The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
To solve the problem that traditional resource allocation scheme does not take influence of cloud user behavior on resource allocation into consideration and has a static authorization process, this paper proposes resource allocation scheme based on access control (RASBAC), which introduces behavior trust into authorization process. This paper designs a calculation algorithm of behavior trust based...
Due to the problem that resource management is the foundation of authorization management and the requirement of unified description and management of resources with any type and arbitrary granularity, a finer-grained resource management model named FGRMMRBAC is proposed. An extensible organization and description method is present to manage the resource, resolving the unified description, organization...
Due to the requirements of dynamic and mandatory access control for important information systems in the classified security protecting environment, a dynamic authorization model based on security label and role (SLR-DAM) is proposed. Firstly, element sets and authorization rules are enumerated in a formalized way. Using security label together with label role we defined, MAC is implemented with the...
The Network Configuration Protocol (NETCONF) is a new network Management Protocol which becomes more and more widely used in network management area. To make NETCONF much safer, we extend the extensible Access Control Markup Language(XACML) access control mechanism and implement it on our NETCONF network management system-BUPT-NEP. We use subtree filtering expression to represent resource instead...
NETCONF is a new protocol as the network becomes more and more complexity, which has a better capability administering lots of devices. However, the large scale network brings some trouble for implementing access control especially when administers need to deploy or update policies on each devices. In this regard, the architecture of centralized access control proxy server based on NETCONF is focused,...
In order to satisfy dynamic authorization in service-oriented grid environment, a context and trust-based grid service authorization model (CTGSA) is proposed. First, model is defined formally. Benefiting from the mapping relation of user-role, role-service and service-resource assignment, model can provide authorization using service-oriented method, which reduces the management overhead greatly...
Along with the development of information technology, the demand on uniformly enforcing authentication and authorization for multiple organizational applications is increasing. However, it is challenging for original applications to integrate with an uniform authorization infrastructure because each of them has respective separate logic. To solve this problem, in this paper, an approach of enforcing...
The grid cross domain authorization has been a research hotspot in the information security held. The existing gird cross-domain authorization mechanisms are not flexible and intelligent enough. To solve the problem we propose a grid authorization model based on the description logic (DL) and the attribute based access control (ABAC). The DL formulates the definition and representation of attributes,...
In order to avoid the abuse of administrative permission in authorization process, the paper proposes a joint administration model. In the model, the concept of joint administrative role is proposed. A joint administrative role is comprised of several administrative roles who are assigned different weights, and regular roles are associated with different thresholds. Using the method, administrative...
Policy composition is an essential requirement of grid access control, not only because of the integrity of local and global policies, but also the dynamic collaboration under jointly controlled policies among multiple partners across different domains. In this paper, we propose an algebra for compositing attribute-based access control policies. Traditional arithmetic operators are extended and semantically...
A grid system is a virtual organization that is composed of several autonomous domains. Security in such a system needs to be flexible and scalable to support multiple security policies. Basing on the special security requirements of VO-management, we propose a security architecture that can support multiple authentication policies in a VO to provide scalable and flexible VO-wide authentication, role-based,...
Secure interaction between trusted-domains is a major problem on network security. Combining with the advantages of role-based access control (RBAC) and the existing authentication technique on crossing the trusted-domain, this paper proposes a privilege management model on crossing the trusted-domains (PMCT) which is suitable for large scale distributed network. Role recommending policy and unilateral...
The efficient authorization is the precondition of implementing access control. Traditional access control technology which lacks dynamic authorization mechanism focuses on the beforehand authorization process. Based on usage control (UCON) which is new access control technology, this paper proposes a role-based dynamic authorization model. This model extends RBAC by introducing elements of UCON such...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.