普适计算的访问控制技术研究
|
摘要
随着信息技术的快速发展,基于网络的信息系统已经无处不在。任何人(Whoever)在任何时间(Whenever)和任何地点(Wherever)与任何他人(Whomever)以任何方式(Whatever)进行通信的目标正在实现,人们随时随地进行信息交换的愿望逐步变成现实,信息共享和信息获取越来越方便,普适计算时代正在向我们走来。然而,传统的信息安全技术已经难以满足普适计算系统的需求,正在面临着严峻的挑战。
访问控制是信息系统安全最基本的保障措施之一,对提高信息保障能力具有重要意义,普适计算的信息系统也不例外。因此,本文针对普适计算系统的访问控制问题展开研究,主要研究内容如下:
1.研究了普适计算的信任管理与基于信任的资源访问控制技术。在全面综述信任管理理论的基础上,提出了一种基于信任的资源访问控制模型RTAC(Role andTrust-degree based Access Control)。该模型在角色理论的框架下将用户信任关系作为授权管理的一种重要条件和约束,使信任度成为用户角色激活的重要依据;并为此给出了一种用于RTAC模型的用户信任度评估和度量方法,从基本信任度、行为信任度和推荐信任度三个维度衡量和计算用户的实时信任度,满足了普适计算系统的动态特性。
2.提出了一种基于用户访问行为的资源访问控制模型ABAC(Action BasedAccess Control)。用户访问系统资源的行为有其发生的特定时间和环境,通过引入受限的时间状态和环境状态,形式化定义了ABAC模型架构,并以CSCW系统的资源访问控制为背景描述了ABAC模型的应用方法。
3.分析了普适计算资源访问上下文的内涵,提出了一种上下文感知的资源访问控制方法CRAC(Context-aware Role-basedAccess Control)。将普适计算系统资源访问上下文归纳为平台安全上下文、用户信任上下文、时间上下文和空间上下文四个方面,并加以定义和描述,建立用户角色分配和激活的上下文约束,体现了资源访问的上下文依赖,改进了访问控制策略支持动态资源访问控制的能力。
4.对普适计算系统的细粒度资源访问控制问题进行了探索。将细粒度的资源访问控制定义为面向资源的细粒度访问控制和面向用户的细粒度访问控制两种类型,并重点研究了面向用户的细粒度资源访问控制机制。从用户的角度分别利用信任管理和上下文感知的原理构造了两种细粒度的资源访问控制方法TFAC(Trust-degree based Fine-grained Access Control)和CFAC(Context-aware Fine-grainedAccess Control),实现了差异化的用户访问权限获取,提高了访问控制的精确性和严密性。
With the rapid development of information technology, the network-basedinformation systems have become ubiquitous. The target that whoever can communicatewith whomever in whenever and from wherever by whatever ways is coming true; thedream of exchanging information anytime and anywhere is becoming a reality; sharinginformation and obtaining information is being more and more convenient; the era ofpervasive computing is coming to us. However, the changes in computing mode andapplication environments result in many differences between pervasive informationsystems and traditional network information systems, especially in information systemassurance and security, the traditional information security technology is facing severechallenges for its difficulty to meet the needs of pervasive computing systems.
Access control is one of the most fundamental protection measures for informationsystem security; it is of great significance for improving information assurance andsecurity, the same conditions for pervasive computing information system. Therefore,we study access control in pervasive computing system. The main contributions of thisthesis are as follows:
1. Trust management and trust based resources access control in pervasivecomputing are discussed. A Role and Trust-degree based Access Control (RTAC) modelis presented based on a comprehensive review on trust management theory. In RTAC,user trust degree is used as an important constraint condition for user role assignmentand a crucial evidence for session role activation. At the same time, an evaluation andmeasurement method is proposed for RTAC. User’s real time trust degree is composedof basic trust, behavior trust and recommendation trust to satisfy the dynamics ofpervasive information systems.
