The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Due to the requirements of dynamic and mandatory access control for important information systems in the classified security protecting environment, a dynamic authorization model based on security label and role (SLR-DAM) is proposed. Firstly, element sets and authorization rules are enumerated in a formalized way. Using security label together with label role we defined, MAC is implemented with the...
The Network Configuration Protocol (NETCONF) is a new network Management Protocol which becomes more and more widely used in network management area. To make NETCONF much safer, we extend the extensible Access Control Markup Language(XACML) access control mechanism and implement it on our NETCONF network management system-BUPT-NEP. We use subtree filtering expression to represent resource instead...
In order to satisfy dynamic authorization in service-oriented grid environment, a context and trust-based grid service authorization model (CTGSA) is proposed. First, model is defined formally. Benefiting from the mapping relation of user-role, role-service and service-resource assignment, model can provide authorization using service-oriented method, which reduces the management overhead greatly...
Along with the development of information technology, the demand on uniformly enforcing authentication and authorization for multiple organizational applications is increasing. However, it is challenging for original applications to integrate with an uniform authorization infrastructure because each of them has respective separate logic. To solve this problem, in this paper, an approach of enforcing...
The grid cross domain authorization has been a research hotspot in the information security held. The existing gird cross-domain authorization mechanisms are not flexible and intelligent enough. To solve the problem we propose a grid authorization model based on the description logic (DL) and the attribute based access control (ABAC). The DL formulates the definition and representation of attributes,...
In order to avoid the abuse of administrative permission in authorization process, the paper proposes a joint administration model. In the model, the concept of joint administrative role is proposed. A joint administrative role is comprised of several administrative roles who are assigned different weights, and regular roles are associated with different thresholds. Using the method, administrative...
Policy composition is an essential requirement of grid access control, not only because of the integrity of local and global policies, but also the dynamic collaboration under jointly controlled policies among multiple partners across different domains. In this paper, we propose an algebra for compositing attribute-based access control policies. Traditional arithmetic operators are extended and semantically...
A grid system is a virtual organization that is composed of several autonomous domains. Security in such a system needs to be flexible and scalable to support multiple security policies. Basing on the special security requirements of VO-management, we propose a security architecture that can support multiple authentication policies in a VO to provide scalable and flexible VO-wide authentication, role-based,...
As multicasting is increasingly used as an efficient communication mechanism for group-oriented applications in the Internet, the research of the multicast key management is becoming a hot issue. Firstly, we analyze the n-party GDH.2 multicast key management protocol and point out that it has the following flaws: lack of certification, vulnerability to man-in-the-middle attacks, and a single-point...
In 2006, the IETF released its latest effort, NETCONF, a brand new network management protocol, which is based on the XML encoding method. The NETCONF protocol is thought to be able to meet the requirement of configuration management which SNMP fails to do well. The NETCONF protocol also performs better in other fields such as the efficiency, more flexible operations, etc. But, as a new protocol,...
Secure interaction between trusted-domains is a major problem on network security. Combining with the advantages of role-based access control (RBAC) and the existing authentication technique on crossing the trusted-domain, this paper proposes a privilege management model on crossing the trusted-domains (PMCT) which is suitable for large scale distributed network. Role recommending policy and unilateral...
The efficient authorization is the precondition of implementing access control. Traditional access control technology which lacks dynamic authorization mechanism focuses on the beforehand authorization process. Based on usage control (UCON) which is new access control technology, this paper proposes a role-based dynamic authorization model. This model extends RBAC by introducing elements of UCON such...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.