Should the article be accepted and published by Meteorological and Environmental Research,the author hereby grants exclusively to the editorial department of Meteorological and Environmental Research the digital repro...Should the article be accepted and published by Meteorological and Environmental Research,the author hereby grants exclusively to the editorial department of Meteorological and Environmental Research the digital reproduction,distribution,compilation and information network transmission rights.展开更多
Should the article be accepted and published by Agricultural Science&Technology,the author hereby grants exclusively to the editorial department of Agricultural Science&Technology the digital reproduction,dist...Should the article be accepted and published by Agricultural Science&Technology,the author hereby grants exclusively to the editorial department of Agricultural Science&Technology the digital reproduction,distribution,compilation and information network transmission rights.展开更多
Should the article be accepted and published by Meteorological and Environmental Research,the author hereby grants exclusively to the editorial department of Meteorological and Environmental Research the digital repro...Should the article be accepted and published by Meteorological and Environmental Research,the author hereby grants exclusively to the editorial department of Meteorological and Environmental Research the digital reproduction,distribution,compilation and information network transmission rights.展开更多
Should the article be accepted and published by Meteorological and Environmental Research,the author hereby grants exclusively to the editorial department of Meteorological and Environmental Research the digital repro...Should the article be accepted and published by Meteorological and Environmental Research,the author hereby grants exclusively to the editorial department of Meteorological and Environmental Research the digital reproduction,distribution,compilation and information network transmission rights.展开更多
Should the article be accepted and published by Agricultural Science&Technology,the author hereby grants exclusively to the editorial department of Agricultural Science&Technology the digital reproduction,dist...Should the article be accepted and published by Agricultural Science&Technology,the author hereby grants exclusively to the editorial department of Agricultural Science&Technology the digital reproduction,distribution,compilation and information network transmission rights.展开更多
International Journal of Minerals,Metallurgy and Materials is dedicated to the publication and the dissemination of original research articles (and occasional invited reviews) in the fields of Minerals,Metallurgy and ...International Journal of Minerals,Metallurgy and Materials is dedicated to the publication and the dissemination of original research articles (and occasional invited reviews) in the fields of Minerals,Metallurgy and Materials.It is covered by EI Compendex,SCI Expanded,Chemical Abstract,etc.Manuscript preparation The following components are required for a complete manuscript:Title,Author(s),Author affiliation(s),Abstract,Keywords,Main text,Acknowledgements and References.展开更多
These days,data is regarded as a valuable asset in the era of the data economy,which demands a trading platform for buying and selling data.However,online data trading poses challenges in terms of security and fairnes...These days,data is regarded as a valuable asset in the era of the data economy,which demands a trading platform for buying and selling data.However,online data trading poses challenges in terms of security and fairness because the seller and the buyer may not fully trust each other.Therefore,in this paper,a blockchain-based secure and fair data trading system is proposed by taking advantage of the smart contract and matchmaking encryption.The proposed system enables bilateral authorization,where data trading between a seller and a buyer is accomplished only if their policies,required by each other,are satisfied simultaneously.This can be achieved by exploiting the security features of the matchmaking encryption.To guarantee non-repudiation and fairness between trading parties,the proposed system leverages a smart contract to ensure that the parties honestly carry out the data trading protocol.However,the smart contract in the proposed system does not include complex cryptographic operations for the efficiency of onchain processes.Instead,these operations are carried out by off-chain parties and their results are used as input for the on-chain procedure.The system also uses an arbitration protocol to resolve disputes based on the trading proof recorded on the blockchain.The performance of the protocol is evaluated in terms of off-chain computation overhead and on-chain gas consumption.The results of the experiments demonstrate that the proposed protocols can enable the implementation of a cost-effective data trading system.展开更多
