[go: up one dir, main page]

CN101984627B - Method for mapping authority in access control based on trust - Google Patents

Method for mapping authority in access control based on trust Download PDF

Info

Publication number
CN101984627B
CN101984627B CN 201010543830 CN201010543830A CN101984627B CN 101984627 B CN101984627 B CN 101984627B CN 201010543830 CN201010543830 CN 201010543830 CN 201010543830 A CN201010543830 A CN 201010543830A CN 101984627 B CN101984627 B CN 101984627B
Authority
CN
China
Prior art keywords
permission
authority
subject
trust
trust value
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN 201010543830
Other languages
Chinese (zh)
Other versions
CN101984627A (en
Inventor
何泾沙
马书南
高枫
张玉强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing University of Technology
Original Assignee
Beijing University of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing University of Technology filed Critical Beijing University of Technology
Priority to CN 201010543830 priority Critical patent/CN101984627B/en
Publication of CN101984627A publication Critical patent/CN101984627A/en
Application granted granted Critical
Publication of CN101984627B publication Critical patent/CN101984627B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

基于信任的访问控制中的权限映射方法,属于计算机网络安全领域。在开放式系统中,没有中心化的管理权威可以依赖,并且实体之间通常是陌生的,因此无法根据其身份进行权限分配。本发明的目的是根据实体的信任值为它分配相应的权限。当实体的信任值发生变化时,分配给它的权限也随之改变。本发明能解决开放式环境中无法根据用户的身份进行权限分配的问题,可以保证资源的安全访问,具有较强的灵活性。

The invention relates to a permission mapping method in trust-based access control, which belongs to the field of computer network security. In an open system, there is no centralized management authority to rely on, and entities are often strangers to each other, so authority assignments cannot be made based on their identities. The purpose of the present invention is to assign corresponding authority to an entity according to its trust value. When an entity's trust value changes, the permissions assigned to it also change. The invention can solve the problem that authority cannot be assigned according to the user's identity in an open environment, can ensure safe access to resources, and has strong flexibility.

Description

基于信任的访问控制中的权限映射方法Permission Mapping Method in Trust-Based Access Control

技术领域 technical field

本发明涉及一种访问控制权限映射方法,具体是一种基于信任的访问控制中的权限映射方法,用于解决在开放式环境中实体访问资源时如何依据其信任值进行权限分配问题,属于计算机网络安全领域。The present invention relates to an access control authority mapping method, in particular to a trust-based access control authority mapping method, which is used to solve the problem of how to assign authority according to its trust value when an entity accesses resources in an open environment, and belongs to computer The field of cyber security.

背景技术 Background technique

在开放式环境中,实体的行为和状态由自身决定,可以随时加入某个网络,也可以随时退出该网络,甚至可以在改变自身标识后重新加入另一网络。而且,在开放式环境中,没有中心化的管理权威可以依赖,这一特征使得实体不能获得另一实体的全部信息,或者实体之间根本不认识。In an open environment, the behavior and status of entities are determined by themselves, and they can join a network at any time, exit the network at any time, and even rejoin another network after changing their identity. Moreover, in an open environment, there is no centralized management authority to rely on. This feature makes it impossible for an entity to obtain all the information of another entity, or the entities do not know each other at all.

强制访问控制、自主访问控制和基于角色的访问控制等集中式访问控制方法,不能满足开放式环境的特点,如开放性、异构性和动态性等。在开放式环境中,由于用户经常需要面对陌生实体,信任的作用显得非常重要。信任管理为解决开放式环境中的访问控制问题提供了一种新思路,利用信任为开放式环境提供安全的访问控制机制具有重要的意义。Centralized access control methods such as mandatory access control, discretionary access control, and role-based access control cannot meet the characteristics of an open environment, such as openness, heterogeneity, and dynamics. In an open environment, since users often need to face unfamiliar entities, the role of trust is very important. Trust management provides a new way of thinking to solve access control problems in open environments, and it is of great significance to use trust to provide secure access control mechanisms for open environments.

在基于信任的访问控制中,实体的信任值和访问权限之间如何进行映射是关键问题。也就是说,当评估出一个实体的信任值后,应对该实体分配什么样的权限。In trust-based access control, how to map between the entity's trust value and access rights is a key issue. That is to say, when the trust value of an entity is evaluated, what permissions should be assigned to the entity.