2. A user access Action Based Access Control (ABAC) model is proposed. Theaction of user’s access to system resources has its specifics in time and environment, sothe ABAC architecture can be defined formally by introducing restricted temporal statesand environmental states. Moreover, the method of applying ABAC model is illustratedin the scenario of resource access control for CSCW systems.
3. A Context-aware Role-based Access Control (CRAC) mechanism is presentedbased on research on context-awareness. The contents of context for resources access inpervasive computing are elaborated, including platform security context, user trustcontext, time context and space context. Context constraints on user-role assignments and activations represent context dependence in resources access, and improve thecapability of supporting dynamic resources access control in access control policies.
4. Fine-grained access control in pervasive computing system is explored.Fine-grained access control mechanisms are classified into two types, i.e.resource-oriented and user-oriented fine-grained access control; and the latter isobserved detailedly. Two user-oriented fine-grained access control methods thatTrust-degree based Fine-grained Access Control (TFAC) and Context-awareFine-grained Access Control (CFAC) are formalized using the theory of trustmanagement and the principle of context-awareness, respectively, for achievingdifferentiated user privileges and enhancing the accuracy and strictness of accesscontrol rules.
访问控制是信息系统安全最基本的保障措施之一,对提高信息保障能力具有重要意义,普适计算的信息系统也不例外。因此,本文针对普适计算系统的访问控制问题展开研究,主要研究内容如下:
1.研究了普适计算的信任管理与基于信任的资源访问控制技术。在全面综述信任管理理论的基础上,提出了一种基于信任的资源访问控制模型RTAC(Role andTrust-degree based Access Control)。该模型在角色理论的框架下将用户信任关系作为授权管理的一种重要条件和约束,使信任度成为用户角色激活的重要依据;并为此给出了一种用于RTAC模型的用户信任度评估和度量方法,从基本信任度、行为信任度和推荐信任度三个维度衡量和计算用户的实时信任度,满足了普适计算系统的动态特性。
2.提出了一种基于用户访问行为的资源访问控制模型ABAC(Action BasedAccess Control)。用户访问系统资源的行为有其发生的特定时间和环境,通过引入受限的时间状态和环境状态,形式化定义了ABAC模型架构,并以CSCW系统的资源访问控制为背景描述了ABAC模型的应用方法。
3.分析了普适计算资源访问上下文的内涵,提出了一种上下文感知的资源访问控制方法CRAC(Context-aware Role-basedAccess Control)。将普适计算系统资源访问上下文归纳为平台安全上下文、用户信任上下文、时间上下文和空间上下文四个方面,并加以定义和描述,建立用户角色分配和激活的上下文约束,体现了资源访问的上下文依赖,改进了访问控制策略支持动态资源访问控制的能力。
4.对普适计算系统的细粒度资源访问控制问题进行了探索。将细粒度的资源访问控制定义为面向资源的细粒度访问控制和面向用户的细粒度访问控制两种类型,并重点研究了面向用户的细粒度资源访问控制机制。从用户的角度分别利用信任管理和上下文感知的原理构造了两种细粒度的资源访问控制方法TFAC(Trust-degree based Fine-grained Access Control)和CFAC(Context-aware Fine-grainedAccess Control),实现了差异化的用户访问权限获取,提高了访问控制的精确性和严密性。
With the rapid development of information technology, the network-basedinformation systems have become ubiquitous. The target that whoever can communicatewith whomever in whenever and from wherever by whatever ways is coming true; thedream of exchanging information anytime and anywhere is becoming a reality; sharinginformation and obtaining information is being more and more convenient; the era ofpervasive computing is coming to us. However, the changes in computing mode andapplication environments result in many differences between pervasive informationsystems and traditional network information systems, especially in information systemassurance and security, the traditional information security technology is facing severechallenges for its difficulty to meet the needs of pervasive computing systems.