Authorization management is important precondition and foundation for coordinating and resource sharing in open networks. Recently, authorization based on trust is widely used whereby access rights to shared resource ...Authorization management is important precondition and foundation for coordinating and resource sharing in open networks. Recently, authorization based on trust is widely used whereby access rights to shared resource are granted on the basis of their trust relation in distributed environment. Nevertheless, dynamic change of the status of credential and chain of trust induces to uncertainty of trust relation. Considering uncertainty of authorization and analyzing deficiency of authorization model only based on trust, we proposes joint trust-risk evaluation and build the model based on fuzzy set theory, and make use of the membership grade of fuzzy set to express joint trust-risk relation. Finally, derivation principle and constraint principle of joint trust-risk relationships are presented. The authorization management model is defined based on joint trust-risk evaluation, proof of compliance and separation of duty are analyzed. The proposed model depicts not only trust relationship between principals, but also security problem of authorization.展开更多
A workflow authorization model based on credentials was proposesed. It can nicely satisfy the features that workflows in actual application should satisfying. This model uses access control list based on task state wh...A workflow authorization model based on credentials was proposesed. It can nicely satisfy the features that workflows in actual application should satisfying. This model uses access control list based on task state which nicely ensure synchronizing authorization flow with workflow; specifies authorization policy not only based on user identifiers but also based on user qualifications and characteristics; defines a set of constraint rules for a task and seek the eligible users to execute the task according to the type of each constraint rule which realize dynamic separation of duty; and realizes the access granularity of authorization ranging from objects to specific parts of objects which ensure the least privilege constraints much more better.展开更多
The specification of authorization policies in access control models proposed so far cannot satisfy the requirements in workflow management systems(WFMSs).Furthermore,existing approaches have not provided effective co...The specification of authorization policies in access control models proposed so far cannot satisfy the requirements in workflow management systems(WFMSs).Furthermore,existing approaches have not provided effective conflict detection and resolution methods to maintain the consistency of authorization polices in WFMSs.To address these concerns,we propose the definition of authorization policies in which context constraints are considered and the complicated requirements in WFMSs can be satisfied.Based on the definition,we put forward static and dynamic conflict detection methods for authorization policies.By defining two new concepts,the precedence establishment rule and the conflict resolution policy,we provide a flexible approach to resolving conflicts.展开更多
Quantum authorization management(QAM)is the quantum scheme for privilege management infrastructure(PMI)problem.Privilege management(authorization management)includes authentication and authorization.Authentication is ...Quantum authorization management(QAM)is the quantum scheme for privilege management infrastructure(PMI)problem.Privilege management(authorization management)includes authentication and authorization.Authentication is to verify a user’s identity.Authorization is the process of verifying that a authenticated user has the authority to perform a operation,which is more fine-grained.In most classical schemes,the authority management center(AMC)manages the resources permissions for all network nodes within the jurisdiction.However,the existence of AMC may be the weakest link of the whole scheme.In this paper,a protocol for QAM without AMC is proposed based on entanglement swapping.In this protocol,Bob(the owner of resources)authenticates the legality of Alice(the user)and then shares the right key for the resources with Alice.Compared with the other existed QAM protocols,this protocol not only implements authentication,but also authorizes the user permissions to access certain resources or carry out certain actions.The authority division is extended to fin-grained rights division.The security is analyzed from the four aspects:the outsider’s attack,the user’s attack,authentication and comparison with the other two QAM protocols.展开更多
Due to the mobility of users in an organization,inclusion of dynamic attributes such as time and location becomes the major challenge in Ciphertext-Policy Attribute-Based Encryption(CP-ABE).By considering this challen...Due to the mobility of users in an organization,inclusion of dynamic attributes such as time and location becomes the major challenge in Ciphertext-Policy Attribute-Based Encryption(CP-ABE).By considering this challenge;we focus to present dynamic time and location information in CP-ABE with mul-ti-authorization.Atfirst,along with the set of attributes of the users,their corre-sponding location is also embedded.Geohash is used to encode the latitude and longitude of the user’s position.Then,decrypt time period and access time period of users are defined using the new time tree(NTT)structure.The NTT sets the encrypted duration of the encrypted data and the valid access time of the private key on the data user’s private key.Besides,single authorization of attribute authority(AA)is extended as multi authorization for enhancing the effectiveness of key generation.Simulation results depict that the proposed CP-ABE achieves better encryption time,decryption time,security level and memory usage.Namely,encryption time and decryption time of the proposed CP-ABE are reduced to 19%and 16%than that of existing CP-ABE scheme.展开更多
