Separation issue is one of the most important problems about cloud computing security. Tenants should be separated from each other based on cloud infrastructure and different users from one tenant should be separated ...Separation issue is one of the most important problems about cloud computing security. Tenants should be separated from each other based on cloud infrastructure and different users from one tenant should be separated from each other with the constraint of security policies. Learning from the notion of trusted cloud computing and trustworthiness in cloud, in this paper, a multi-level authorization separation model is formally described, and a series of rules are proposed to summarize the separation property of this model. The correctness of the rules is proved. Furthermore, based on this model, a tenant separation mechanism is deployed in a real world mixed-critical information system. Performance benchmarks have shown the availability and efficiency of this mechanism.展开更多
Should the article be accepted and published by Meteorological and Environmental Research , the author hereby grants exclusively to the editorial department of Meteorological and Environmental Research the digital rep...Should the article be accepted and published by Meteorological and Environmental Research , the author hereby grants exclusively to the editorial department of Meteorological and Environmental Research the digital reproduction, distribution, compilation and information network transmission rights.展开更多
Should the article be accepted and published by Meteorological and Environmental Research,the author hereby grants exclusively to the editorial department of Meteorological and Environmental Research the digital repro...Should the article be accepted and published by Meteorological and Environmental Research,the author hereby grants exclusively to the editorial department of Meteorological and Environmental Research the digital reproduction,distribution,compilation and information network transmission rights.展开更多
Should the article be accepted and published by Agricultural Science&Technology,the author hereby grants exclusively to the editorial department of Agricultural Science&Technology the digital reproduction,dist...Should the article be accepted and published by Agricultural Science&Technology,the author hereby grants exclusively to the editorial department of Agricultural Science&Technology the digital reproduction,distribution,compilation and information network transmission rights.展开更多
Should the article be accepted and published by Meteorological and Environmental Research,the author hereby grants exclusively to the editorial department of Meteorological and Environmental Research the digital repro...Should the article be accepted and published by Meteorological and Environmental Research,the author hereby grants exclusively to the editorial department of Meteorological and Environmental Research the digital reproduction,distribution,compilation and information network transmission rights.展开更多
Should the article be accepted and published by Meteorological and Environmental Research,the author hereby grants exclusively to the editorial department of Meteorological and Environmental Research the digital repro...Should the article be accepted and published by Meteorological and Environmental Research,the author hereby grants exclusively to the editorial department of Meteorological and Environmental Research the digital reproduction,distribution,compilation and information network transmission rights.展开更多
Should the article be accepted and published by Agricultural Science&Technology,the author hereby grants exclusively to the editorial department of Agricultural Science&Technology the digital reproduction,dist...Should the article be accepted and published by Agricultural Science&Technology,the author hereby grants exclusively to the editorial department of Agricultural Science&Technology the digital reproduction,distribution,compilation and information network transmission rights.展开更多
The influence of different solution and aging conditions on the microstructure,impact toughness,and crack initiation and propagation mechanisms of the novel α+β titanium alloy Ti6422 was systematically investigated....The influence of different solution and aging conditions on the microstructure,impact toughness,and crack initiation and propagation mechanisms of the novel α+β titanium alloy Ti6422 was systematically investigated.By adjusting the furnace cooling time after solution treatment and the aging temperature,Ti6422 alloy samples were developed with a multi-level lamellar microstructure,in-cluding microscaleαcolonies and α_(p) lamellae,as well as nanoscale α_(s) phases.Extending the furnace cooling time after solution treatment at 920℃ for 1 h from 240 to 540 min,followed by aging at 600℃ for 6 h,increased the α_(p) lamella content,reduced the α_(s) phase content,expanded theαcolonies and α_(p) lamellae size,and improved the impact toughness from 22.7 to 53.8 J/cm^(2).Additionally,under the same solution treatment,raising the aging temperature from 500 to 700℃ resulted in a decrease in the α_(s) phase content and a growth in the thickness of the α_(p) lamella and α_(s) phase.The impact toughness increased significantly with these changes.Samples with high α_(p) lamellae content or large α_(s) phase size exhibited high crack initiation and propagation energies.Impact deformation caused severe kinking of the α_(p) lamellae in crack initiation and propagation areas,leading to a uniform and high-density kernel average misorientation(KAM)distribu-tion,enhancing plastic deformation coordination and uniformity.Moreover,the multidirectional arrangement of coarserαcolonies and α_(p) lamellae continuously deflect the crack propagation direction,inhibiting crack propagation.展开更多