发明内容 Contents of the invention

本发明的目的是提供一种基于信任的访问控制中的权限映射方法。该方法可以根据实体每次访问资源时的信任值对其分配相应的访问权限,且随着每次访问时实体信任值的变化,分配的权限也随之改变。使用该方法可以灵活的实现对资源的访问控制。The purpose of the present invention is to provide a permission mapping method in trust-based access control. The method can assign corresponding access rights to the entity according to the trust value of each access to the resource, and as the trust value of the entity changes each time, the assigned rights also change accordingly. Using this method can flexibly implement access control to resources.

本方法将信任值与资源的访问权限进行映射,可以根据主体信任值的变化而动态调整对应的访问权限。This method maps the trust value and the access right of the resource, and can dynamically adjust the corresponding access right according to the change of the subject's trust value.

基于信任的访问控制中的权限映射方法,其特征在于,步骤如下:The permission mapping method in trust-based access control is characterized in that the steps are as follows:

(1)主体的信任区间设为[0,1],设资源拥有N个不同的非空权限集合,根据主体的信任值,给主体分配相应的访问权限,建立信任值与权限之间的映射;(1) The trust interval of the subject is set to [0, 1], and the resource has N different non-empty permission sets. According to the trust value of the subject, the corresponding access permission is assigned to the subject, and the mapping between the trust value and the permission is established ;

读取资源的N个非空权限集合,连同空集φ一起,依据各权限集合的安全级别要求,构造权限集合的二叉排序树;Read N non-empty permission sets of resources, together with the empty set φ, construct a binary sorting tree of permission sets according to the security level requirements of each permission set;

(2)根据主体的信任值,计算信任值对应的权限量化函数值M;(2) According to the trust value of the subject, calculate the authority quantification function value M corresponding to the trust value;

x=arcsin y是单调递增函数;将平均分割为与资源的权限集合个数相等的N个小区间,与权限集合一一对应,那么每个小区间为

Figure BSA00000345997200022
任意给定信任值T∈[0,1],均有唯一的x=arcsinT与之对应,其中, x=arcsin y is a monotonically increasing function; Evenly divided into N small intervals equal to the number of permission sets of resources, corresponding to the permission sets one by one, then each small interval is
Figure BSA00000345997200022
For any given trust value T∈[0,1], there is a unique x=arcsinT corresponding to it, where,

构造权限量化函数

Figure BSA00000345997200024
且M∈[0,N]    (1)Construct permission quantification function
Figure BSA00000345997200024
And M ∈ [0, N] (1)

(3)根据权限量化函数值M,求取主体的权限在有序权限集合中的序列位置F;(3) According to the authority quantification function value M, obtain the sequential position F of the subject's authority in the ordered authority set;

公式(1)中M∈[0,N],而每个权限集合的表示为离散量,进一步构造权限集合映射函数:In formula (1), M∈[0, N], and each permission set is expressed as a discrete quantity, and the permission set mapping function is further constructed:

其中,F表示量化的权限值M所对应的权限集合;Wherein, F represents the permission set corresponding to the quantified permission value M;

任意给定信任值T∈[0,1],均有F∈[0,N]中的唯一整数与其对应;根据该整数与权限集合的对应关系,给主体分配相应的权限;其中,当F=0时,表示分配给该主体的访问权限为φ,即拒绝该主体的访问请求;For any given trust value T∈[0, 1], there is a unique integer in F∈[0, N] corresponding to it; according to the correspondence between the integer and the permission set, the corresponding permission is assigned to the subject; where, when F = 0, it means that the access right assigned to the subject is φ, that is, the subject’s access request is rejected;

(4)中序遍历构造的二叉排序树,查找得到第F个结点;(4) In-order traversal of the constructed binary sorting tree to find the Fth node;

(5)输出第F个结点所存储的权限集合,即为分配给该主体的权限;(5) Output the permission set stored in the Fth node, which is the permission assigned to the subject;

(6)如果还有需要权限映射的主体,则转向(2);否则,结束。(6) If there are subjects that need permission mapping, turn to (2); otherwise, end.

本发明技术方案说明如下:The technical solution of the present invention is described as follows:

主体的信任区间设为[0,1],设资源拥有N个不同的非空权限集合,根据主体的信任值,给其分配相应的访问权限,建立信任值与权限之间的映射。The trust interval of the subject is set to [0, 1], and the resource has N different non-empty permission sets. According to the trust value of the subject, the corresponding access permission is assigned to it, and the mapping between the trust value and the permission is established.

