchis Llopis 《International journal of control》2018,91(7):1567-1587
In this article, we propose practical rules for tuning event-based PID controllers with two sampling strategies: symmetric send-on-delta (SSOD) and regular quantification (RQ). We present a detailed analysis about the effect of the derivative term of the controller when using SSOD or RQ and some guide lines are given to select the derivative filter coefficient. The two sampling strategies are compared, showing that, even when both of them lead to similar controlled output response, systems with RQ have better robustness properties than those with SSOD. The study is based on the describing function and the results are applicable to process with dynamic responses of different types: with time delays, non-minimum phase, under-damped response, etc. The rules presented here are given in terms of phase and gain margins that are measures of robustness used in the design of continuous PID controllers. This allows the application of conventional PID tuning methods to the case of event-based PID. The tuning rules are very simple and can be used for tuning PID, PI, PD and other controller structures. 相似文献
12.
基于Graphplan的ARBAC策略安全分析方法 总被引:3,自引:0,他引:3
策略安全分析是访问控制系统保持安全状态的重要机制.针对具有角色继承层次和角色静态互斥特征的分布式访问控制系统,文中采用智能规划技术进行策略安全分析.首先,提出了策略安全分析问题向规划问题转换的整体思路,定义"虚动作"模型以描述角色继承关系,使用领域互斥表述静态互斥角色,引入领域公理处理ARBAC策略的开放世界假设问题和前提条件中的负谓词问题.其后,运用图规划(Graphplan)算法求解转换而来的规划问题,重点分析了领域公理对规划图中部分NooP动作的剪枝作用,提出了领域公理在规划图扩展阶段的应用方式以及据此改进的图规划算法,介绍了已开发的面向ARBAC策略安全分析实验型规划系统.最后,进行了应用示例说明. 相似文献
13.
Keshtegar Behrooz Meng Debiao Ben Seghier Mohamed El Amine Xiao Mi Trung Nguyen-Thoi Bui Dieu Tien 《Engineering with Computers》2021,37(3):1695-1708
The stable convergence and efficiency of reliability-based design optimization (RBDO) using performance measure approach (PMA) are the major issue to develop the reliability methods based on modified chaos control (MCC), hybrid chaos control (HCC) and finite-step length adjustment (FSL). However, these methods may be inefficient for RBDO problems with convex and concave probabilistic constraints. In this paper, an adaptive modified chaos control (AMC) is proposed to provide the robust and efficient results in RBDO. The proposed AMC is adjusted using dynamical chaos control factor, which is extracted using sufficient descent condition for PMA. Using sufficient criterion, the proposed AMC is adaptively combined with advanced mean value (AMV) to improve the performance of PMA, named as hybrid adaptive modified chaos control (HAMC). Considering the robustness and efficiency, the proposed HAMC is compared with several existing reliability methods by three nonlinear structural/mathematical performance functions and two RBDO problems. The results indicate that the proposed HAMC with sufficient descent condition provides superior convergences in terms of both robustness and efficiency, compared to existing PMA methods using AMV, MCC, HCC and FSL.
相似文献14.
研究模态跳变概率可控的Markov跣变线性二次模型的最优控制问题,考虑两类模态跳变控制策略:开环模态控制和闭环模态控制,应用策略迭代和性能势的概念,给出了最优的闭环模态控制优于最优的开环模态控制的充分条件,以指导最优控制器的设计,在已知最优的开环模态控制策略的基础上,应用策略迭代给出了构造闭环模态控制策略的方法,以进一步改善系统的性能. 相似文献
15.
Yue-Gang Tao Wen-De Chen Yi-Xin Yin 《国际自动化与计算杂志》2006,3(1):76-83
A variety of problems in operations research, performance analysis, manufacturing, and communication networks, etc., can be modelled as discrete event systems with minimum and maximum constraints. When such systems require only maximum constraints (or dually, only minimum constraints), they can be studied using linear methods based on max-plus algebra. Systems with mixed constraints are called min-max systems in which min, max and addition operations appear simultaneously. A significant amount of work on such systems can be seen in literature. In this paper we provide some new results with regard to the balance problem of min-max functions; these are the structure properties of min-max systems. We use these results in the structural stabilization. Our main results are two sufficient conditions for the balance and one sufficient condition for the structural stabilization. The block technique is used to analyse the structure of the systems. The proposed methods, based on directed graph and max-plus algebra are constructive in nature. We provide several examples to demonstrate how the methods work in practice. 相似文献
16.
加权质心定位算法的实施需要布置较多的锚节点,较大的硬件成本限制了该算法在实际中的应用。本文结合余弦定理,利用原有的少量锚节点定位信息构造出虚拟静态锚节点VSAN(Virtual Static Anchor Node)参与定位,降低了该定位算法所需的硬件成本;此外,对加权质心算法进行数学推导和分析,从导数的角度阐述了权重系数和RSSI测距对加权质心算法的影响。仿真结果表明,基于VSAN的加权质心算法所需布置锚节点较少、定位精度较高;并通过实际环境下测试,验证了算法的有效性和可行性。 相似文献
17.
A control problem for linear systems with constraints is considered. It is proved that the problem can be reduced to analysis of a respective matrix inequality. A sufficient condition for control with constraints in such a system is presented. This condition is based on a corresponding sufficient condition for solutions of matrix inequalities. The characteristic feature of the condition is its constructibility. 相似文献
18.
现有的角色挖掘算法只为追求得到最小角色集的挖掘结果,并没有考虑到系统中的职责分离(Separa-tion of Duty,SoD),而SoD是维护系统安全的重要约束.对此,提出一种基于职责分离的角色挖掘算法.将用户权限关系转化成布尔矩阵表示,利用权限分组的方法在角色挖掘过程中为角色赋予SoD约束信息.生成静态互斥角色t... 相似文献
19.
Deadlock avoidance is a key issue in wormhole networks. A first approach by W.J. Dally and C.L. Seitz (1987) consists of removing the cyclic dependencies between channels. Many deterministic and adaptive routing algorithms have been proposed based on that approach. Although the absence of cyclic dependencies is a necessary and sufficient condition for deadlock-free deterministic routing, it is only a sufficient condition for deadlock-free adaptive routing. A more powerful approach by J. Duato (1991) only requires the absence of cyclic dependencies on a connected channel subset. The remaining channels can be used in almost any way. In this paper, we show that the previously mentioned approach is also a sufficient condition. Moreover, we propose a necessary and sufficient condition for deadlock-free adaptive routing. This condition is the key for the design of fully adaptive routing algorithms with minimum restrictions, An example shows the application of the new theory 相似文献