Objective:To systematically review the current implementation status of nurses’non-pharmacological prescription authority and analyze the barriers encountered during its implementation in China,providing countermeasu...Objective:To systematically review the current implementation status of nurses’non-pharmacological prescription authority and analyze the barriers encountered during its implementation in China,providing countermeasures and references for promoting the standardized implementation of nurses’non-pharmacological prescription authority.Methods:A secondary analysis of literature was conducted to systematically search for domestic and international literature related to nurses’non-pharmacological prescription authority.Meta-analysis was performed on eligible literature to evaluate the implementation effects.Simultaneously,semi-structured in-depth interviews were conducted with healthcare workers,patients,and policymakers.Content analysis was used to organize the interview data and extract core issues and barriers.Results:A total of 46 international articles were included in the Meta-analysis,which revealed that the implementation of nurses’non-pharmacological prescription authority significantly improved patients’health management outcomes,enhanced healthcare service efficiency,and increased patient satisfaction.Conclusion:The implementation of nurses’non-pharmacological prescription authority has demonstrated significant positive effects.However,China faces multiple barriers in its advancement,necessitating efforts in optimizing policy systems,constructing collaborative models,strengthening professional skills training,and improving social awareness to guide the scientific and rational implementation of nurses’non-pharmacological prescription authority.展开更多
Drug products are specific goods with safety and effectiveness in medical health case.All of researchers(authors),reviewers,and editors must abide by medical ethical obligation,and also must deter to the ethical oblig...Drug products are specific goods with safety and effectiveness in medical health case.All of researchers(authors),reviewers,and editors must abide by medical ethical obligation,and also must deter to the ethical obligation for publication.These guidelines are offered as ethical behavior standards.We now present a set of ethical guidelines for persons engaged in the publication of drug research,specifically,for editors,authors,and reviewers.We believe that the guidelines offered are understood and subscribed to by the pharmaceutical research scientists.They may be helpful to those who are related to the editors,authors,and reviewers of journal publication.展开更多
International Journal of Minerals,Metallurgy and Materials is dedicated to the publication and the dissemination of original research articles (and occasional invited reviews) in the fields of Minerals,Metallurgy and ...International Journal of Minerals,Metallurgy and Materials is dedicated to the publication and the dissemination of original research articles (and occasional invited reviews) in the fields of Minerals,Metallurgy and Materials.It is covered by EI Compendex,SCI Expanded,Chemical Abstract,etc.Manuscript preparation The following components are required for a complete manuscript:Title,Author(s),Author affiliation(s),Abstract,Keywords,Main text,Acknowledgements and References.展开更多
A workflow authorization model based on credentials was proposesed. It can nicely satisfy the features that workflows in actual application should satisfying. This model uses access control list based on task state wh...A workflow authorization model based on credentials was proposesed. It can nicely satisfy the features that workflows in actual application should satisfying. This model uses access control list based on task state which nicely ensure synchronizing authorization flow with workflow; specifies authorization policy not only based on user identifiers but also based on user qualifications and characteristics; defines a set of constraint rules for a task and seek the eligible users to execute the task according to the type of each constraint rule which realize dynamic separation of duty; and realizes the access granularity of authorization ranging from objects to specific parts of objects which ensure the least privilege constraints much more better.展开更多
