The Experts below are selected from a list of 6264 Experts worldwide ranked by ideXlab platform
H U Yuping - One of the best experts on this subject based on the ideXlab platform.
-
ucon a model for service grid Authorization Decision making
Computer Engineering, 2009Co-Authors: Gui Jinsong, Chen Zhigang, H U YupingAbstract:To keep free from weak capability of express of the usage control model based on Authorization predication Decision(UCONA),a delegation certification model is proposed to express Decision result in a fine-grained manner,and delegation certification processing statuses are defined to replace the simple access status.Decision component can make the reasonable delegation certification based on the system status when a request arrives,and also make Decision to change the delegation certification processing status when the system status is changed.This method effectively avoids that the same access requests generate the delegation certification repeatedly,and the delegation certification really reflects actual demands of Authorization.
Gui Jinsong - One of the best experts on this subject based on the ideXlab platform.
-
ucon a model for service grid Authorization Decision making
Computer Engineering, 2009Co-Authors: Gui Jinsong, Chen Zhigang, H U YupingAbstract:To keep free from weak capability of express of the usage control model based on Authorization predication Decision(UCONA),a delegation certification model is proposed to express Decision result in a fine-grained manner,and delegation certification processing statuses are defined to replace the simple access status.Decision component can make the reasonable delegation certification based on the system status when a request arrives,and also make Decision to change the delegation certification processing status when the system status is changed.This method effectively avoids that the same access requests generate the delegation certification repeatedly,and the delegation certification really reflects actual demands of Authorization.
X. Chen - One of the best experts on this subject based on the ideXlab platform.
-
An Access Control Model for Resource Sharing Based on the Role-Based Access Control Intended for Multi-Domain Manufacturing Internet of Things
IEEE Access, 2017Co-Authors: Qian Liu, Jiafu Wan, Hong Zhang, X. ChenAbstract:Manufacturing Internet of Things (MIoT) represents the manufacturing oriented to Internet of Things with two important characteristics, resource sharing and process collaboration. Access control in resource sharing is very important for MIoT operation safety. This paper presents an access control model for resource sharing based on the role-based access control intended for multidomain MIoT. In multidomain systems, in order to response on the assigning request for permission for the certain role from the certain user, an authority action sequence named the Authorization route is employed to determine an appropriate Authorization state. In this paper, the best Authorization route with the least spread of permissions is defined as an optimal Authorization route. We employed an intelligent planning theory to model the Authorization route problem and to develop a solution algorithm called PGAO*, which can support external evaluation of both single-goal-role Authorization routes and multi-goal-role Authorization routes. In addition, some simple policies for solving the Authorization route problem are presented. The proposed access control model provides a quick and efficient Authorization Decision support for administrators in collaborative domain and ensures a secure access in resource sharing in MIoT.
Gregorio Martinezperez - One of the best experts on this subject based on the ideXlab platform.
-
dynamic counter measures for risk based access control systems
Future Generation Computer Systems, 2016Co-Authors: Daniel Diazlopez, Gines Doleratormo, Felix Gomezmarmol, Gregorio MartinezperezAbstract:Risk-based access control systems are a new element in access control categories, incorporating risk analysis as part of the inputs to consider when taking an Authorization Decision. A risk analysis over a resource leads generally to temporal allocation of the resource in a risk level (e.g.?high, medium, low). Ideally, for each risk level and kind of resource, the access control system should take an Authorization Decision (expressed like a permit or deny) and the system administrator should also trigger specific counter-measures to protect resources according to their risk level. In a small access control system with few resources it is possible for an administrator to follow the risk level changes and react promptly with counter-measures; but in medium/large access control systems it is almost unfeasible to react in a customized way to thousands of risk level emergencies asking for attention. In this paper we propose the adoption of dynamic counter-measures (which can be integrated within access control policies) changing along time to face variations in the risk level of every resource, bringing two main benefits, namely: (i) a suitable resource protection according to the risk level (not under or over estimated) and (ii) an access control system granting/denying access depending on the fulfillment of a set of security controls applicable in an Authorization access request. To define the most appropriate set of counter-measures applicable for a specific situation we define a method based on genetic algorithms, which allows to find a solution in a reasonable time frame satisfying different required conditions. Finally, the conducted experiments show the applicability of our proposal in a real scenario. Finding of best sets of counter-measures to protect resources.Dynamic countermeasures to face variations in the Risk Level ( R L ) .Access depending on the fulfillment of a set of specific security controls.Method based on genetic algorithms with applicability in a real scenario.Resource protection according to the risk level (not under or overestimated).
Chen Zhigang - One of the best experts on this subject based on the ideXlab platform.
-
ucon a model for service grid Authorization Decision making
Computer Engineering, 2009Co-Authors: Gui Jinsong, Chen Zhigang, H U YupingAbstract:To keep free from weak capability of express of the usage control model based on Authorization predication Decision(UCONA),a delegation certification model is proposed to express Decision result in a fine-grained manner,and delegation certification processing statuses are defined to replace the simple access status.Decision component can make the reasonable delegation certification based on the system status when a request arrives,and also make Decision to change the delegation certification processing status when the system status is changed.This method effectively avoids that the same access requests generate the delegation certification repeatedly,and the delegation certification really reflects actual demands of Authorization.