Based on logic programs, authorization conflicts and resolution strategies are analyzed through the explanation of some examples on the health care sector. A resolution scheme for handling conflicts in high level auth...Based on logic programs, authorization conflicts and resolution strategies are analyzed through the explanation of some examples on the health care sector. A resolution scheme for handling conflicts in high level authorization specification by using logic program with ordered disjunction (LPOD) is proposed. The scheme is useful for solving conflicts resulted from combining positive and negative authorization, complexity of authorization management, and less clarity of the specification. It can well specify kinds of conflicts (such as exceptional conflicts, potential conflicts), and is based on literals and dependent contexts. Thus it is expressive and available. It is shown that authorizations based on rules LPOD is very important both in theory and practice.展开更多
TrustedRBAC is a scalable, decentralized trust-management and access control mechanism for systems that span multiple autonomous domains. We utilize X.509 attri- bute certificates to define trust domains, roles to def...TrustedRBAC is a scalable, decentralized trust-management and access control mechanism for systems that span multiple autonomous domains. We utilize X.509 attri- bute certificates to define trust domains, roles to define controlled activities, and role delegation across domains to represent permissions to these activities. This paper describes the TrustedRBAC model and its scalable design and implementation.展开更多
A family of RBAC-based workflow authorization models, called RWAM, areproposed RWAM consists of a basic model and other models constructed from the basic model. The basicmodel provides the notion of temporal permissio...A family of RBAC-based workflow authorization models, called RWAM, areproposed RWAM consists of a basic model and other models constructed from the basic model. The basicmodel provides the notion of temporal permission which means that a user can perform certainoperation on a task only for a time interval, this not only ensure that only authorized users couldexecute a task but also ensure that the authorization flow is synchronised with workflow. The twoadvance models of RWAM deal with role hierarchy and constraints respectively RWAM ranges from simpleto complex and provides a general reference model for other researches and developments of suchareah.展开更多
To meet the authorization administration requirements in a distributedcomputer network environment, this paper extends the role-based access control model with multipleapplication dimensions and establishes a new acce...To meet the authorization administration requirements in a distributedcomputer network environment, this paper extends the role-based access control model with multipleapplication dimensions and establishes a new access control model ED-RBAC(Extended Role Based AccessControl Model) for the distributed environment. We propose an extendable hierarchical authorizationassignment framework and design effective role-registeringi role-applying and role-assigningprotocol with symmetric and asymmetric cryptographic systems. The model can be used to simplifyauthorization administration in a distributed environment with multiple applications.展开更多
Unpredicted load behaviour troubles traditional power system and becomes a main unstable factor. This paper pro poses a digitalized power system based on synthetical transmission carrier which makes the power system a...Unpredicted load behaviour troubles traditional power system and becomes a main unstable factor. This paper pro poses a digitalized power system based on synthetical transmission carrier which makes the power system also serves as a data communication system with the same structure. Loads get authorized before powered on, so their behaviour is predictable. Digitalized power system includes such basic units as digital power source, hub and load. Their concepts are explained, their behaviour and implements arc also described in detail. Real time distribution of residual power is applied, which makes prompt authorization possible. Communication protocol and load address assignments are also presented in this paper. A prototype is built and the results verify the effect of the new proposed power system.展开更多
文摘Should the article be accepted and published by Meteorological and Environmental Research,the author hereby grants exclusively to the editorial department of Meteorological and Environmental Research the digital reproduction,distribution,compilation and information network transmission rights.
文摘Should the article be accepted and published by Agricultural Science&Technology,the author hereby grants exclusively to the editorial department of Agricultural Science&Technology the digital reproduction,distribution,compilation and information network transmission rights.
文摘Should the article be accepted and published by Meteorological and Environmental Research,the author hereby grants exclusively to the editorial department of Meteorological and Environmental Research the digital reproduction,distribution,compilation and information network transmission rights.
文摘Should the article be accepted and published by Meteorological and Environmental Research,the author hereby grants exclusively to the editorial department of Meteorological and Environmental Research the digital reproduction,distribution,compilation and information network transmission rights.
文摘Should the article be accepted and published by Agricultural Science&Technology,the author hereby grants exclusively to the editorial department of Agricultural Science&Technology the digital reproduction,distribution,compilation and information network transmission rights.
