The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Recent research on ubiquitous computing has introduced a new concept of activity-based computing as a way of thinking about supporting human activities in ubiquitous computing environment. Existing access control approaches such as RBAC, became inappropriate to support this concept because they do not consider human activities. In this paper, we propose Activity-Oriented Access Control (AOAC) model,...
In large enterprise software systems, users often need to delegate their authority to others. Permission base delegation model (PBDM) based on RBAC96 currently is the most attractive model to fulfill the delegation requirement since it supports partly delegation and multiple steps delegation. However in PBDM there is no explicit specification of the separation of duty (SOD) constraint, which is one...
Firewalls are core elements in network security, the effectiveness of firewall security is dependent on configuring firewall policy correctly. Firewall policy describes the access that will be permitted or denied from the trusted network. In corporate network, several firewalls are set up and administrated by different teams. The consistency between those firewall policies is crucial to corporate...
RFID (radio frequency identification) is the key technology to open the new era of computing history, i.e., machine perception or sensor age. However, one major stumbling block of using RFID technology in ubiquitous environment is the lack of security enforcement. In this paper, we introduce a systematic approach to enhance RFID middleware with the access control, user authentication, and session...
Flexible access control model has been studied and implemented on operating system for a long time. SELinux of NSA have fine-grained policy. But, the strict policy make user feel inconvenience. Though SELinux can present MAC or RBAC as well as DAC, it doesnpsilat show all of the notions. We propose the flexible access control model that it can present diverse access control policies and the policies...
This paper introduces definitions and constructions of public key infrastructure, certification authority and XTR public key system, describes the principle of digital signature of XTR-Nyberg-Rueppel signatures, and then designs a certificate authority system by using this kind of signature in order to save the time and space both in communication and computation without compromising security.
The efficient authorization is the precondition of implementing access control. Traditional access control technology which lacks dynamic authorization mechanism focuses on the beforehand authorization process. Based on usage control (UCON) which is new access control technology, this paper proposes a role-based dynamic authorization model. This model extends RBAC by introducing elements of UCON such...
The characteristics of delegation are analyzed and defined in this paper, including time, totality, level, multi-delegation, agreement and revocation. Based on RBAC, an extended role and permission-based delegation model is redefined by separating delegate roles from original roles. Security administrators (SAs) and ordinary users have different functions and duties in the authorization and delegation...
Traditional security model, where the identity of all possible requesting subjects must be pre-registered in advance, is not suitable for the distributed applications with strong real-time requirements. A promising approach is represented by automated trust negotiation, which establishes trust between strangers through the exchange of digital credentials and the use of access control policies. As...
The risk assessment for network information system has experienced a stage from rule-based questionnaire investigation to model-based assessment. Many graph-based models have been proposed and applied to risk assessment. Attack Graph is widely used one. But attack graphs grow exponentially with the size of the network. In this paper, we propose a comprehensive framework for network vulnerabilities...
The security models used in Grid systems today strongly bear the marks of their diverse origin. Historically retrofitted to the distributed systems they are designed to protect and control, the security model is usually limited in scope and applicability, and its implementation tailored towards a few specific deployment scenarios. A common approach towards even the "basic" elements such...
An access control system is a mandatory step in the implementation of security policy. The algebra of security introduced by McLean is not enough expressive to model an access control system. Several models appeared thereafter, namely the mandatory models and discretionary models. In this paper we will use the graphs of privileges and the Marked Petri Nets in order to model formally the access control...
The ARBAC97 and Crampton-Loizou models make an important contribution to the understanding and modeling of administration of role-based access control. However, there are several features of both models which we believe could be improved. In this paper, the concept of administrative scope is introduced and is used to manage RBAC model. A new administration model for RBAC using hierarchical structure...
The verifiably encrypted signature schemes proposed by Asokan solved the fairness problem in the fair exchange process. In the work, we propose an ID-based strong unforgeability verifiably encrypted signature scheme without random oracles, and show that the security of the scheme is based on the difficulty of solving the computational Diffie-Hellman problem. Our scheme is obtained from a modification...
Aimed at those access control system which support role hierarchy and static mutual exclusion roles (SMER), an intelligent method from intelligent planning, named Graphplan, was imported to perform the security analysis. A complete resolution for reachability problems was designed and presented, including a description model using planning language,the key conception virtual action which was put forward...
As grid??s dynamic, distributed and open nature, the issue of mutual trust among grid entities is challenging, not only because of the entities in different domains, but also because the fact that those domains may deploy different security mechanisms. A federal authentication and authorization scheme based upon trust management and delegation is proposed. Different security domains can join in the...
Recently, Abdalla and Pointcheval proposed an efficient three-party password-authenticated key exchange protocoland provided a proof of security in the Bellare, Pointcheval, and Rogaway (BPR2000) model. Despite the claim of provable security, the protocol was subsequently shown insecure in them presence of an active adversary by Kim-Kwang et al. But they declaimed the flaws stemmed from the weakness...
Nowadays, access control models take a system centric view of protecting resource, and they donpsilat take the context into account when controlling the permissions, such as RBAC. However, with the arrival of pervasive computing times, it requires thousands of applications to connect and communicate each other, which suggests not only noticing the protection of systematic resources but the context...
Usage control is a generalization of access control to cover obligations, conditions, continuity and mutability. However, the delegation component isn??t discussed to the full. In this paper, an improved scheme for delegation based on the usage control model is proposed. The new model is not just expanding the UCONABC model simply by increasing the delegation component as earlier literatures by Zhiyong...
This paper presents a novel multi-hierarchy and task-role based access control model named H-TRBAC. In the model, we create two multi-hierarchical sets, i.e., a role set and a task set. In the task hierarchy, a task may have some partial ordering relationships with other tasks. A task can not be scheduled until its entire ancestors are completed. It is the task??s duty to select necessary roles and...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.