Trust management system has been a promising approach to solve the access control problems in open multi-domain environments. However, the calculation of trust and the delivery of the trust are not addressed effective...Trust management system has been a promising approach to solve the access control problems in open multi-domain environments. However, the calculation of trust and the delivery of the trust are not addressed effectively in the existing trust management systems. To address the problems, this paper proposes a scheme of trust calculation and delivery control. Compared with the other schemes, it is simpler and more flexible, and also easier to be implemented.展开更多
The conception of trusted network connection (TNC) is introduced, and the weakness of TNC to control user's action is analyzed. After this, the paper brings out a set of secure access and control model based on acc...The conception of trusted network connection (TNC) is introduced, and the weakness of TNC to control user's action is analyzed. After this, the paper brings out a set of secure access and control model based on access, authorization and control, and related authentication protocol. At last the security of this model is analyzed. The model can improve TNC's security of user control and authorization.展开更多
In the field of civil engineering, magnetorheological fluid (MRF) damper-based semi-active control systems have received considerable attention for use in protecting structures from natural hazards such as strong ea...In the field of civil engineering, magnetorheological fluid (MRF) damper-based semi-active control systems have received considerable attention for use in protecting structures from natural hazards such as strong earthquakes and high winds. In this paper, the MRF damper-based semi-active control system is applied to a long-span spatially extended structure and its feasibility is discussed. Meanwhile, a _trust-region method based instantaneous optimal semi-active control algorithm (TIOC) is proposed to improve the performance of the semi-active control system in a multiple damper situation. The proposed TIOC describes the control process as a bounded constraint optimization problem, in which an optimal semi- active control force vector is solved by the trust-region method in every control step to minimize the structural responses. A numerical example of a railway station roof structure installed with MRF-04K dampers is presented. First, a modified Bouc- Wen model is utilized to describe the behavior of the selected MRF-04K damper. Then, two semi-active control systems, including the well-known clipped-optimal controller and the proposed TIOC controller, are considered. Based on the characteristics of the long-span spatially extended structure, the performance of the control system is evaluated under uniform earthquake excitation and travelling-wave excitation with different apparent velocities. The simulation results indicate that the MR fluid damper-based semi-active control systems have the potential to mitigate the responses of full-scale long-span spatially extended structures under earthquake hazards. The superiority of the proposed TIOC controller is demonstrated by comparing its control effectiveness with the clipped-optimal controller for several different cases.展开更多
The current multicast model provides no access control mechanism. Any host can send data directly to a multicast address or join a multicast group to become a member, which brings safety problems to multicast. In this...The current multicast model provides no access control mechanism. Any host can send data directly to a multicast address or join a multicast group to become a member, which brings safety problems to multicast. In this paper, we present a new active multicast group access control mechanism that is founded on trust management. This structure can solve the problem that exists in multicast members' access control and distributing authorization of traditional IP multicast.展开更多
Existing remote attestation schemes based on trusted computing have some merits on enhancing security assurance level, but they usually do not integrate tightly with the classical system security mechanism. In this pa...Existing remote attestation schemes based on trusted computing have some merits on enhancing security assurance level, but they usually do not integrate tightly with the classical system security mechanism. In this paper, we present a component named remote attestation-based access controller (RABAC), which is based on a combination of techniques, such as random number, Bell-La Padula (BLP) model, user identity combined with his security properties and so on. The component can validate the current hardware and software integrity of the remote platform, and implement access control with different security policy. We prove that the RABAC can not only improve the security of transferred information in remote attestation process but also integrate remote attestation and classical system security mechanism effectively.展开更多
Based on trust measurement, a new cross-domain access control model is proposed to improve the security performance of the cross-domain access control processes. This model integrates the trust management and trusted ...Based on trust measurement, a new cross-domain access control model is proposed to improve the security performance of the cross-domain access control processes. This model integrates the trust management and trusted platform measurement, defines several concepts (user trust degree, platform configuration integrity and intra/inter-domain trust degree) and calculates them with users' uniform identity authentication and historical access behavior analysis. Then this model expands the extensible access control markup language (XACML) model by adding inside trust manager point (ITMP) and outside trust manager point (OTMP), and describes the architectures and workflows of ITMP and OTMP in details. The experimental results show that this model can achieve more fine-grained access control, implement dynamic authorization in a simple way, and improve the security degrees of the cross-domain access control.展开更多