文摘International Journal of Minerals,Metallurgy and Materials is dedicated to the publication and the dissemination of original research articles (and occasional invited reviews) in the fields of Minerals,Metallurgy and Materials.It is covered by EI Compendex,SCI Expanded,Chemical Abstract,etc.Manuscript preparation The following components are required for a complete manuscript:Title,Author(s),Author affiliation(s),Abstract,Keywords,Main text,Acknowledgements and References.
基金supported by Basic Science Research Program through the National Research Foundation of Korea(NRF)funded by the Ministry of Education(No.2022R1I1A3063257)supported by Electronics and Telecommunications Research Institute(ETRI)grant funded by the Korean Government[22ZR1300,Research on Intelligent Cyber Security and Trust Infra].
文摘These days,data is regarded as a valuable asset in the era of the data economy,which demands a trading platform for buying and selling data.However,online data trading poses challenges in terms of security and fairness because the seller and the buyer may not fully trust each other.Therefore,in this paper,a blockchain-based secure and fair data trading system is proposed by taking advantage of the smart contract and matchmaking encryption.The proposed system enables bilateral authorization,where data trading between a seller and a buyer is accomplished only if their policies,required by each other,are satisfied simultaneously.This can be achieved by exploiting the security features of the matchmaking encryption.To guarantee non-repudiation and fairness between trading parties,the proposed system leverages a smart contract to ensure that the parties honestly carry out the data trading protocol.However,the smart contract in the proposed system does not include complex cryptographic operations for the efficiency of onchain processes.Instead,these operations are carried out by off-chain parties and their results are used as input for the on-chain procedure.The system also uses an arbitration protocol to resolve disputes based on the trading proof recorded on the blockchain.The performance of the protocol is evaluated in terms of off-chain computation overhead and on-chain gas consumption.The results of the experiments demonstrate that the proposed protocols can enable the implementation of a cost-effective data trading system.
基金Supported by the National Natural Science Foundation of China (60403027)
文摘Authorization management is important precondition and foundation for coordinating and resource sharing in open networks. Recently, authorization based on trust is widely used whereby access rights to shared resource are granted on the basis of their trust relation in distributed environment. Nevertheless, dynamic change of the status of credential and chain of trust induces to uncertainty of trust relation. Considering uncertainty of authorization and analyzing deficiency of authorization model only based on trust, we proposes joint trust-risk evaluation and build the model based on fuzzy set theory, and make use of the membership grade of fuzzy set to express joint trust-risk relation. Finally, derivation principle and constraint principle of joint trust-risk relationships are presented. The authorization management model is defined based on joint trust-risk evaluation, proof of compliance and separation of duty are analyzed. The proposed model depicts not only trust relationship between principals, but also security problem of authorization.
文摘A workflow authorization model based on credentials was proposesed. It can nicely satisfy the features that workflows in actual application should satisfying. This model uses access control list based on task state which nicely ensure synchronizing authorization flow with workflow; specifies authorization policy not only based on user identifiers but also based on user qualifications and characteristics; defines a set of constraint rules for a task and seek the eligible users to execute the task according to the type of each constraint rule which realize dynamic separation of duty; and realizes the access granularity of authorization ranging from objects to specific parts of objects which ensure the least privilege constraints much more better.
基金supported by the National Natural Science Foundation of China (Nos.50705084 and 60473129)the Science and Technology Plan of Zhejiang Province,China (No.2007C13018)
文摘The specification of authorization policies in access control models proposed so far cannot satisfy the requirements in workflow management systems(WFMSs).Furthermore,existing approaches have not provided effective conflict detection and resolution methods to maintain the consistency of authorization polices in WFMSs.To address these concerns,we propose the definition of authorization policies in which context constraints are considered and the complicated requirements in WFMSs can be satisfied.Based on the definition,we put forward static and dynamic conflict detection methods for authorization policies.By defining two new concepts,the precedence establishment rule and the conflict resolution policy,we provide a flexible approach to resolving conflicts.