Authorization management is important precondition and foundation for coordinating and resource sharing in open networks. Recently, authorization based on trust is widely used whereby access rights to shared resource ...Authorization management is important precondition and foundation for coordinating and resource sharing in open networks. Recently, authorization based on trust is widely used whereby access rights to shared resource are granted on the basis of their trust relation in distributed environment. Nevertheless, dynamic change of the status of credential and chain of trust induces to uncertainty of trust relation. Considering uncertainty of authorization and analyzing deficiency of authorization model only based on trust, we proposes joint trust-risk evaluation and build the model based on fuzzy set theory, and make use of the membership grade of fuzzy set to express joint trust-risk relation. Finally, derivation principle and constraint principle of joint trust-risk relationships are presented. The authorization management model is defined based on joint trust-risk evaluation, proof of compliance and separation of duty are analyzed. The proposed model depicts not only trust relationship between principals, but also security problem of authorization.展开更多
These days,data is regarded as a valuable asset in the era of the data economy,which demands a trading platform for buying and selling data.However,online data trading poses challenges in terms of security and fairnes...These days,data is regarded as a valuable asset in the era of the data economy,which demands a trading platform for buying and selling data.However,online data trading poses challenges in terms of security and fairness because the seller and the buyer may not fully trust each other.Therefore,in this paper,a blockchain-based secure and fair data trading system is proposed by taking advantage of the smart contract and matchmaking encryption.The proposed system enables bilateral authorization,where data trading between a seller and a buyer is accomplished only if their policies,required by each other,are satisfied simultaneously.This can be achieved by exploiting the security features of the matchmaking encryption.To guarantee non-repudiation and fairness between trading parties,the proposed system leverages a smart contract to ensure that the parties honestly carry out the data trading protocol.However,the smart contract in the proposed system does not include complex cryptographic operations for the efficiency of onchain processes.Instead,these operations are carried out by off-chain parties and their results are used as input for the on-chain procedure.The system also uses an arbitration protocol to resolve disputes based on the trading proof recorded on the blockchain.The performance of the protocol is evaluated in terms of off-chain computation overhead and on-chain gas consumption.The results of the experiments demonstrate that the proposed protocols can enable the implementation of a cost-effective data trading system.展开更多
Quantum authorization management(QAM)is the quantum scheme for privilege management infrastructure(PMI)problem.Privilege management(authorization management)includes authentication and authorization.Authentication is ...Quantum authorization management(QAM)is the quantum scheme for privilege management infrastructure(PMI)problem.Privilege management(authorization management)includes authentication and authorization.Authentication is to verify a user’s identity.Authorization is the process of verifying that a authenticated user has the authority to perform a operation,which is more fine-grained.In most classical schemes,the authority management center(AMC)manages the resources permissions for all network nodes within the jurisdiction.However,the existence of AMC may be the weakest link of the whole scheme.In this paper,a protocol for QAM without AMC is proposed based on entanglement swapping.In this protocol,Bob(the owner of resources)authenticates the legality of Alice(the user)and then shares the right key for the resources with Alice.Compared with the other existed QAM protocols,this protocol not only implements authentication,but also authorizes the user permissions to access certain resources or carry out certain actions.The authority division is extended to fin-grained rights division.The security is analyzed from the four aspects:the outsider’s attack,the user’s attack,authentication and comparison with the other two QAM protocols.展开更多
The specification of authorization policies in access control models proposed so far cannot satisfy the requirements in workflow management systems(WFMSs).Furthermore,existing approaches have not provided effective co...The specification of authorization policies in access control models proposed so far cannot satisfy the requirements in workflow management systems(WFMSs).Furthermore,existing approaches have not provided effective conflict detection and resolution methods to maintain the consistency of authorization polices in WFMSs.To address these concerns,we propose the definition of authorization policies in which context constraints are considered and the complicated requirements in WFMSs can be satisfied.Based on the definition,we put forward static and dynamic conflict detection methods for authorization policies.By defining two new concepts,the precedence establishment rule and the conflict resolution policy,we provide a flexible approach to resolving conflicts.展开更多