Access control is one of the most fundamental protection measures for informationsystem security; it is of great significance for improving information assurance andsecurity, the same conditions for pervasive computing information system. Therefore,we study access control in pervasive computing system. The main contributions of thisthesis are as follows:
1. Trust management and trust based resources access control in pervasivecomputing are discussed. A Role and Trust-degree based Access Control (RTAC) modelis presented based on a comprehensive review on trust management theory. In RTAC,user trust degree is used as an important constraint condition for user role assignmentand a crucial evidence for session role activation. At the same time, an evaluation andmeasurement method is proposed for RTAC. User’s real time trust degree is composedof basic trust, behavior trust and recommendation trust to satisfy the dynamics ofpervasive information systems.
2. A user access Action Based Access Control (ABAC) model is proposed. Theaction of user’s access to system resources has its specifics in time and environment, sothe ABAC architecture can be defined formally by introducing restricted temporal statesand environmental states. Moreover, the method of applying ABAC model is illustratedin the scenario of resource access control for CSCW systems.
3. A Context-aware Role-based Access Control (CRAC) mechanism is presentedbased on research on context-awareness. The contents of context for resources access inpervasive computing are elaborated, including platform security context, user trustcontext, time context and space context. Context constraints on user-role assignments and activations represent context dependence in resources access, and improve thecapability of supporting dynamic resources access control in access control policies.
4. Fine-grained access control in pervasive computing system is explored.Fine-grained access control mechanisms are classified into two types, i.e.resource-oriented and user-oriented fine-grained access control; and the latter isobserved detailedly. Two user-oriented fine-grained access control methods thatTrust-degree based Fine-grained Access Control (TFAC) and Context-awareFine-grained Access Control (CFAC) are formalized using the theory of trustmanagement and the principle of context-awareness, respectively, for achievingdifferentiated user privileges and enhancing the accuracy and strictness of accesscontrol rules.
引文
[1] Dertouzos M. The future of computing. Scientific American,1999,282(3):52~63.
[2] Garlan D, Siewiorek DP, Smailagic A, et al. Project aura: toward distraction-freepervasive computing. IEEE Pervasive Computing,2002,1(2):22~31.
[3] Salz P. The disappearing computer. Time Europe,2000,155(8):1~8.
[4] Johanson B, Fox A, Winograd T. The interactive workspaces project: experienceswith ubiquitous computing rooms. IEEE Pervasive Computing,2002,1(2):67~75.
[5] Endeavour Project. http://endeavour.cs.berkeley.edu.
[6] Stanford V. Using pervasive computing to deliver elder care. IEEE PervasiveComputing Mobile and Ubiquitous Systems,2002,1(1):10~13.
[7] DreamSpace Project. http://www.research.ibm.com/natural/dreamspace.
[8] Brumitt B, Meyers B, KrummJ, et al. EasyLiving: technologies for intelligentenvironments. Proceedings of the2nd International Symposium on Handheldand Ubiquitous Computing. Berlin: Springer Verlag,2000:12~27.
[9] Xie WK, Shi YC, Xu GY. Smart classroom-an intelligent environment for tele-education. Proceedings of the2nd IEEE Pacific-Rim Conference on Multimedia.Berlin: Springer Verlag,2001:662~668.
[10] Weiser M. The computer for the twenty-first century. Scientific American,1991,265(3):94~104.
[11]徐光祐,史元春,谢伟凯.普适计算.计算机学报,2003,26(9):1042~1050.
[12] Schmidt A. Implicit human computer interaction through context. PersonalTechnologies,2000,4(6):191~199.
[13] Rosenthal L, Stanford V. NIST information technology laboratory pervasivecomputing initiative. Proceedings of IEEE9th International Workshops onEnabling Technologies: Infrastructure for Collaborative Enterprises, NIST, USA,2000:30~36.
[14]郭亚军.普适计算安全的关键技术研究.博士学位论文.武汉:华中科技大学,2006.
[15] Lampson B. Protection. Proceedings of5th Princeton Symposium onInformation Science and Systems,1971.437~443. Reprinted in ACM OperatingSystems Review,1974,8(1):18~24.
[16] Harrison M, Ruzzo W, Ullman J. Protection in operating systems.Communications of the ACM,1976,19(8):461~471.
