Role mining and setup affect the usage of role-based access control(RBAC).Traditionally,user's role and permission assigning are manipulated by security administrator of system.However,the cost is expensive and th...Role mining and setup affect the usage of role-based access control(RBAC).Traditionally,user's role and permission assigning are manipulated by security administrator of system.However,the cost is expensive and the operating process is complex.A new role analyzing method was proposed by generating mappings and using them to provide recommendation for systems.The relation among sets of permissions,roles and users was explored by generating mappings,and the relation between sets of users and attributes was analyzed by means of the concept lattice model,generating a critical mapping between the attribute and permission sets,and making the meaning of the role natural and operational.Thus,a role is determined by permission set and user's attributes.The generated mappings were used to automatically assign permissions and roles to new users.Experimental results show that the proposed algorithm is effective and efficient.展开更多
Growing numbers of users and many access control policies which involve many different resource attributes in service-oriented environments bring various problems in protecting resource.This paper analyzes the relatio...Growing numbers of users and many access control policies which involve many different resource attributes in service-oriented environments bring various problems in protecting resource.This paper analyzes the relationships of resource attributes to user attributes in all policies, and propose a general attribute and rule based role-based access control(GAR-RBAC) model to meet the security needs. The model can dynamically assign users to roles via rules to meet the need of growing numbers of users. These rules use different attribute expression and permission as a part of authorization constraints, and are defined by analyzing relations of resource attributes to user attributes in many access policies that are defined by the enterprise. The model is a general access control model, and can support many access control policies, and also can be used to wider application for service. The paper also describes how to use the GAR-RBAC model in Web service environments.展开更多
In reentrant production,decision makers need to consider whether the part should be discarded or reprocessed.It involves the production and time cost that is required by reprocessing.Therefore,an efficient and feasibl...In reentrant production,decision makers need to consider whether the part should be discarded or reprocessed.It involves the production and time cost that is required by reprocessing.Therefore,an efficient and feasible assignment method is required for reentrant production.To tackle this issue,we use the Environments-Classes,Agents,Roles,Groups,and Objects model to formalize this problem.A novel solution is designed for Reentrant Production by extending the Group Role Assignment(GRA)problem model to solve the GRA with Balance problem.With this proposed solution,we can get an allocation scheme that takes into account multi-objective optimization and Pareto equilibrium between average performance of the whole reprocessing system and high defect rate parts.Finally,large-scale simulation experiments based on the Python PuLP platform are carried out to demonstrate the practicability and robustness of the proposed solution.The simulation results provide a solid decision-making reference for the manufacturer.展开更多
为了解决因孤立时空约束而导致的多项任务指派的协同失效和全局优化性能急剧下降问题,使用角色协同理论(role-based collaboration)及其通用模型E-CARGO的子模型群组角色指派(group role assignment),以机场登机口调度为例,对问题进行...为了解决因孤立时空约束而导致的多项任务指派的协同失效和全局优化性能急剧下降问题,使用角色协同理论(role-based collaboration)及其通用模型E-CARGO的子模型群组角色指派(group role assignment),以机场登机口调度为例,对问题进行指派时空约束形式化建模;分析不同代理承担不同角色、不同代理承担同个角色的协作情况,从而建立量化评估矩阵与协作矩阵;继而对时空约束进行解耦与消解,采用整数规划在追求协作空间利用率最大化的同时,考虑平衡旅客偏好,对问题进行多目标求解。大规模仿真实验论证了模型与方法的一般性、有效性和可靠性。此外,与传统GRA模型相比,主体利益指标提升6.21%,客体偏好指标提升9.72%,实现秒级求解,满足了复杂时空网络下的任务分配快速指派响应要求。展开更多
Growing numbers of users and many access policies that involve many different resource attributes in service-oriented environments cause various problems in protecting resource. This paper analyzes the relationships o...Growing numbers of users and many access policies that involve many different resource attributes in service-oriented environments cause various problems in protecting resource. This paper analyzes the relationships of resource attributes to user attributes based on access policies for Web services, and proposes a general attribute based role-based access control(GARBAC) model. The model introduces the notions of single attribute expression, composite attribute expression, and composition permission, defines a set of elements and relations among its elements and makes a set of rules, assigns roles to user by inputing user's attributes values. The model is a general access control model, can support more granularity resource information and rich access control policies, also can be used to wider application for services. The paper also describes how to use the GARBAC model in Web services environments.展开更多
基金Project(61003140) supported by the National Natural Science Foundation of ChinaProject(013/2010/A) supported by Macao Science and Technology Development FundProject(10YJC630236) supported by Social Science Foundation for the Youth Scholars of Ministry of Education of China
文摘Role mining and setup affect the usage of role-based access control(RBAC).Traditionally,user's role and permission assigning are manipulated by security administrator of system.However,the cost is expensive and the operating process is complex.A new role analyzing method was proposed by generating mappings and using them to provide recommendation for systems.The relation among sets of permissions,roles and users was explored by generating mappings,and the relation between sets of users and attributes was analyzed by means of the concept lattice model,generating a critical mapping between the attribute and permission sets,and making the meaning of the role natural and operational.Thus,a role is determined by permission set and user's attributes.The generated mappings were used to automatically assign permissions and roles to new users.Experimental results show that the proposed algorithm is effective and efficient.