Due to the mobility of users in an organization,inclusion of dynamic attributes such as time and location becomes the major challenge in Ciphertext-Policy Attribute-Based Encryption(CP-ABE).By considering this challen...Due to the mobility of users in an organization,inclusion of dynamic attributes such as time and location becomes the major challenge in Ciphertext-Policy Attribute-Based Encryption(CP-ABE).By considering this challenge;we focus to present dynamic time and location information in CP-ABE with mul-ti-authorization.Atfirst,along with the set of attributes of the users,their corre-sponding location is also embedded.Geohash is used to encode the latitude and longitude of the user’s position.Then,decrypt time period and access time period of users are defined using the new time tree(NTT)structure.The NTT sets the encrypted duration of the encrypted data and the valid access time of the private key on the data user’s private key.Besides,single authorization of attribute authority(AA)is extended as multi authorization for enhancing the effectiveness of key generation.Simulation results depict that the proposed CP-ABE achieves better encryption time,decryption time,security level and memory usage.Namely,encryption time and decryption time of the proposed CP-ABE are reduced to 19%and 16%than that of existing CP-ABE scheme.展开更多
Based on logic programs, authorization conflicts and resolution strategies are analyzed through the explanation of some examples on the health care sector. A resolution scheme for handling conflicts in high level auth...Based on logic programs, authorization conflicts and resolution strategies are analyzed through the explanation of some examples on the health care sector. A resolution scheme for handling conflicts in high level authorization specification by using logic program with ordered disjunction (LPOD) is proposed. The scheme is useful for solving conflicts resulted from combining positive and negative authorization, complexity of authorization management, and less clarity of the specification. It can well specify kinds of conflicts (such as exceptional conflicts, potential conflicts), and is based on literals and dependent contexts. Thus it is expressive and available. It is shown that authorizations based on rules LPOD is very important both in theory and practice.展开更多
A family of RBAC-based workflow authorization models, called RWAM, areproposed RWAM consists of a basic model and other models constructed from the basic model. The basicmodel provides the notion of temporal permissio...A family of RBAC-based workflow authorization models, called RWAM, areproposed RWAM consists of a basic model and other models constructed from the basic model. The basicmodel provides the notion of temporal permission which means that a user can perform certainoperation on a task only for a time interval, this not only ensure that only authorized users couldexecute a task but also ensure that the authorization flow is synchronised with workflow. The twoadvance models of RWAM deal with role hierarchy and constraints respectively RWAM ranges from simpleto complex and provides a general reference model for other researches and developments of suchareah.展开更多
TrustedRBAC is a scalable, decentralized trust-management and access control mechanism for systems that span multiple autonomous domains. We utilize X.509 attri- bute certificates to define trust domains, roles to def...TrustedRBAC is a scalable, decentralized trust-management and access control mechanism for systems that span multiple autonomous domains. We utilize X.509 attri- bute certificates to define trust domains, roles to define controlled activities, and role delegation across domains to represent permissions to these activities. This paper describes the TrustedRBAC model and its scalable design and implementation.展开更多
基金supported by the Fundamental Research funds for the central Universities of China (No. K15JB00190)the Ph.D. Programs Foundation of Ministry of Education of China (No. 20120009120010)the Program for Innovative Research Team in University of Ministry of Education of China (IRT201206)
文摘Separation issue is one of the most important problems about cloud computing security. Tenants should be separated from each other based on cloud infrastructure and different users from one tenant should be separated from each other with the constraint of security policies. Learning from the notion of trusted cloud computing and trustworthiness in cloud, in this paper, a multi-level authorization separation model is formally described, and a series of rules are proposed to summarize the separation property of this model. The correctness of the rules is proved. Furthermore, based on this model, a tenant separation mechanism is deployed in a real world mixed-critical information system. Performance benchmarks have shown the availability and efficiency of this mechanism.
