排序方式: 共有206条查询结果,搜索用时 15 毫秒
1.
The project summarized in this article aims at developing techniques to support access control in Real-Time Distributed Collaborative Editors (RCE). The ever-increasing role of RCE in academic, industry and society comforts the expansion of data sharing and raises growing concerns about controlling access to this data. Indeed, RCE allow for a human–computer–human interaction in a decentralized fashion. Thus, access control for RCE requires a careful design since they need dynamic access changes and low latency access to shared document while maintaining its consistency.In this article, we propose a flexible access control model where the shared document and its authorization policy are replicated in the local memory of each user. To deal with latency and dynamic access changes, we use an optimistic access control technique in such a way that enforcement of authorizations is retroactive. Our model is generic enough to be deployed on the top of the most of existing logging-based collaborative systems. Indeed, it does not entail overheads and it does not affect the convergence of the shared document. We show that naive coordination between updates of both copies can create security holes on the shared document, by permitting illegal modifications or rejecting legal modifications and present our solutions to avoid these problems. Finally, we present a prototype for managing authorizations in collaborative editing work in a decentralized fashion. Thus our model may be deployed easily on mobile devices over P2P networks. 相似文献
2.
3.
4.
One aim of pervasive computing is to allow users to share their resources so that they seem to be part of a single pervasive computer. This is just an illusion, the result of the synergy between different systems and resources. SHAD, introduced in PerCom 2007, is the first architecture that offers actual Single Sign-On to avoid authentication obtrusiveness and maintain the illusion of a single, pervasive computer. This paper describes how SHAD allows users to securely share their resources in a easy, natural, and intuitive way. It also describes its role-based Human-to-Human architecture, the threat model, and the protocols involved. Last but not the least, it presents results of further evaluation for our working implementation. 相似文献
5.
信息安全是分布式协同建模仿真环境必须考虑的重要问题.访问控制是信息安全措施的重要内容之一.针对ARBAC模型没有涉及人员管理、不支持负权限、没有对角色的赋予过程进行控制、只定义了角色权限、灵活性欠佳等不足,提出了扩展的ARBAC访问控制模型.设计了具有层级结构的用户管理模型,提出了运用资质对角色赋予进行控制的方法,进而提出了组权限、角色权限、个人权限三者相结合的访问控制模型.所述访问控制模型能够支持复杂的权限定义,能够对用户实施分层管理,降低管理成本.根据思想设计的访问控制管理系统已在航空二集团某厂实施,收到了良好的效果. 相似文献
6.
Java移动代码是一种可以通过网络从一台计算机传珐另一台计算机上运行的Java程序,在现代网络计算及电子商务中具有广泛应用,Java的这一显著特性也蕴藏着授权管理上的不足,未授权者可以很容易地非法使用这些程序,针对Java移动代码的这些不足之处,分别对Java Applet及Java Applet及Java Servlet提出了基于数字签名算法的授权与访问控制方案,安全,有效地解决了这种新兴的授权与访问控制问题。 相似文献
7.
8.
Isma Masood Yongli Wang Ali Daud Naif Radi Aljohani Hassan Dawood 《Telematics and Informatics》2018,35(4):677-701
Patient Physiological Parameters (PPPs) seem to be the most extensively accessed and utilized Personal Health Information (PHI) in hospitals, and their utilization by the various medical entities for treatment and diagnosis creates a real threat to patient privacy. This study aims to investigate whether PPPs access in a hospital environment violates patient privacy. If so, to what extent can we manage patient privacy while accessing PPPs in this environment? We investigated this question by analyzing questionnaire-based data from two Asian countries: Group A (China) and Group B (Pakistan). For data collection, we targeted those medical entities which were directly dealing with PPPs in their routine tasks. Results suggest that patient type directly influences the collection of PPPs: Group A (one-time?=?1.9, follow-up?=?1.06) and Group B (one-time?=?2.0 and follow-up?=?1.9). Both groups agreed that patients have the right to control their own PPPs. In both, doctors are the most trusted entity: for Group A, the Pearson Chi-Square with one degree of freedom is 1.414, p?=?0.234, whereas for Group B, the Pearson Chi-Square with three degrees of freedom is 4.511, p?=?0.11. Most of the Group A entities (92%) are familiar with unauthorized access of PPPs, while in Group B the level was only 35%. In Group B, only 35% of entities stated the purpose, specification and use limitations of PPPs. Doctors in both groups showed a high utilization of PPPs read authorization rights. This empirical evidence about PPPs usage in both countries will benefit health technology and improve policy on patient privacy. 相似文献
9.
用APACHE+PHP+MYSQL实现网站自动更新 总被引:1,自引:0,他引:1
在分析建立自动更新网站必要性的基础上,较详细地说明了如何利用APACHE+PHP+MYSQL工具实现网站自动更新中的权限控制、资料上传、自动更新,并给出了网页的部分源代码. 相似文献
10.
Rafael Marín-LópezAuthor Vitae Fernando Pereñíguez Author VitaeGabriel López Author Vitae Alejandro Pérez-Méndez Author Vitae 《Computer Standards & Interfaces》2011,33(5):494-504
Kerberos is a well-known standard protocol which is becoming one of the most widely deployed for authentication and key distribution in application services. However, whereas service providers use the protocol to control their own subscribers, they do not widely deploy Kerberos infrastructures to handle subscribers coming from foreign domains, as happens in network federations. Instead, the deployment of Authentication, Authorization and Accounting (AAA) infrastructures has been preferred for that operation. Thus, the lack of a correct integration between these infrastructures and Kerberos limits the service access only to service provider's subscribers. To avoid this limitation, we design an architecture which integrates a Kerberos pre-authentication mechanism, based on the use of the Extensible Authentication Protocol (EAP), and advanced authorization, based on the standards SAML and XACML, to link the end user authentication and authorization performed through an AAA infrastructure with the delivery of Kerberos tickets in the service provider's domain. We detail the interfaces, protocols, operation and extensions required for our solution. Moreover, we discuss important aspects such as the implications on existing standards. 相似文献