Role mining and setup affect the usage of role-based access control(RBAC).Traditionally,user's role and permission assigning are manipulated by security administrator of system.However,the cost is expensive and th...Role mining and setup affect the usage of role-based access control(RBAC).Traditionally,user's role and permission assigning are manipulated by security administrator of system.However,the cost is expensive and the operating process is complex.A new role analyzing method was proposed by generating mappings and using them to provide recommendation for systems.The relation among sets of permissions,roles and users was explored by generating mappings,and the relation between sets of users and attributes was analyzed by means of the concept lattice model,generating a critical mapping between the attribute and permission sets,and making the meaning of the role natural and operational.Thus,a role is determined by permission set and user's attributes.The generated mappings were used to automatically assign permissions and roles to new users.Experimental results show that the proposed algorithm is effective and efficient.展开更多
Growing numbers of users and many access control policies which involve many different resource attributes in service-oriented environments bring various problems in protecting resource.This paper analyzes the relatio...Growing numbers of users and many access control policies which involve many different resource attributes in service-oriented environments bring various problems in protecting resource.This paper analyzes the relationships of resource attributes to user attributes in all policies, and propose a general attribute and rule based role-based access control(GAR-RBAC) model to meet the security needs. The model can dynamically assign users to roles via rules to meet the need of growing numbers of users. These rules use different attribute expression and permission as a part of authorization constraints, and are defined by analyzing relations of resource attributes to user attributes in many access policies that are defined by the enterprise. The model is a general access control model, and can support many access control policies, and also can be used to wider application for service. The paper also describes how to use the GAR-RBAC model in Web service environments.展开更多
Role-based network embedding aims to embed role-similar nodes into a similar embedding space,which is widely used in graph mining tasks such as role classification and detection.Roles are sets of nodes in graph networ...Role-based network embedding aims to embed role-similar nodes into a similar embedding space,which is widely used in graph mining tasks such as role classification and detection.Roles are sets of nodes in graph networks with similar structural patterns and functions.However,the rolesimilar nodes may be far away or even disconnected from each other.Meanwhile,the neighborhood node features and noise also affect the result of the role-based network embedding,which are also challenges of current network embedding work.In this paper,we propose a Role-based network Embedding via Quantum walk with weighted Features fusion(REQF),which simultaneously considers the influence of global and local role information,node features,and noise.Firstly,we capture the global role information of nodes via quantum walk based on its superposition property which emphasizes the local role information via biased quantum walk.Secondly,we utilize the quantum walkweighted characteristic function to extract and fuse features of nodes and their neighborhood by different distributions which contain role information implicitly.Finally,we leverage the Variational Auto-Encoder(VAE)to reduce the effect of noise.We conduct extensive experiments on seven real-world datasets,and the results show that REQF is more effective at capturing role information in the network,which outperforms the best baseline by up to 14.6% in role classification,and 23% in role detection on average.展开更多
PMI (privilege management infrastructure) is used to perform access control to resource in an E-commerce or E-government system. With the ever-increasing need for secure transaction, the need for systems that offer ...PMI (privilege management infrastructure) is used to perform access control to resource in an E-commerce or E-government system. With the ever-increasing need for secure transaction, the need for systems that offer a wide variety of QoS (quality-of-service) features is also growing. In order to improve the QoS of PMI system, a cache based on RBAC (Role-based Access control) and trust is proposed. Our system is realized based on Web service. How to design the cache based on RBAC and trust in the access control model is deseribed in detail. The algorithm to query role permission in cache and to add records in cache is dealt with. The policy to update cache is introduced also.展开更多
With cloud computing,large chunks of data can be handled at a small cost.However,there are some reservations regarding the security and privacy of cloud data stored.For solving these issues and enhancing cloud computi...With cloud computing,large chunks of data can be handled at a small cost.However,there are some reservations regarding the security and privacy of cloud data stored.For solving these issues and enhancing cloud computing security,this research provides a Three-Layered Security Access model(TLSA)aligned to an intrusion detection mechanism,access control mechanism,and data encryption system.The TLSA underlines the need for the protection of sensitive data.This proposed approach starts with Layer 1 data encryption using the Advanced Encryption Standard(AES).For data transfer and storage,this encryption guarantees the data’s authenticity and secrecy.Surprisingly,the solution employs the AES encryption algorithm to secure essential data before storing them