文摘Should the article be accepted and published by Meteorological and Environmental Research , the author hereby grants exclusively to the editorial department of Meteorological and Environmental Research the digital reproduction, distribution, compilation and information network transmission rights.
文摘Should the article be accepted and published by Meteorological and Environmental Research,the author hereby grants exclusively to the editorial department of Meteorological and Environmental Research the digital reproduction,distribution,compilation and information network transmission rights.
文摘Should the article be accepted and published by Agricultural Science&Technology,the author hereby grants exclusively to the editorial department of Agricultural Science&Technology the digital reproduction,distribution,compilation and information network transmission rights.
文摘Should the article be accepted and published by Meteorological and Environmental Research,the author hereby grants exclusively to the editorial department of Meteorological and Environmental Research the digital reproduction,distribution,compilation and information network transmission rights.
文摘Should the article be accepted and published by Meteorological and Environmental Research,the author hereby grants exclusively to the editorial department of Meteorological and Environmental Research the digital reproduction,distribution,compilation and information network transmission rights.
文摘Should the article be accepted and published by Agricultural Science&Technology,the author hereby grants exclusively to the editorial department of Agricultural Science&Technology the digital reproduction,distribution,compilation and information network transmission rights.
基金supported by the National Natural Science Foundation of China(No.52090041).
文摘The influence of different solution and aging conditions on the microstructure,impact toughness,and crack initiation and propagation mechanisms of the novel α+β titanium alloy Ti6422 was systematically investigated.By adjusting the furnace cooling time after solution treatment and the aging temperature,Ti6422 alloy samples were developed with a multi-level lamellar microstructure,in-cluding microscaleαcolonies and α_(p) lamellae,as well as nanoscale α_(s) phases.Extending the furnace cooling time after solution treatment at 920℃ for 1 h from 240 to 540 min,followed by aging at 600℃ for 6 h,increased the α_(p) lamella content,reduced the α_(s) phase content,expanded theαcolonies and α_(p) lamellae size,and improved the impact toughness from 22.7 to 53.8 J/cm^(2).Additionally,under the same solution treatment,raising the aging temperature from 500 to 700℃ resulted in a decrease in the α_(s) phase content and a growth in the thickness of the α_(p) lamella and α_(s) phase.The impact toughness increased significantly with these changes.Samples with high α_(p) lamellae content or large α_(s) phase size exhibited high crack initiation and propagation energies.Impact deformation caused severe kinking of the α_(p) lamellae in crack initiation and propagation areas,leading to a uniform and high-density kernel average misorientation(KAM)distribu-tion,enhancing plastic deformation coordination and uniformity.Moreover,the multidirectional arrangement of coarserαcolonies and α_(p) lamellae continuously deflect the crack propagation direction,inhibiting crack propagation.
基金Scientific Research Fund Project of Yunnan Provincial Department of Education(Project No.:2024J2130)。
文摘Objective:To systematically review the current implementation status of nurses’non-pharmacological prescription authority and analyze the barriers encountered during its implementation in China,providing countermeasures and references for promoting the standardized implementation of nurses’non-pharmacological prescription authority.Methods:A secondary analysis of literature was conducted to systematically search for domestic and international literature related to nurses’non-pharmacological prescription authority.Meta-analysis was performed on eligible literature to evaluate the implementation effects.Simultaneously,semi-structured in-depth interviews were conducted with healthcare workers,patients,and policymakers.Content analysis was used to organize the interview data and extract core issues and barriers.Results:A total of 46 international articles were included in the Meta-analysis,which revealed that the implementation of nurses’non-pharmacological prescription authority significantly improved patients’health management outcomes,enhanced healthcare service efficiency,and increased patient satisfaction.Conclusion:The implementation of nurses’non-pharmacological prescription authority has demonstrated significant positive effects.However,China faces multiple barriers in its advancement,necessitating efforts in optimizing policy systems,constructing collaborative models,strengthening professional skills training,and improving social awareness to guide the scientific and rational implementation of nurses’non-pharmacological prescription authority.
