A Cache Considering Role-Based Access Control and Trust in Privilege Management Infrastructure

PMI （privilege management infrastructure） is used to perform access control to resource in an E-commerce or E-government system. With the ever-increasing need for secure transaction, the need for systems that offer a wide variety of QoS （quality-of-service） features is also growing. In order to improve the QoS of PMI system, a cache based on RBAC （Role-based Access control） and trust is proposed. Our system is realized based on Web service. How to design the cache based on RBAC and trust in the access control model is deseribed in detail. The algorithm to query role permission in cache and to add records in cache is dealt with. The policy to update cache is introduced also.     

Context-Aware Usage-Based Grid Authorization Framework

Due to inherent heterogeneity, multi-domain characteristic and highly dynamic nature, authorization is a critical concern in grid computing. This paper proposes a general authorization and access control architecture, grid usage control （GUCON）, for grid computing. It＇s based on the next generation access control mechanism usage control （UCON） model. The GUCON Framework dynamic grants and adapts permission to the subject based on a set of contextual information collected from the system environments; while retaining the authorization by evaluating access requests based on subject attributes, object attributes and requests. In general, GUCON model provides very flexible approaches to adapt the dynamically security request. GUCON model is being implemented in our experiment prototype.     

Application of Diagonal Recurrent Neural Network to DC Motor Speed Control Systems

A new kind of dynamic neural network—diagonal recurrent neural network (DRNN) and its learning method and architecture are presented. A direct adaptive control scheme is also developed that is applied to a DC (Direct Current) speed control system with the ability to auto-tune PI (Proportion Integral) parameters based on combining DRNN with PI controller. The simulation results of DRNN show better control performances and potential practical use in comparison with PI controller.     

COMPUTER DECOUPLE CONTROL OF TEMPERATURE AND HUMIDITY IN PREPROCESSING CHAMBER OF AIR-CONDITIONING TEST EQUIPMENT

This paper deals with the application of decouple Control theory to temperature and humidi-ty control in air-conditioning system. The decouple control algorithm for bivariable systems isderived applicablly for air-conditioning system. The algorithm is used to design a temperatureand humidity computer control system for the preprocessing chamber of air-conditioning testequipment. The results of the real-time control experiments indicate that the decouple controlalgorithm is feasible, the control quality is improved and high control precision is achieved.     

An extended role based access control method for XML documents

As XML has been increasingly important as the Data-change format of Internet and Intranet, acces-controlon-XML-properties rises as a new issue. Role-based access control (RBAC) is an access control method that has been widely used in Internet, Operation System and Relation Data Base these 10 years. Though RBAC is already relatively mature in the above fields, new problems occur when it is used in XML properties. This paper proposes an integrated model to resolve these problems, after the fully analysis on the features of XML and RBAC.     

A Design and Implementation of Multicrypt Solution for DVB Receiver

Conditional Access (CA) System is the essential basis of a Pay-TV System to charge the subscribers. This paper first introduces the standards and mechanisms for a Set-Top-Box(STB)to receive programs scrambled by different CA systems. Then, according to DVB multicrypt solution, a design in detail for such a DVB receiver, i.e. STB is presented. Decoder manufacturers provide STBs with the standard DVB common interface and CA system providers provide detachable CA modules to plug into the STBs through Common Interface. This solution allows broadcasters and customers to change CA system without replacing the STB. Such a design has been implemented in a decoder based on LSI SC2000, and is proved to be an open and secure solution for conditional access.     

Stability Analysis of Nonlinear Networked Control System with Integral Quadratic Constraints Performance in Takagi-Sugeno Fuzzy Model

This paper focuses on the stability analysis of nonlinear networked control system with integral quadratic constraints(IQC) performance, dynamic quantization, variable sampling intervals, and communication delays. By using input-delay and parallel distributed compensation(PDC) techniques, we establish the Takagi-Sugeno(T-S) fuzzy model for the system, in which the sampling period of the sampler and signal transmission delay are transformed to the refreshing interval of a zero-order holder(ZOH). By the appropriate Lyapunov-Krasovskii-based methods, a delay-dependent criterion is derived to ensure the asymptotic stability for the system with IQC performance via the H_∞ state feedback control. The efficiency of the method is illustrated on a simulation exampler.     

Fuzzy Variable Structure Control of Photovoltaic MPPT System

In order to reduce chattering phenomenon of variable structure control, a fuzzy variable structure control method is adopted and applied in the photovoitaic maximum power point tracking （MPPT） control system. Firstly, the electric features of PV cells and a dynamic model of photovoitaic system with a DGDC buck converter are analysed. Then a hybrid fuzzy variable structure controller is designed. The controller is composed of a fuzzy variable structure control term and a supervisory control term. The former is the main part of the controller and the latter is used to ensure the stability of the system. Finally, the conventional variable structure control method and the fuzzy variable structure control method are applied respectively. The comparing of simulation results shows the superiority of the latter.     

Effect: An operational view mechanism for decentralized information flow control

Flume, which implements decentralized information flow control (DIFC), allows a high security level process to "pre-create" secret files in a low security level directory. However, the pre-create mechanism makes some normal system calls unavailable, and moreover, it needs priori knowledge to create a large quantity of objects, which is difficult to estimate in practical operating systems. In this paper, we present an extended Flume file access control mechanism, named Effect, to substitute the mechanism of pre-create, which permits write operations (create, delete, and rename a file) on directories and creates a file access virtual layer that allocates operational views for each process with noninterference properties. In the end, we further present an analysis on the security of Effect. Our work makes it easier for multi-user to share confidential information in decentralized information flow control systems.     