in the Cloud to minimize unauthorized access.Role-based access control(RBAC)implements the second strategic level,which ensures specific personnel access certain data and resources.In RBAC,each user is allowed a specific role and Permission.This implies that permitted users can access some data stored in the Cloud.This layer assists in filtering granular access to data,reducing the risk that undesired data will be discovered during the process.Layer 3 deals with intrusion detection systems(IDS),which detect and quickly deal with malicious actions and intrusion attempts.The proposed TLSA security model of e-commerce includes conventional levels of security,such as encryption and access control,and encloses an insight intrusion detection system.This method offers integrated solutions for most typical security issues of cloud computing,including data secrecy,method of access,and threats.An extensive performance test was carried out to confirm the efficiency of the proposed three-tier security method.Comparisons have been made with state-of-art techniques,including DES,RSA,and DUAL-RSA,keeping into account Accuracy,QILV,F-Measure,Sensitivity,MSE,PSNR,SSIM,and computation time,encryption time,and decryption time.The proposed TLSA method provides an accuracy of 89.23%,F-Measure of 0.876,and SSIM of 0.8564 at a computation time of 5.7 s.A comparison with existing methods shows the better performance of the proposed method,thus confirming the enhanced ability to address security issues in cloud computing.展开更多
This paper first introduces attribute expression to describe attribute-based access control policy.Secondly,an access control policy enforcement language named A-XACML (attribute-XACML)is proposed,which is an extens...This paper first introduces attribute expression to describe attribute-based access control policy.Secondly,an access control policy enforcement language named A-XACML (attribute-XACML)is proposed,which is an extension of XACML.A-XACML is used as a simple,flexible way to express and enforce access control policies,especially attribute-based access control policy,in a variety of environments.The language and schema support include data types,functions,and combining logic which allow simple and complex policies to be defined.Finally,a system architecture and application case of user-role assignment is given to show how attribute expressions and A-XACML work in access control policy description and enforcement.The case shows that attribute expression and A-XACML can describe and enforce the complex access control policy in a simple and flexible way.展开更多
To describe and integrate various policies applied in different domains, the definition of the family of OntoRBAC based on the ontology of a general role-based access control (RBAC) policy is proposed, which can sup...To describe and integrate various policies applied in different domains, the definition of the family of OntoRBAC based on the ontology of a general role-based access control (RBAC) policy is proposed, which can support and extend the RBAC96 model. The uniform ontology-based description mechanism of secure policies is applied in OntoRBAC, which can be used to describe different secure policies in distributed systems and integrate policies in semantic level with upper concepts. In addition, some rules have been defined to reason within the OntoRBAC to extend the inference algorithms in ontology, which makes the system accommodate itself to RBAC policies better.展开更多
基金Project(61003140) supported by the National Natural Science Foundation of ChinaProject(013/2010/A) supported by Macao Science and Technology Development FundProject(10YJC630236) supported by Social Science Foundation for the Youth Scholars of Ministry of Education of China
文摘Role mining and setup affect the usage of role-based access control(RBAC).Traditionally,user's role and permission assigning are manipulated by security administrator of system.However,the cost is expensive and the operating process is complex.A new role analyzing method was proposed by generating mappings and using them to provide recommendation for systems.The relation among sets of permissions,roles and users was explored by generating mappings,and the relation between sets of users and attributes was analyzed by means of the concept lattice model,generating a critical mapping between the attribute and permission sets,and making the meaning of the role natural and operational.Thus,a role is determined by permission set and user's attributes.The generated mappings were used to automatically assign permissions and roles to new users.Experimental results show that the proposed algorithm is effective and efficient.
基金The National Natural Science Foundation of China(No60402019No60672068)
文摘Growing numbers of users and many access control policies which involve many different resource attributes in service-oriented environments bring various problems in protecting resource.This paper analyzes the relationships of resource attributes to user attributes in all policies, and propose a general attribute and rule based role-based access control(GAR-RBAC) model to meet the security needs. The model can dynamically assign users to roles via rules to meet the need of growing numbers of users. These rules use different attribute expression and permission as a part of authorization constraints, and are defined by analyzing relations of resource attributes to user attributes in many access policies that are defined by the enterprise. The model is a general access control model, and can support many access control policies, and also can be used to wider application for service. The paper also describes how to use the GAR-RBAC model in Web service environments.
基金supported in part by the National Nature Science Foundation of China(Grant 62172065)the Natural Science Foundation of Chongqing(Grant cstc2020jcyjmsxmX0137).