文摘Drug products are specific goods with safety and effectiveness in medical health case.All of researchers(authors),reviewers,and editors must abide by medical ethical obligation,and also must deter to the ethical obligation for publication.These guidelines are offered as ethical behavior standards.We now present a set of ethical guidelines for persons engaged in the publication of drug research,specifically,for editors,authors,and reviewers.We believe that the guidelines offered are understood and subscribed to by the pharmaceutical research scientists.They may be helpful to those who are related to the editors,authors,and reviewers of journal publication.
文摘International Journal of Minerals,Metallurgy and Materials is dedicated to the publication and the dissemination of original research articles (and occasional invited reviews) in the fields of Minerals,Metallurgy and Materials.It is covered by EI Compendex,SCI Expanded,Chemical Abstract,etc.Manuscript preparation The following components are required for a complete manuscript:Title,Author(s),Author affiliation(s),Abstract,Keywords,Main text,Acknowledgements and References.
文摘A workflow authorization model based on credentials was proposesed. It can nicely satisfy the features that workflows in actual application should satisfying. This model uses access control list based on task state which nicely ensure synchronizing authorization flow with workflow; specifies authorization policy not only based on user identifiers but also based on user qualifications and characteristics; defines a set of constraint rules for a task and seek the eligible users to execute the task according to the type of each constraint rule which realize dynamic separation of duty; and realizes the access granularity of authorization ranging from objects to specific parts of objects which ensure the least privilege constraints much more better.
基金Supported by the National Natural Science Foundation of China (60403027)
文摘Authorization management is important precondition and foundation for coordinating and resource sharing in open networks. Recently, authorization based on trust is widely used whereby access rights to shared resource are granted on the basis of their trust relation in distributed environment. Nevertheless, dynamic change of the status of credential and chain of trust induces to uncertainty of trust relation. Considering uncertainty of authorization and analyzing deficiency of authorization model only based on trust, we proposes joint trust-risk evaluation and build the model based on fuzzy set theory, and make use of the membership grade of fuzzy set to express joint trust-risk relation. Finally, derivation principle and constraint principle of joint trust-risk relationships are presented. The authorization management model is defined based on joint trust-risk evaluation, proof of compliance and separation of duty are analyzed. The proposed model depicts not only trust relationship between principals, but also security problem of authorization.
基金supported by Basic Science Research Program through the National Research Foundation of Korea(NRF)funded by the Ministry of Education(No.2022R1I1A3063257)supported by Electronics and Telecommunications Research Institute(ETRI)grant funded by the Korean Government[22ZR1300,Research on Intelligent Cyber Security and Trust Infra].
文摘These days,data is regarded as a valuable asset in the era of the data economy,which demands a trading platform for buying and selling data.However,online data trading poses challenges in terms of security and fairness because the seller and the buyer may not fully trust each other.Therefore,in this paper,a blockchain-based secure and fair data trading system is proposed by taking advantage of the smart contract and matchmaking encryption.The proposed system enables bilateral authorization,where data trading between a seller and a buyer is accomplished only if their policies,required by each other,are satisfied simultaneously.This can be achieved by exploiting the security features of the matchmaking encryption.To guarantee non-repudiation and fairness between trading parties,the proposed system leverages a smart contract to ensure that the parties honestly carry out the data trading protocol.However,the smart contract in the proposed system does not include complex cryptographic operations for the efficiency of onchain processes.Instead,these operations are carried out by off-chain parties and their results are used as input for the on-chain procedure.The system also uses an arbitration protocol to resolve disputes based on the trading proof recorded on the blockchain.The performance of the protocol is evaluated in terms of off-chain computation overhead and on-chain gas consumption.The results of the experiments demonstrate that the proposed protocols can enable the implementation of a cost-effective data trading system.