函数y=f(x)=sin x是单调递增函数。其中,

Figure BSA00000345997200031
且y∈[0,1]。其反函数:x=arcsiny也是单调递增函数。The function y=f(x)=sin x is a monotonically increasing function. in,
Figure BSA00000345997200031
And y ∈ [0, 1]. Its inverse function: x=arcsiny is also a monotonically increasing function.

如果将

Figure BSA00000345997200032
平均分割为与资源的权限集合个数相等的N个小区间,与权限集合一一对应,那么每个小区间为
Figure BSA00000345997200033
任意给定信任值T∈[0,1],均有唯一的x=arcsinT与之对应,其中,
Figure BSA00000345997200034
if will
Figure BSA00000345997200032
Evenly divided into N small intervals equal to the number of permission sets of resources, corresponding to the permission sets one by one, then each small interval is
Figure BSA00000345997200033
For any given trust value T∈[0,1], there is a unique x=arcsinT corresponding to it, where,
Figure BSA00000345997200034

由此,构造权限量化函数T∈[0,1],且M∈[0,N]    (1)Thus, the authority quantification function is constructed T ∈ [0, 1], and M ∈ [0, N] (1)

由公式(1)计算信任值T在以

Figure BSA00000345997200036
为单位区间的中所对应的区间数。因为公式(1)中M∈[0,N],而每个权限集合的表示为离散量,由此对其进行扩充,进一步构造权限集合映射函数:Calculate the trust value T by formula (1) in
Figure BSA00000345997200036
for the unit interval The number of intervals corresponding to . Because M∈[0, N] in formula (1), and each permission set is expressed as a discrete quantity, it is expanded to further construct the permission set mapping function:

Figure BSA00000345997200038
Figure BSA00000345997200038

其中,F表示量化的权限值M所对应的权限集合。由公式(1)和公式(2)可知,任意给定信任值T∈[0,1],均有F∈[0,N]中的唯一整数与其对应。根据该整数与权限集合的对应关系,给主体分配相应的权限。其中,当F=0时,表示分配给该主体的访问权限为φ,即拒绝该主体的访问请求。Wherein, F represents the permission set corresponding to the quantized permission value M. It can be seen from formula (1) and formula (2) that any given trust value T ∈ [0, 1] has a unique integer in F ∈ [0, N] corresponding to it. According to the corresponding relationship between the integer and the permission set, assign the corresponding permission to the subject. Wherein, when F=0, it means that the access right assigned to the subject is φ, that is, the subject's access request is rejected.

对于资源拥有的N个不同的权限集合,依据安全管理需求,资源的每个权限集合对主体信任值的要求不同。因此,可以根据权限集合所要求主体信任程度的高低,将其进行升序排列,并存储在权限集合数组R[N]中,且R[0]=φ。假设信任值为T′的主体,由公式(2)计算出其函数值为t,其中,t=0,1,...,N,则分配给该主体的权限集合为R(t)。For the N different permission sets owned by the resource, each permission set of the resource has different requirements for the subject trust value according to the security management requirements. Therefore, they can be arranged in ascending order according to the trust degree of the subject required by the authority set, and stored in the authority set array R[N], and R[0]=φ. Assuming a subject with a trust value of T′, its function value is calculated by formula (2) to be t, where t=0, 1, ..., N, then the authority set assigned to this subject is R(t).

将N+1个权限集合(包括空集)进行升序排列的方法有很多。为了提高权限集合的排序效率,我们采用如下方法。首先将N+1个权限集合构造一个二叉排序树,然后对其进行中序遍历,可得到权限集合的升序排列。There are many methods for sorting the N+1 permission sets (including empty sets) in ascending order. In order to improve the sorting efficiency of permission sets, we adopt the following method. First construct a binary sorting tree with N+1 permission sets, and then perform an in-order traversal on it to obtain the ascending order of the permission sets.

基于反正弦函数的权限映射方法的步骤如下:The steps of the permission mapping method based on arcsine function are as follows:

(1)读取资源的N+1个权限集合(包括空集),依据各权限集合的安全级别要求,构造权限集合的二叉排序树;(1) Read N+1 permission sets (including empty sets) of resources, and construct a binary sorting tree of permission sets according to the security level requirements of each permission set;

(2)根据主体的信任值,应用公式(1)计算其对应的函数值M。(2) According to the trust value of the subject, apply the formula (1) to calculate its corresponding function value M.