文摘Role-based network embedding aims to embed role-similar nodes into a similar embedding space,which is widely used in graph mining tasks such as role classification and detection.Roles are sets of nodes in graph networks with similar structural patterns and functions.However,the rolesimilar nodes may be far away or even disconnected from each other.Meanwhile,the neighborhood node features and noise also affect the result of the role-based network embedding,which are also challenges of current network embedding work.In this paper,we propose a Role-based network Embedding via Quantum walk with weighted Features fusion(REQF),which simultaneously considers the influence of global and local role information,node features,and noise.Firstly,we capture the global role information of nodes via quantum walk based on its superposition property which emphasizes the local role information via biased quantum walk.Secondly,we utilize the quantum walkweighted characteristic function to extract and fuse features of nodes and their neighborhood by different distributions which contain role information implicitly.Finally,we leverage the Variational Auto-Encoder(VAE)to reduce the effect of noise.We conduct extensive experiments on seven real-world datasets,and the results show that REQF is more effective at capturing role information in the network,which outperforms the best baseline by up to 14.6% in role classification,and 23% in role detection on average.
基金Supported by the National Tenth Five-rear Planfor Scientific and Technological Development of China (413160501)the National Natural Science Foundation of China (50477038)
文摘PMI (privilege management infrastructure) is used to perform access control to resource in an E-commerce or E-government system. With the ever-increasing need for secure transaction, the need for systems that offer a wide variety of QoS (quality-of-service) features is also growing. In order to improve the QoS of PMI system, a cache based on RBAC (Role-based Access control) and trust is proposed. Our system is realized based on Web service. How to design the cache based on RBAC and trust in the access control model is deseribed in detail. The algorithm to query role permission in cache and to add records in cache is dealt with. The policy to update cache is introduced also.
基金funded by UKRI EPSRC Grant EP/W020408/1 Project SPRITE+2:The Security,Privacy,Identity and Trust Engagement Network plus(phase 2)for this studyThe authors also have been funded by PhD project RS718 on Explainable AI through UKRI EPSRC Grant funded Doctoral Training Centre at Swansea University.
文摘With cloud computing,large chunks of data can be handled at a small cost.However,there are some reservations regarding the security and privacy of cloud data stored.For solving these issues and enhancing cloud computing security,this research provides a Three-Layered Security Access model(TLSA)aligned to an intrusion detection mechanism,access control mechanism,and data encryption system.The TLSA underlines the need for the protection of sensitive data.This proposed approach starts with Layer 1 data encryption using the Advanced Encryption Standard(AES).For data transfer and storage,this encryption guarantees the data’s authenticity and secrecy.Surprisingly,the solution employs the AES encryption algorithm to secure essential data before storing them in the Cloud to minimize unauthorized access.Role-based access control(RBAC)implements the second strategic level,which ensures specific personnel access certain data and resources.In RBAC,each user is allowed a specific role and Permission.This implies that permitted users can access some data stored in the Cloud.This layer assists in filtering granular access to data,reducing the risk that undesired data will be discovered during the process.Layer 3 deals with intrusion detection systems(IDS),which detect and quickly deal with malicious actions and intrusion attempts.The proposed TLSA security model of e-commerce includes conventional levels of security,such as encryption and access control,and encloses an insight intrusion detection system.This method offers integrated solutions for most typical security issues of cloud computing,including data secrecy,method of access,and threats.An extensive performance test was carried out to confirm the efficiency of the proposed three-tier security method.Comparisons have been made with state-of-art techniques,including DES,RSA,and DUAL-RSA,keeping into account Accuracy,QILV,F-Measure,Sensitivity,MSE,PSNR,SSIM,and computation time,encryption time,and decryption time.The proposed TLSA method provides an accuracy of 89.23%,F-Measure of 0.876,and SSIM of 0.8564 at a computation time of 5.7 s.A comparison with existing methods shows the better performance of the proposed method,thus confirming the enhanced ability to address security issues in cloud computing.
基金The National High Technology Research and Development Program of China(863Program)(No.2007AA01Z445)
文摘This paper first introduces attribute expression to describe attribute-based access control policy.Secondly,an access control policy enforcement language named A-XACML (attribute-XACML)is proposed,which is an extension of XACML.A-XACML is used as a simple,flexible way to express and enforce access control policies,especially attribute-based access control policy,in a variety of environments.The language and schema support include data types,functions,and combining logic which allow simple and complex policies to be defined.Finally,a system architecture and application case of user-role assignment is given to show how attribute expressions and A-XACML work in access control policy description and enforcement.The case shows that attribute expression and A-XACML can describe and enforce the complex access control policy in a simple and flexible way.
基金The National Natural Science Foundation of China(No60403027)
文摘To describe and integrate various policies applied in different domains, the definition of the family of OntoRBAC based on the ontology of a general role-based access control (RBAC) policy is proposed, which can support and extend the RBAC96 model. The uniform ontology-based description mechanism of secure policies is applied in OntoRBAC, which can be used to describe different secure policies in distributed systems and integrate policies in semantic level with upper concepts. In addition, some rules have been defined to reason within the OntoRBAC to extend the inference algorithms in ontology, which makes the system accommodate itself to RBAC policies better.