文摘Quantum authorization management(QAM)is the quantum scheme for privilege management infrastructure(PMI)problem.Privilege management(authorization management)includes authentication and authorization.Authentication is to verify a user’s identity.Authorization is the process of verifying that a authenticated user has the authority to perform a operation,which is more fine-grained.In most classical schemes,the authority management center(AMC)manages the resources permissions for all network nodes within the jurisdiction.However,the existence of AMC may be the weakest link of the whole scheme.In this paper,a protocol for QAM without AMC is proposed based on entanglement swapping.In this protocol,Bob(the owner of resources)authenticates the legality of Alice(the user)and then shares the right key for the resources with Alice.Compared with the other existed QAM protocols,this protocol not only implements authentication,but also authorizes the user permissions to access certain resources or carry out certain actions.The authority division is extended to fin-grained rights division.The security is analyzed from the four aspects:the outsider’s attack,the user’s attack,authentication and comparison with the other two QAM protocols.
基金supported by the National Natural Science Foundation of China (Nos.50705084 and 60473129)the Science and Technology Plan of Zhejiang Province,China (No.2007C13018)
文摘The specification of authorization policies in access control models proposed so far cannot satisfy the requirements in workflow management systems(WFMSs).Furthermore,existing approaches have not provided effective conflict detection and resolution methods to maintain the consistency of authorization polices in WFMSs.To address these concerns,we propose the definition of authorization policies in which context constraints are considered and the complicated requirements in WFMSs can be satisfied.Based on the definition,we put forward static and dynamic conflict detection methods for authorization policies.By defining two new concepts,the precedence establishment rule and the conflict resolution policy,we provide a flexible approach to resolving conflicts.
文摘Due to the mobility of users in an organization,inclusion of dynamic attributes such as time and location becomes the major challenge in Ciphertext-Policy Attribute-Based Encryption(CP-ABE).By considering this challenge;we focus to present dynamic time and location information in CP-ABE with mul-ti-authorization.Atfirst,along with the set of attributes of the users,their corre-sponding location is also embedded.Geohash is used to encode the latitude and longitude of the user’s position.Then,decrypt time period and access time period of users are defined using the new time tree(NTT)structure.The NTT sets the encrypted duration of the encrypted data and the valid access time of the private key on the data user’s private key.Besides,single authorization of attribute authority(AA)is extended as multi authorization for enhancing the effectiveness of key generation.Simulation results depict that the proposed CP-ABE achieves better encryption time,decryption time,security level and memory usage.Namely,encryption time and decryption time of the proposed CP-ABE are reduced to 19%and 16%than that of existing CP-ABE scheme.
基金the National Natural Science Foundation of China (60573009,90718009)
文摘Based on logic programs, authorization conflicts and resolution strategies are analyzed through the explanation of some examples on the health care sector. A resolution scheme for handling conflicts in high level authorization specification by using logic program with ordered disjunction (LPOD) is proposed. The scheme is useful for solving conflicts resulted from combining positive and negative authorization, complexity of authorization management, and less clarity of the specification. It can well specify kinds of conflicts (such as exceptional conflicts, potential conflicts), and is based on literals and dependent contexts. Thus it is expressive and available. It is shown that authorizations based on rules LPOD is very important both in theory and practice.
文摘A family of RBAC-based workflow authorization models, called RWAM, areproposed RWAM consists of a basic model and other models constructed from the basic model. The basicmodel provides the notion of temporal permission which means that a user can perform certainoperation on a task only for a time interval, this not only ensure that only authorized users couldexecute a task but also ensure that the authorization flow is synchronised with workflow. The twoadvance models of RWAM deal with role hierarchy and constraints respectively RWAM ranges from simpleto complex and provides a general reference model for other researches and developments of suchareah.
文摘TrustedRBAC is a scalable, decentralized trust-management and access control mechanism for systems that span multiple autonomous domains. We utilize X.509 attri- bute certificates to define trust domains, roles to define controlled activities, and role delegation across domains to represent permissions to these activities. This paper describes the TrustedRBAC model and its scalable design and implementation.