(3)应用公式(2),根据函数值M,求取主体的权限在有序权限集合中的序列位置F。(3) Apply the formula (2), according to the function value M, obtain the sequence position F of the subject's authority in the ordered authority set.

(4)中序遍历构造的二叉排序树,查找得到第F个结点。(4) In-order traversal of the constructed binary sorting tree to find the Fth node.

(5)输出第F个结点所存储的权限集合,即为分配给该主体的权限。(5) Output the permission set stored in the Fth node, which is the permission assigned to the subject.

(6)如果还有需要权限映射的主体,则转向(2);否则,结束。(6) If there are subjects that need permission mapping, turn to (2); otherwise, end.

本发明提出了一种基于信任的访问控制中的权限映射方法,可以解决实体访问资源时依据其信任值进行权限分配问题。它满足开放式环境中资源访问控制的特点,能够灵活应用于各种开放式网络环境。The invention proposes a permission mapping method in access control based on trust, which can solve the problem of permission allocation according to the trust value when an entity accesses resources. It satisfies the characteristics of resource access control in an open environment, and can be flexibly applied to various open network environments.

附图说明 Description of drawings

图1本发明的应用过程流程图Fig. 1 application process flowchart of the present invention

图2权限集合二叉排序树Figure 2 Permission Set Binary Sorting Tree

具体实施方式 Detailed ways

本发明具体实施方式以点对点网络中用户请求访问资源为例,根据用户的信任值对其进行权限分配。The specific embodiment of the present invention takes a user's request to access a resource in a peer-to-peer network as an example, and assigns rights to the user according to the user's trust value.

用户a和用户b是点对点网络的用户,他们要访问文件c。用户a的信任值Ta=0.5,用户b的信任值Tb=0.9,下面根据用户a和用户b的信任值为其分配访问权限。其中,对信任值的计算过程不做详细介绍,只关心已知信任值后,如何根据信任值进行权限分配。User a and user b are users of the peer-to-peer network, and they want to access file c. The trust value of user a is T a =0.5, and the trust value of user b is T b =0.9. Next, assign access rights to users according to the trust values of user a and user b. Among them, the calculation process of the trust value will not be introduced in detail, only concerned with how to assign permissions according to the trust value after the trust value is known.

(1)假设资源拥有可分配的5个非空权限集合,分别为:A={读},B={写},C={修改},D={读,写,修改,执行},E={读,写,修改,执行,拥有}。并且文件的各权限对用户的信任要求从低到高排列如下:读、写、修改、执行、拥有。将这5个权限集合和表示拒绝访问的空集φ,一起构造二叉排序树,如图2所示。(1) Assume that the resource has five non-empty permission sets that can be allocated, namely: A={read}, B={write}, C={modify}, D={read, write, modify, execute}, E = {read, write, modify, execute, own}. And the trust requirements of each permission of the file to the user are arranged as follows from low to high: read, write, modify, execute, and own. Combine these 5 permission sets and the empty set φ which means access is denied, and construct a binary sorting tree together, as shown in Figure 2.

(2)先对用户a进行权限映射。应用公式(1),计算函数值(2) Perform authority mapping on user a first. Applying formula (1), calculate the function value

Mm == (( 22 ×× 55 )) arcsinarcsin (( 0.50.5 )) ππ == 55 33 ..

(3)根据公式(2),计算

Figure BSA00000345997200042
(3) According to formula (2), calculate
Figure BSA00000345997200042

(4)中序遍历图2的二叉排序树,得到映射的权限是第2个非空权限集合B。(4) In-order traversal of the binary sorting tree in Figure 2, and the mapped permission is the second non-empty permission set B.

(5)读取结点B所存储的权限集合B={写},即分配给用户a访问文件c的权限是写。(5) Read permission set B={write} stored in node B, that is, the permission assigned to user a to access file c is write.

(6)接着对用户b进行权限映射。应用公式(1),计算函数值(6) Next, perform authority mapping for user b. Applying formula (1), calculate the function value

Mm == (( 22 ×× 55 )) arcsinarcsin (( 0.90.9 )) ππ ≈≈ 3.563.56 ..

(7)根据公式(2),计算

Figure BSA00000345997200052
(7) According to formula (2), calculate
Figure BSA00000345997200052

(8)中序遍历图2的二叉排序树,得到映射的权限是第4个非空权限集合D。(8) In-order traversal of the binary sorting tree in Figure 2, and the mapped authority is the fourth non-empty authority set D.

