期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

R^2BAC:基于风险的多自治域安全互操作模型 被引量:7

R^2BAC:a risk-based multi-domain secure interoperation model
下载PDF
导出
摘要 在基于角色访问控制模型的基础上,提出了一种基于风险的多自治域安全互操作模型——R2BAC。R2BAC采用了灵活的互操作关系建立机制,无需第三方实体的参与。将建立互操作问题转换为优化问题,在保证安全性的前提下取得理想的互操作能力。尽管分布式环境中自治域可随时加入和离开,R2BAC保证了互操作关系的创建与撤消能适应这种动态性。R2BAC引进了风险管理机制,提供了细粒度的授权控制;具有实时监控用户行为、调整用户权限的能力。 R^2BAC, a risk enabled role--based model for multi-domain secure interoperation, was proposed to adapt to the dynamics of distributed environments. R^2BAC employs a flexible mechanism to establish interoperation between domains, eliminating the need of a trusted third-party. It translates the problem of interoperation establishment into an optimality problem, thus achieving optimal interoperability on the premise of domains' security. The creation and abolishment of interoperation relationships in R^2BAC are in accord with the dynamics of distributed environments, where domains join and leave in an ad hoc manner. Furthermore, R^2BAC incorporates risk management methods, leading to at least two advantages. First, a fine-grained authorization mechanism is enabled; second, it is possible to monitor users' behaviors and adjust their permission sets in a real time manner.
作者 李瑞轩 胡劲纬 唐卓 卢正鼎
机构地区 华中科技大学计算机科学与技术学院
出处 《通信学报》 EI CSCD 北大核心 2008年第10期58-69,共12页 Journal on Communications
基金 国家自然科学基金资助项目(60403027 60773191 60873225) 国家高技术研究发展计划("863"计划)基金资助项目(2007AA01Z403)~~
关键词 访问控制 风险 多自治域 安全互操作 access control risk multi-domain secure interoperation
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献31

  • 1CHAKRABORTY S, RAY I. TrustBAC: integrating trust relationships into the RBAC model for access control in open systems[A]. Proceedings of the 11th ACM Symposium on Access Control Models and Technologies (SACMAT 2006)[C]. Lake Tahoe, California, USA, 2006.49-58. 被引量:1
  • 2LEE A J, WINSLETT M. Safety and consistency in policy-based authorization systems[A]. Proceedings of 13th ACM Conference on Computer and Communications Security (CCS 2006)[C]. Alexandria, VA, USA, 2006. 124-133. 被引量:1
  • 3OSBORN S L, SANDHU R S, MUNAWER Q. Configuring role-based access control to enforce mandatory and discretionary access control policies[J]. ACM Transactions on Information and System,Security, 2000, 3(2): 85-106. 被引量:1
  • 4GONG L, QIAN X. Computational issues in secure interoperation [J]. IEEE Transactions on Software Engineering, 1996, 22(1): 43-52. 被引量:1
  • 5DAWSON S, QIAN S, SAMARATI P. Providing security and interoperation of heterogeneous systems [J]. Distributed and Parallel Data- bases, 2000, 8(1): 119-145. 被引量:1
  • 6BONATTI P A, SAPINO M L, SUBRAHMANIAN V S. Merging heterogeneous security orderings[A]. Proceedings of the 4th European Symposium on Research in Computer Security (ESORICS 1996)[C]. Rome, Italy, 1996. 183-197. 被引量:1
  • 7KAPADIA A, AL-MUHTADI J, CAMPBELL R H, et al. IRBAC 2000: secure interoperability using dynamic role translation[A]. Proceedings of the 1st International Conference on Internet Computing (IC 2000)[C]. 2000. 231-238. 被引量:1
  • 8SHAFIQ B, JOSHI J, BERTINO E, et al. Secure interoperation in a multi-domain environment employing RBAC policies[J]. IEEE Transactions on Knowledge and Data Engineering, 2005, 17(11): 1557- 1577. 被引量:1
  • 9SHEHAB M, BERTINO E, GHAFOOR A. SERAT: secure role mapping technique for decentralized secure interoperability[A]. Proceedings of the 10th ACM symposium on Access Control Models and Technologies (SACMAT 2005)(C]. Stockholm, Sweden, 2005. 159- 167. 被引量:1
  • 10SHEHAB M, BERTINO E, GHAFOOR A. Secure collaboration in mediator-free environments[A]. Proceedings of 12th ACM Conference on Computer and Communications Security (CCS 2005)[C]. Alexandria, VA, USA, 2005. 58-67. 被引量:1

二级参考文献35

  • 1孙波,赵庆松,孙玉芳.TRDM——具有时限的基于角色的转授权模型[J].计算机研究与发展,2004,41(7):1104-1109. 被引量:26
  • 2R.S. Sandhu. Separation of duties in computerized information systems. In: S. Jajodia, C. E. Lanwehreds. Database SecurityⅣ. North Holland: Elsevier Science Publisher, 1991. 179~189. 被引量:1
  • 3R.S. Sandhu, E. J. Coyne, H. L. Feinstein, et al. Role-based access control models. IEEE Computer, 1996, 29(2): 38~47. 被引量:1
  • 4G.J. Ahn, R. S. Sandhu. Role-based authorization constraints specification. ACM Trans. Information and System Security,2000, 3(4): 207~226. 被引量:1
  • 5V. Atluri, W. K. Huang. An authorization model for workflows.In: Proc. 5th European Symposium on Research in Computer Security, Lecture Notes in Computer Science. New York:Springer-Verlag, 1996. 44~64. 被引量:1
  • 6V. Atluri, W. K. Huang. A Petri net based safety analysis of workflow authorization models. Journal of Computer Security,2000, 8(2): 83~94. 被引量:1
  • 7E. Bertino, P. A. Bonatti, E. Ferrari. TRBAC: A temporal role-based access control model. ACM Trans. Information and System Security, 2001, 4(3): 191~223. 被引量:1
  • 8N.R. Adam, V. Atluri, W. K. Huang. Modeling and analysis of workflows using Petri nets. Journal of Intelligent Information Systems, 1998, 10(2): 131~158. 被引量:1
  • 9Apu Kapadia, Jalal AI-Muhtadi, R. Campbell, et al. IRBAC 2000: Secure interoperability using dynamic role translation.University of Illinois, Technical Report: UIUCDCS-R-2000-2162, 2000 被引量:1
  • 10Ravi S. Sandhu, Edward J. Coyne, Hal L. Feinstein, et al.Role-based access control models. IEEE Computer, 1996, 29(2):38-47 被引量:1

共引文献38

同被引文献118

引证文献7

二级引证文献34

通信学报
2008年 第10期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部