Research on Dynamic Model＇s Building of Active Magnetic Suspension Systems

An experimental method is introduced in this paper to build the dynamics of AMSS （the active magnetic suspension system）, which doesn＇t depend on system＇s physical parameters. The rotor can be reliably suspended under the unit feedback control system designed with the primary dynamic model obtained, Online identification in frequency domain is processed to give the precise model, Comparisons show that the experimental method is much closer to the precise model than the theoretic method based on magnetic circuit law. So this experimental method is a good choice to build the primary dynamic model of AMSS,     

基于XML和XACML的角色访问控制的实施

XML具有良好的扩展性、平台无关性、结构化数据描述能力,而XACML具有很强的访问控制策略描述能力.针对XML和XACML的特点,本文提出了使用XML和XACML实现基于角色的访问控制方案,使得RBAC系统具有了良好的灵活性、扩展性以及跨平台性.     

基于角色访问控制技术在ERP系统中的应用

该文结合三鑫集团ERP系统的整体设计框架，详细介绍了基于角色访问控制技术进行数据授权模块设计的过程。在江西三鑫医疗器械(集团)有限公司ERP系统的设计中，引入基于角色访问控制技术，通过减小访问控制的粒度，实现数据授权模块，减小访问控制的粒度，解决了基于角色对数据的访问控制问题，有一定的推广价值。     

一种基于查询请求授权的XML访问控制方法

在信息系统中访问控制是一种基本的安全机制,当多用户系统将XML作为数据存储方式的时候,出现了XML文档的访问控制问题,XML文档具有层次结构,对其访问可以是细粒度的,因此,可以不去访问文件全部信息而限制用户访问文件的部分信息。传统的方法在每次用户请求处理过程中都要将策略文件和数据文件进行比较,因此在数据量比较大的时候就会降低处理效率。将用户请求和策略规则进行分类,并通过比较二者的类型获得授权结果。结果表明,该方法在处理用户访问的过程中减少了访问数据的需要。     

基于角色控制的教学权限访问系统的设计与实现

研究和探讨了实际应用中的用户权限及访问控制设计及实现问题.以一个教学管理网上系统的权限访问系统实现为例,通过建立一个权限控制矩阵来划分用户的权限访问级别,并结合了动态菜单自动生成、页面跳转限制控制、以及分级打开数据库数据等应用实现方案.实践表明,基于角色访问控制的权限访问控制系统能严格地控制与防止用户接触与其身份角色不相关的数据信息,有效地避免用户的非法操作,从而切实地提高系统的可用性和健壮性.     

细粒度同异步偏序权限建模角色访问控制模型

角色访问控制的应用提高了系统易用性和健壮性.分析了RBAC模型,指出其在细粒度和表达能力等方面的一些缺陷,结合UML对其重构,提出支持偏序权限建模的细粒度面向对象RBAC模型,基于该模型结合部分GoF模式设计了通用应用框架.与其它应用框架相比有着良好的通用性,支持权限关系的同异步及偏序关系表达,并在细粒度动态访问控制上具有更好的灵活性和效率.     

企业局域网机密信息传输系统设计

为防止信息被非法入侵者窃取或更改,实现网络整体监控与信息加密相结合双重安全保障,应用访问控制策略和信息加密技术设计一种机密信息传递系统。该系统硬件采用防火墙的IP（Internet Protocol）地址与MAC（Media Access Control）地址绑定和基于交换机的MAC地址与端口绑定的二级管理方法建立网络监控系统;文件加／解密(软件)系统采用对称性的DES(Data Encryption Standard)算法设计机密信息传输软件,并给出几种硬件实施方式、DES加／解密算法原理和运行程序,为企业系统实施提供了方便,减少了开发周期。DES加／解密过程操作简单,从而提高了机密信息在系统中加／解密速度和系统的性价比。该系统已在多个企业局域网中得到应用,且运行效果良好,在信息传递安全性方面满足用户要求。     

基于角色和任务的工作流访问控制管理模型

针对现有访问控制模型在工作流系统安全方面存在的不足,提出一种基于角色和任务的工作流访问控制管理模型(ATRBAC).该模型将ARBAC模型中的管理思想融入TRBAC模型,并引入管理员及管理权限,同时对管理员实行层次管理,解决了系统管理员的权限过大而产生的隐患,加强了系统的安全性.     

基于规则的RBAC在Web信息系统中的实现

针对Web资源访问的特点和安全问题,研究了传统的RBAC(Role-Based Access Con-trol)模型的缺陷,提出了一种适合大型Web资源访问系统的RBAC扩展模型,即利用用户属性制定相应的规则,根据规则为用户分配角色,以获得相应Web资源的访问权限.该扩展模型弥补了传统RBAC基于静态角色分配的不足,实现了角色的动态分配,并对规则和角色分配进行了约束,提高了Web资源访问的效率和安全性     

基于树型角色的访问控制策略及其实现

对于工作职能耦合度高、业务呈交叉状的企业,传统的基于用户或角色的访问控制(RBAC)策略已难以实现信息系统的权限管理．文中结合RBAC的基本思想,提出了一种分层的树型角色访问控制(TRBAC)模型,并在应用程序层实现了基于角色的权限管理方案,实践表明,TRBAC简化了用户、角色和许可三者之间的配置规则,方便了系统的授权管理．     

可扩展约束的基于角色访问控制策略的XML表示

通过对基于角色访问控制基本原理及约束的分析,设计了XML表达RBAC元素的方案,增强了系统表达不同策略的能力,适应分布式环境的要求. 策略的XML表示把系统管理和访问控制的实施技术分离,提高了系统开发的灵活性. 对于扩展的约束表达,采用分离的模块实施约束检查,从而实现了较好的约束可扩展性. 特定应用的访问控制系统可以根据已有的策略和现实的需求灵活定制.