(9)读取结点D所存储的权限集合D={读,写,修改,执行},即分配给用户b访问文件c的权限是:读,写,修改,执行。(9) Read permission set D={read, write, modify, execute} stored in node D, that is, the permissions assigned to user b to access file c are: read, write, modify, execute.

通过上面的例子,可以得出,利用主体的信任值为其分配相应的访问权限是可行的。使用本发明,既可以为主体分配合适的访问权限,又可以保证资源访问的安全性。本发明能够灵活应用于各种开放式网络环境中,具有良好的适用性。Through the above example, it can be concluded that it is feasible to use the trust value of the subject to assign corresponding access rights to it. By using the invention, it is possible to assign appropriate access rights to subjects and ensure the security of resource access. The invention can be flexibly applied in various open network environments and has good applicability.

Claims (1)

1.基于信任的访问控制中的权限映射方法,根据主体的信任值,给主体分配相应的访问权限,建立信任值与权限之间的映射;其特征在于,步骤如下:1. The authority mapping method in the trust-based access control, according to the trust value of the subject, assigns the corresponding access authority to the subject, and establishes the mapping between the trust value and the authority; it is characterized in that the steps are as follows: (1)主体的信任区间设为[0,1],设资源拥有N个不同的非空权限集合;(1) The trust interval of the subject is set to [0, 1], and the resource has N different non-empty permission sets; 读取资源的N个非空权限集合,连同空集φ一起,依据各权限集合对信任值要求从高到低进行排序,构造权限集合的二叉排序树;Read N non-empty permission sets of resources, together with the empty set φ, sort the trust value requirements from high to low according to each permission set, and construct a binary sorting tree of permission sets; (2)根据主体的信任值,计算信任值对应的权限量化函数值M;(2) According to the trust value of the subject, calculate the authority quantification function value M corresponding to the trust value; x=arcsin y是单调递增函数;将
Figure FSB00000996707800011
平均分割为与资源的权限集合个数相等的N个小区间,与权限集合一一对应,那么每个小区间为
Figure FSB00000996707800012
任意给定信任值T∈[0,1],均有唯一的x=arcsinT与之对应,其中,
Figure FSB00000996707800013
x=arcsin y is a monotonically increasing function;
Figure FSB00000996707800011
Evenly divided into N small intervals equal to the number of permission sets of resources, corresponding to the permission sets one by one, then each small interval is
Figure FSB00000996707800012
For any given trust value T∈[0,1], there is a unique x=arcsinT corresponding to it, where,
Figure FSB00000996707800013
 构造权限量化函数
Figure FSB00000996707800014
T∈[0,1],且M∈[0,N]1)Construct permission quantification function
Figure FSB00000996707800014
T ∈ [0, 1], and M ∈ [0, N] 1) (3)根据权限量化函数值M,求取主体的权限在有序权限集合中的序列位置F;(3) According to the authority quantification function value M, obtain the sequential position F of the subject's authority in the ordered authority set; 公式1)中M∈[0,N],而每个权限集合的表示为离散量,进一步构造权限集合映射函数:In formula 1), M∈[0, N], and each permission set is expressed as a discrete quantity, and the permission set mapping function is further constructed:
Figure FSB00000996707800015
Figure FSB00000996707800015
 其中,F表示量化的权限值M所对应的权限集合;Wherein, F represents the permission set corresponding to the quantified permission value M; 任意给定信任值T∈[0,1],均有F∈[0,N]中的唯一整数与其对应;根据该整数与权限集合的对应关系,给主体分配相应的权限;其中,当F=0时,表示分配给该主体的访问权限为φ,即拒绝该主体的访问请求;For any given trust value T∈[0, 1], there is a unique integer in F∈[0, N] corresponding to it; according to the correspondence between the integer and the permission set, the corresponding permission is assigned to the subject; where, when F = 0, it means that the access right assigned to the subject is φ, that is, the subject’s access request is rejected; (4)中序遍历构造的二叉排序树,查找得到第F个结点;(4) In-order traversal of the constructed binary sorting tree to find the Fth node; (5)输出第F个结点所存储的权限集合,即为分配给该主体的权限;(5) Output the permission set stored in the Fth node, which is the permission assigned to the subject; (6)如果还有需要权限映射的主体,则转向(2);否则,结束。(6) If there are subjects that need permission mapping, turn to (2); otherwise, end.
CN 201010543830 2010-11-12 2010-11-12 Method for mapping authority in access control based on trust Expired - Fee Related CN101984627B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 201010543830 CN101984627B (en) 2010-11-12 2010-11-12 Method for mapping authority in access control based on trust