[17] Bell DE, LaPadula LJ. Secure computer systems: mathematical foundations.Technical Report M74-244, The MITRE Corporation, Bedford, Mass, May1973.
[18] Bell DE, LaPadula LJ. Secure computer systems: a mathematical model.Technical Report M74-244, The MITRE Corporation, Bedford, Mass, May1973.
[19] Bell DE, LaPadula LJ. Secure computer systems: a refinement of themathematical model. MTR-2547, Vol.Ⅲ, The MITRE Corporation, Bedford,Mass, April1974.
[20] Bell DE, LaPadula LJ. Secure computer systems: unified exposition and multicsinterpretation. Technical Report ESD-TR-75-306, The MITRE Corporation,Bedford, Massachusetts, March1975.
[21] Biba KJ. Integrity considerations for secure computer systems. Technical ReportTR-3153, The MITRE Corporation, Bedford, MA, April1977.
[22] Lipner SB. Non-discretionary controls for commercial applications. Proceedingsof IEEE Computer Society Symposium on Security and Privacy, Oakland, CA,May1982:2~10.
[23] Sandhu R. Lattice-based access control models. IEEE Computer,1993,26(11):9~19.
[24] Ferriaolo D, Kuhn R. Role-based access control. Proceedings of15thNIST-NCSC National Computer Security Conference. Baltimore, Maryland,USA, October1992:554~563.
[25] Sandhu R, Coyne E, Feinstein H, et al. Role-based access control models. IEEEComputer,1996,29(2):38~47.
[26] Sandhu R, Bhamidipati V, Munawer Q. The ARBAC97model for role-basedadministration of roles. ACM Transactions on Information and System Security,1997,2(1):105~135.
[27] Ferraiolo D, Sandhu R, Gavrila S, et al. Proposed NIST standard for role-basedaccess control. ACM Transactions on Information and System Security,2001,4(3):224~274.
[28]李怀明.电子政务系统中基于组织的访问控制技术研究.博士学位论文.大连:大连理工大学,2009.
[29] Gambetta D. Can we trust trust? Gambetta D (Ed.), Trust: Making and BreakingCooperative Relations. Basil Blackwell: Oxford press,1990:213~237.
[30] Mayer RC, Davis JH, Schoorman DF. An integrative model of organizationaltrust. The Academy of Management Review,1995,20(3):709~734.
[31] Huang J, Fox M. An ontology of trust: formal semantics and transitivity.Proceedings of the8th international conference on Electronic commerce.2006:ACM New York, NY, USA.
[32] Marsh SP. Formalizing trust as a computational concept. PhD Dissertation,University of Stirling, Scotland, U.K.,1994.
[33] Grandison T, Sloman M. A survey of trust in Internet applications. IEEECommunications Surveys and Tutorials,2000,3(4):1~30.
[34] Azzedin F, Maheswaran M. Evolving and managing trust in grid computingsystems. Proceedings of IEEE Canadian Conference on Electrical and ComputerEngineering, Washington, DC: IEEE Computer Society Press,2002:1424~1429.
[35] J sang A, Ismail R, Boyd C. A survey of trust and reputation systems for onlineservice provision. Decision Support Systems,2007,43(2):618~644.
[36] Donovan A, Yolanda G. A survey of trust in computer science and the SemanticWeb. Journal of Web Semantics,2007,5:58~71.
[37] Mohan A, Blough D. Attribute trust a framework for evaluating trust inaggregated attributes via a reputation system. Sixth Annual Conference onPrivacy, Security and Trust,2008.
[38] Chakraborty S, Ray I. TrustBAC integrating trust relationships into the RBACmodel for access control in open systems. SACMAT2006.
[39] Huang J, Nicol D. A calculus of trust and its application to PKI and identitymanagement. Proceedings of the8th Symposium on Identity and Trust on theInternet,2009.
[40] Rasmusson L, Janssen S. Simulated Social Control for Secure InternetCommerce. Proceedings of the1996New Security Paradigms Workshop. ACMpress,1996.