文摘Quantum authorization management(QAM)is the quantum scheme for privilege management infrastructure(PMI)problem.Privilege management(authorization management)includes authentication and authorization.Authentication is to verify a user’s identity.Authorization is the process of verifying that a authenticated user has the authority to perform a operation,which is more fine-grained.In most classical schemes,the authority management center(AMC)manages the resources permissions for all network nodes within the jurisdiction.However,the existence of AMC may be the weakest link of the whole scheme.In this paper,a protocol for QAM without AMC is proposed based on entanglement swapping.In this protocol,Bob(the owner of resources)authenticates the legality of Alice(the user)and then shares the right key for the resources with Alice.Compared with the other existed QAM protocols,this protocol not only implements authentication,but also authorizes the user permissions to access certain resources or carry out certain actions.The authority division is extended to fin-grained rights division.The security is analyzed from the four aspects:the outsider’s attack,the user’s attack,authentication and comparison with the other two QAM protocols.
文摘Due to the mobility of users in an organization,inclusion of dynamic attributes such as time and location becomes the major challenge in Ciphertext-Policy Attribute-Based Encryption(CP-ABE).By considering this challenge;we focus to present dynamic time and location information in CP-ABE with mul-ti-authorization.Atfirst,along with the set of attributes of the users,their corre-sponding location is also embedded.Geohash is used to encode the latitude and longitude of the user’s position.Then,decrypt time period and access time period of users are defined using the new time tree(NTT)structure.The NTT sets the encrypted duration of the encrypted data and the valid access time of the private key on the data user’s private key.Besides,single authorization of attribute authority(AA)is extended as multi authorization for enhancing the effectiveness of key generation.Simulation results depict that the proposed CP-ABE achieves better encryption time,decryption time,security level and memory usage.Namely,encryption time and decryption time of the proposed CP-ABE are reduced to 19%and 16%than that of existing CP-ABE scheme.
基金the National Natural Science Foundation of China (60573009,90718009)
文摘Based on logic programs, authorization conflicts and resolution strategies are analyzed through the explanation of some examples on the health care sector. A resolution scheme for handling conflicts in high level authorization specification by using logic program with ordered disjunction (LPOD) is proposed. The scheme is useful for solving conflicts resulted from combining positive and negative authorization, complexity of authorization management, and less clarity of the specification. It can well specify kinds of conflicts (such as exceptional conflicts, potential conflicts), and is based on literals and dependent contexts. Thus it is expressive and available. It is shown that authorizations based on rules LPOD is very important both in theory and practice.
文摘TrustedRBAC is a scalable, decentralized trust-management and access control mechanism for systems that span multiple autonomous domains. We utilize X.509 attri- bute certificates to define trust domains, roles to define controlled activities, and role delegation across domains to represent permissions to these activities. This paper describes the TrustedRBAC model and its scalable design and implementation.
文摘A family of RBAC-based workflow authorization models, called RWAM, areproposed RWAM consists of a basic model and other models constructed from the basic model. The basicmodel provides the notion of temporal permission which means that a user can perform certainoperation on a task only for a time interval, this not only ensure that only authorized users couldexecute a task but also ensure that the authorization flow is synchronised with workflow. The twoadvance models of RWAM deal with role hierarchy and constraints respectively RWAM ranges from simpleto complex and provides a general reference model for other researches and developments of suchareah.
文摘To meet the authorization administration requirements in a distributedcomputer network environment, this paper extends the role-based access control model with multipleapplication dimensions and establishes a new access control model ED-RBAC(Extended Role Based AccessControl Model) for the distributed environment. We propose an extendable hierarchical authorizationassignment framework and design effective role-registeringi role-applying and role-assigningprotocol with symmetric and asymmetric cryptographic systems. The model can be used to simplifyauthorization administration in a distributed environment with multiple applications.
文摘Unpredicted load behaviour troubles traditional power system and becomes a main unstable factor. This paper pro poses a digitalized power system based on synthetical transmission carrier which makes the power system also serves as a data communication system with the same structure. Loads get authorized before powered on, so their behaviour is predictable. Digitalized power system includes such basic units as digital power source, hub and load. Their concepts are explained, their behaviour and implements arc also described in detail. Real time distribution of residual power is applied, which makes prompt authorization possible. Communication protocol and load address assignments are also presented in this paper. A prototype is built and the results verify the effect of the new proposed power system.