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 201010543830 CN101984627B (en) 2010-11-12 2010-11-12 Method for mapping authority in access control based on trust

Publications (2)

Publication Number Publication Date
CN101984627A CN101984627A (en) 2011-03-09
CN101984627B true CN101984627B (en) 2013-04-03

Family

ID=43641798

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 201010543830 Expired - Fee Related CN101984627B (en) 2010-11-12 2010-11-12 Method for mapping authority in access control based on trust

Country Status (1)

Country Link
CN (1) CN101984627B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102664888B (en) * 2012-04-19 2015-08-26 中国科学院软件研究所 A kind of access control method based on degree of belief and system thereof
CN110765481B (en) * 2019-09-11 2021-02-02 珠海格力电器股份有限公司 Authority control method, authority control system, readable storage medium and terminal device
CN115426122B (en) * 2021-05-31 2025-04-04 华为技术有限公司 Access control method, related device and system based on authority adaptation
CN116933324B (en) * 2023-09-19 2023-12-05 智联信通科技股份有限公司 Industrial Internet identification data security access method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1980108A (en) * 2005-12-09 2007-06-13 中兴通讯股份有限公司 Code-resource distribution method in CDMA communication system
CN101022407A (en) * 2007-03-13 2007-08-22 中兴通讯股份有限公司 Binary tree-based stream classification checking method
CN101345707A (en) * 2008-08-06 2009-01-14 北京邮电大学 A method and device for realizing IPv6 message classification

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7992190B2 (en) * 2006-01-27 2011-08-02 Microsoft Corporation Authorization scheme to simplify security configurations

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1980108A (en) * 2005-12-09 2007-06-13 中兴通讯股份有限公司 Code-resource distribution method in CDMA communication system
CN101022407A (en) * 2007-03-13 2007-08-22 中兴通讯股份有限公司 Binary tree-based stream classification checking method
CN101345707A (en) * 2008-08-06 2009-01-14 北京邮电大学 A method and device for realizing IPv6 message classification

Also Published As

Publication number Publication date
CN101984627A (en) 2011-03-09

Similar Documents

Publication Publication Date Title
Zhang et al. Resource allocation and trust computing for blockchain-enabled edge computing system
Kim et al. Secure authentication-management human-centric scheme for trusting personal resource information on mobile cloud computing with blockchain
Habib et al. Security and privacy based access control model for internet of connected vehicles
US8850041B2 (en) Role based delegated administration model
Seshadhri et al. Wedge sampling for computing clustering coefficients and triangle counts on large graphs
CN115868144A (en) Temporary cloud provider credentials via a secure discovery framework
CN101984627B (en) Method for mapping authority in access control based on trust
WO2010028583A1 (en) Method and apparatus for managing the authority in workflow component based on authority component
CN104780159A (en) Access control method based on dynamic trust thresholds
Yu et al. A Security‐Awareness Virtual Machine Management Scheme Based on Chinese Wall Policy in Cloud Computing
CN111950866B (en) Role-based multi-tenant organizational structure management systems, methods, devices and media
Pereira RBAC for high performance computing systems integration in grid computing and cloud computing
CN119402191A (en) A trusted data space management system and method based on blockchain
Deng et al. A novel semifragile consensus algorithm based on credit space for consortium blockchain
CN110807189A (en) Authority segmentation method in block chain access control
CN105740392A (en) Resource sharing apparatus, system and method
WO2014188743A1 (en) Access control device and access control method and program
Hüffmeyer et al. Formal comparison of an attribute based access control language for restful services with xacml
Uikey et al. RBACA: role-based access control architecture for multi-domain cloud environment
Thomas et al. Reliable and Privacy Preserving Blockchain Based Medical Data Sharing Digital Ledger
Pu et al. BFAC-CS: A Blockchain-Based Fine-Grained Access Control Scheme for Complex Scenarios
Ali et al. Blockchain segmentation: An industrial solution for large scale data
Liu et al. Evaluation method of multi-domain system information sharing capability
US20240195812A1 (en) Onboarding Auto Creation of UDN Groups and Dynamic Binding
Heupel et al. Enhancing the security and usability of DUI based collaboration with proof based access control

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20130403

Termination date: 20151112

EXPY Termination of patent right or utility model