[41] Blaze M, Feigenbaum J, Lacy J. Decentralized trust management. Proceedings ofthe17th IEEE Symposium on Security and Privacy, Washington, DC: IEEEComputer Society Press,1996:164~l73.
[42] Blaze M, Feigenbaum J, Ioannidis J, et a1. The role of trust management indistributed systems security. Secure Internet Programming: Issues for Mobile andDistributed Objects. Berlin: Springer-Verlag,1999:185~2l0.
[43] Chu YH, Feigenbaum J, LaMacchia B, et al. REFEE: Trust management for webapplications. Computer Networks and ISDN Systems,1997,29(8-13):953~964.
[44] Blaze M, Feigenbaum J, Keromytis AD. Keynote: Trust management for publickey infrastructure. Cambridge1998Security Protocols International Workshop.Berlin: Springer—Verlag,1999:59~63.
[45] Abdul-Rahman A, Hailes S. A distributed trust model. Proceedings of the1997New Security Paradigms Workshop. Cumbria, UK. ACM Press,1998:48~60.
[46] Povey D. Developing electronic trust policies using a risk management model.Proceedings of the1999CQRE Congress.1999.
[47] J sang A, Tran N. Trust Management for E-Commerce.http://citeseer.nj.nec.com/375908.html,2000.
[48] Grandison T. Trust Management for Internet Applications. PhD Dissertation,2003.
[49] Diffie W, Hellman M. New directions in cryptography. IEEE Transactions onInformation Theory.1976,22(6):644~654.
[50] Kohnfelder LM. Towards a practical public-key cryptosystem. B.S. Thesis,1978.
[51] ITU-T. Recommendation x.509.1997. ISO/IEC;9594-8, information technology-open systems interconnection-the directory: Authentication framework,3rd Ed.,1997.
[52] Adams C, Farrell S. Internet x.509public key infrastructure certificatemanagement protocols. Request for Comments (RFC)2510, InternetEngineering Task Force, March1999.
[53] ITU-T. Recommendation x.509.2000; ISO/IEC.9594-8. information technology-open systems interconnection-the directory: Public-key and attribute certificateframeworks,4th Ed.,2000.
[54] Neufeld GW. Descriptive names in x.500. Proceedings of Symposium onCommunications architectures and protocols. Washington DC: ACM Press,1989:64~71.
[55] Zimmermann P. PGP source code and internals. Cambridge, MA, USA: MITPress,1995.
[56] ANSI. ANSI x9.45: Enhanced management controls using digital signatures andattribute certificates.1999.
[57] Carl M, Ellison C. Establishing identity without certification authorities.Proceedings of the6th USENIX Security Symposium, USENIX Association, SanJose, CA, USA, July1996:67~76.
[58] Rivest R, Lampson B. SDSI-a simple distributed security infrastructure.CRYPTO’96Rumpsession,1996.
[59] Ellison C, Frantz B, Lampson B, Rivest R, Thomas B, Ylonen T. Simple publickey certificate. Internet Draft draft-ietf-spki-cert-structure-06,1999.
[60] Blaze M, Feigenbaum J, Keromytis D. Keynote: Trust management forpublic-key infrastructures. Security Protocols-the6th International Workshop,LNCS1550, Springer-Verlag, Apr1999:59~63.
[61] Winsborough W, Seamons K, Jones V. Automated trust negotiation. Proceedingsof the DARPA Information Survivability Conference and Exposition.Washington DC: IEEE Press,2000.
[62] Barlow T, Hess A, Seamons KE. Trust negotiation in electronic markets.Proceedings of the8th Research Symposium in Emerging Electronic Markets.Maastricht,2001.
[63]李建欣,怀进鹏,李先贤.自动信任协商研究.软件学报,2006, l7(1):124~133.
[64] Yu T, Winslett M, Seamons KE. Interoperable strategies in Automated TrustNegotiation. ACM Conference on Computer and Communications Security.Philadelphia, Pennsylvania, USA: ACM,2001.