In order to solve such problems as lack of dynamic evaluation system in evaluation of quality and safety trust of dairy products,and weak awareness of prevention,it is necessary to introduce the statistical process co...In order to solve such problems as lack of dynamic evaluation system in evaluation of quality and safety trust of dairy products,and weak awareness of prevention,it is necessary to introduce the statistical process control into the quality and safety trust evaluation system of dairy products,and establish quality and safety trust early warning model for dairy products,so as to determine the control limit of control chart and carry out early warning according to eight criteria. According to the empirical results,the statistical process control is helpful for finding the hidden process risks and providing the necessary basis for enterprises taking positive measures to raise the confidence of consumers.展开更多
PMI (privilege management infrastructure) is used to perform access control to resource in an E-commerce or E-government system. With the ever-increasing need for secure transaction, the need for systems that offer ...PMI (privilege management infrastructure) is used to perform access control to resource in an E-commerce or E-government system. With the ever-increasing need for secure transaction, the need for systems that offer a wide variety of QoS (quality-of-service) features is also growing. In order to improve the QoS of PMI system, a cache based on RBAC (Role-based Access control) and trust is proposed. Our system is realized based on Web service. How to design the cache based on RBAC and trust in the access control model is deseribed in detail. The algorithm to query role permission in cache and to add records in cache is dealt with. The policy to update cache is introduced also.展开更多
Facing the increasing security issues in P2P networks, a scheme for resource sharing using trusted computing technologies is proposed in this paper. We advance a RS-UCON model with decision continuity and attribute mu...Facing the increasing security issues in P2P networks, a scheme for resource sharing using trusted computing technologies is proposed in this paper. We advance a RS-UCON model with decision continuity and attribute mutability to control the usage process and an architecture to illustrate how TC technologies support policy enforcement with bidirectional attestation. The properties required for attestation should include not only integrity measurement value of platform and related application, but also reputation of users and access history, in order to avoid the limitation of the existing approaches. To make a permission, it is required to evaluate both the authorization and conditions of the subject and the object in resource usage to ensure trustable resources to be transferred to trusted users and platform.展开更多
基金Supported by the National Natural Science Foundation of China (60403027)
文摘Trust management system has been a promising approach to solve the access control problems in open multi-domain environments. However, the calculation of trust and the delivery of the trust are not addressed effectively in the existing trust management systems. To address the problems, this paper proposes a scheme of trust calculation and delivery control. Compared with the other schemes, it is simpler and more flexible, and also easier to be implemented.
基金Supported by Specialized Research Fund for theDoctoral Programof Higher Education of China (20050013011)
文摘The conception of trusted network connection (TNC) is introduced, and the weakness of TNC to control user's action is analyzed. After this, the paper brings out a set of secure access and control model based on access, authorization and control, and related authentication protocol. At last the security of this model is analyzed. The model can improve TNC's security of user control and authorization.
基金Supported by:National Science Fund for Distinguished Young Scholars of China Under Grant No. 50425824the National Natural Science Foundation of China Under Grant No.50578109,90715034 and 90715032
文摘In the field of civil engineering, magnetorheological fluid (MRF) damper-based semi-active control systems have received considerable attention for use in protecting structures from natural hazards such as strong earthquakes and high winds. In this paper, the MRF damper-based semi-active control system is applied to a long-span spatially extended structure and its feasibility is discussed. Meanwhile, a _trust-region method based instantaneous optimal semi-active control algorithm (TIOC) is proposed to improve the performance of the semi-active control system in a multiple damper situation. The proposed TIOC describes the control process as a bounded constraint optimization problem, in which an optimal semi- active control force vector is solved by the trust-region method in every control step to minimize the structural responses. A numerical example of a railway station roof structure installed with MRF-04K dampers is presented. First, a modified Bouc- Wen model is utilized to describe the behavior of the selected MRF-04K damper. Then, two semi-active control systems, including the well-known clipped-optimal controller and the proposed TIOC controller, are considered. Based on the characteristics of the long-span spatially extended structure, the performance of the control system is evaluated under uniform earthquake excitation and travelling-wave excitation with different apparent velocities. The simulation results indicate that the MR fluid damper-based semi-active control systems have the potential to mitigate the responses of full-scale long-span spatially extended structures under earthquake hazards. The superiority of the proposed TIOC controller is demonstrated by comparing its control effectiveness with the clipped-optimal controller for several different cases.