基金The National Natural Science Foundation of China(No60402019No60672068)
文摘Growing numbers of users and many access control policies which involve many different resource attributes in service-oriented environments bring various problems in protecting resource.This paper analyzes the relationships of resource attributes to user attributes in all policies, and propose a general attribute and rule based role-based access control(GAR-RBAC) model to meet the security needs. The model can dynamically assign users to roles via rules to meet the need of growing numbers of users. These rules use different attribute expression and permission as a part of authorization constraints, and are defined by analyzing relations of resource attributes to user attributes in many access policies that are defined by the enterprise. The model is a general access control model, and can support many access control policies, and also can be used to wider application for service. The paper also describes how to use the GAR-RBAC model in Web service environments.
基金supported by the National Key Research and Development Program of China No.2022YFB3304400Natural Sciences and Engineering Research Council of Canada(NSERC)under Grant DDG-2024-00036.
文摘In reentrant production,decision makers need to consider whether the part should be discarded or reprocessed.It involves the production and time cost that is required by reprocessing.Therefore,an efficient and feasible assignment method is required for reentrant production.To tackle this issue,we use the Environments-Classes,Agents,Roles,Groups,and Objects model to formalize this problem.A novel solution is designed for Reentrant Production by extending the Group Role Assignment(GRA)problem model to solve the GRA with Balance problem.With this proposed solution,we can get an allocation scheme that takes into account multi-objective optimization and Pareto equilibrium between average performance of the whole reprocessing system and high defect rate parts.Finally,large-scale simulation experiments based on the Python PuLP platform are carried out to demonstrate the practicability and robustness of the proposed solution.The simulation results provide a solid decision-making reference for the manufacturer.
文摘为了解决因孤立时空约束而导致的多项任务指派的协同失效和全局优化性能急剧下降问题,使用角色协同理论(role-based collaboration)及其通用模型E-CARGO的子模型群组角色指派(group role assignment),以机场登机口调度为例,对问题进行指派时空约束形式化建模;分析不同代理承担不同角色、不同代理承担同个角色的协作情况,从而建立量化评估矩阵与协作矩阵;继而对时空约束进行解耦与消解,采用整数规划在追求协作空间利用率最大化的同时,考虑平衡旅客偏好,对问题进行多目标求解。大规模仿真实验论证了模型与方法的一般性、有效性和可靠性。此外,与传统GRA模型相比,主体利益指标提升6.21%,客体偏好指标提升9.72%,实现秒级求解,满足了复杂时空网络下的任务分配快速指派响应要求。
基金Supported by the National Natural Science Foundation of China (60402019, 60772098 and 60672068)
文摘Growing numbers of users and many access policies that involve many different resource attributes in service-oriented environments cause various problems in protecting resource. This paper analyzes the relationships of resource attributes to user attributes based on access policies for Web services, and proposes a general attribute based role-based access control(GARBAC) model. The model introduces the notions of single attribute expression, composite attribute expression, and composition permission, defines a set of elements and relations among its elements and makes a set of rules, assigns roles to user by inputing user's attributes values. The model is a general access control model, can support more granularity resource information and rich access control policies, also can be used to wider application for services. The paper also describes how to use the GARBAC model in Web services environments.