基金Supported by the National Natural Science Foun-dation of China (60363001 ,60373087 ,90104005 ,60473023)
文摘The current multicast model provides no access control mechanism. Any host can send data directly to a multicast address or join a multicast group to become a member, which brings safety problems to multicast. In this paper, we present a new active multicast group access control mechanism that is founded on trust management. This structure can solve the problem that exists in multicast members' access control and distributing authorization of traditional IP multicast.
基金Supported by the National High Technology Research and Development Program of China (863 Program) (2006AA01Z440)the National Basic Research Program of China (973 Program) (2007CB311100)
文摘Existing remote attestation schemes based on trusted computing have some merits on enhancing security assurance level, but they usually do not integrate tightly with the classical system security mechanism. In this paper, we present a component named remote attestation-based access controller (RABAC), which is based on a combination of techniques, such as random number, Bell-La Padula (BLP) model, user identity combined with his security properties and so on. The component can validate the current hardware and software integrity of the remote platform, and implement access control with different security policy. We prove that the RABAC can not only improve the security of transferred information in remote attestation process but also integrate remote attestation and classical system security mechanism effectively.
基金Supported by the National Key Technology Support Program of China(2013BAK07B04)the Natural Science Foundation of Hebei Province(F2014201152)
文摘Based on trust measurement, a new cross-domain access control model is proposed to improve the security performance of the cross-domain access control processes. This model integrates the trust management and trusted platform measurement, defines several concepts (user trust degree, platform configuration integrity and intra/inter-domain trust degree) and calculates them with users' uniform identity authentication and historical access behavior analysis. Then this model expands the extensible access control markup language (XACML) model by adding inside trust manager point (ITMP) and outside trust manager point (OTMP), and describes the architectures and workflows of ITMP and OTMP in details. The experimental results show that this model can achieve more fine-grained access control, implement dynamic authorization in a simple way, and improve the security degrees of the cross-domain access control.
基金Supported by Program of Chongqing University of Arts and Sciences(Z2014JG14)Young Scholar Project of Humanities and Social Science Foundation of Ministry of Education(15XJC790002)
文摘In order to solve such problems as lack of dynamic evaluation system in evaluation of quality and safety trust of dairy products,and weak awareness of prevention,it is necessary to introduce the statistical process control into the quality and safety trust evaluation system of dairy products,and establish quality and safety trust early warning model for dairy products,so as to determine the control limit of control chart and carry out early warning according to eight criteria. According to the empirical results,the statistical process control is helpful for finding the hidden process risks and providing the necessary basis for enterprises taking positive measures to raise the confidence of consumers.
基金Supported by the National Tenth Five-rear Planfor Scientific and Technological Development of China (413160501)the National Natural Science Foundation of China (50477038)
文摘PMI (privilege management infrastructure) is used to perform access control to resource in an E-commerce or E-government system. With the ever-increasing need for secure transaction, the need for systems that offer a wide variety of QoS (quality-of-service) features is also growing. In order to improve the QoS of PMI system, a cache based on RBAC (Role-based Access control) and trust is proposed. Our system is realized based on Web service. How to design the cache based on RBAC and trust in the access control model is deseribed in detail. The algorithm to query role permission in cache and to add records in cache is dealt with. The policy to update cache is introduced also.
基金the National Natural Science Foundation of China (60673071, 60743003,90718005,90718006)the National High Technology Research and Development Program of China (2006AA01Z442,2007AA01Z411)
文摘Facing the increasing security issues in P2P networks, a scheme for resource sharing using trusted computing technologies is proposed in this paper. We advance a RS-UCON model with decision continuity and attribute mutability to control the usage process and an architecture to illustrate how TC technologies support policy enforcement with bidirectional attestation. The properties required for attestation should include not only integrity measurement value of platform and related application, but also reputation of users and access history, in order to avoid the limitation of the existing approaches. To make a permission, it is required to evaluate both the authorization and conditions of the subject and the object in resource usage to ensure trustable resources to be transferred to trusted users and platform.