[65] Smith B, Seamons KE, Jones MD. Responding to policies at runtime inTrustBuilder. Proceedings of the5th International Workshop on Policies forDistributed Systems and Networks. New York, USA, June2004:149~158.
[66] Abdul-Rahman A, Hailes S. Supporting trust in virtual communities.Proceedings of International Conference on System Sciences. Hawaii,2000.
[67] Chang E, Dillon T, Hussain FK. Trust and Reputation for Service. OrientedEnvironments: Technologies for Building Business Intelligence and ConsumerConfidence. John Wiley&Sons,2005.
[68]曲向丽.网格环境下互信机制关键技术研究.博士学位论文,国防科技大学,2007.
[69] Beth T, Borcherding M, Klein B. Valuation of trust in open network. Proceedingsof the Third European Symposium on Research in Computer Security.Springer-Verlag,1994:3~18.
[70] J sang A, Knapskog S. A metric for trusted systems. Proceedings of the21stNational Security Conference,1998:16–29.
[71] J sang A. Trust-based decision making for electronic transactions. The FourthNordic Workshop on Secure IT Systems, Stockholm, Sweden,1999.
[72] J sang A. The right type of trust for distributed systems. Proceedings of the1996Workshop on New Security Paradigms. New York: ACM Press,1996:119~131.
[73] J sang A. A model for trust in security systems. Proceedings of the2nd NordicWorkshop on Secure Computer Systems,1997.
[74] J sang A. A subjective metric of authentication. Proceedings of the5th EuropeanSymposium on Research in Computer Security. Springer-Verlag,1998:329~344.
[75] J sang A. A Logic for uncertain propositions. International Journal ofUncertainty, Fuzziness and Knowledge-Based Systems,2001,9(3):1~30.
[76] J sang A. The consensus operator for combining beliefs. Artificial Intelligence,2002,1(2):157~170.
[77] Kagal L, Finin T, Anupnm J. Trust-Based Security in Pervasive ComputingEnvironments. IEEE Computer,2001,34(12):154~157.
[78] Almenarez F, Marin A, Campo C, et a1. PTM: A Pervasive Trust ManagementModel for Dynamic open Environments. Proceedings of the First Workshop onPervasive Security and Trust at MobiQuitous, Boston, USA,2004.
[79] Almenarez F, Marin A, Diaz D, Sanchez J. Developing a Model for TrustManagement in Pervasive Devices. Proceedings of the Third IEEE InternationalWorkshop on Pervasive Computing and Communication Security, at the FourthAnnual IEEE International Conference on Pervasive Computing andCommunications. Washington DC: IEEE Computer Society Press,2006:267~272.
[80] Almenarez F, Diaz D, Marin A. Secure Ad-hoc mBusiness: EnhancingWindowsCE security.Proceedings of the First Conference on Trust DigitalBusiness, Zaragoza, ESPAGNE. Springer, Berlin, ALLEMAGNE,2004:90~99.
[81] Jameel H, Hung LX, Kalim U, et a1. A Trust Model for Ubiquitous Systemsbased on Vectors of Trust Values.Proceedings of the Seventh IEEE InternationalSymposium on Multimedia. Washington DC: IEEE Computer Society,2005:674~679.
[82] Samarati P, Vimercati S. Access control: Policies, Models, and mechanisms.Focardi R, Gorrierieds R(Ed). Foundations of Security Analysis and Design.Berlin: Springer-Verlag,2000:137~196.
[83] Almenarez F, Marin A, Campo C, et a1. TrustAC: Trust-Based access control forpervasive devices. LNCS450. Berlin: Springer-Verlag,2005:225~238.
[84]刘宏月,范九伦,马建峰.访问控制技术研究进展.小型微型计算机系统,2004,25(1):56~59.
[85] Ferraiolo D, Kuhn R. Role-based access controls. Proceedings of the15th NIST-NCSC National Computer Security Conference. Bultimore Maryland, USA,October1992:554~563.
[86] Ferraiolo D, Sandhu R, Gavrila S, et al. Proposed NIST standard for role-basedaccess control. ACM Transaction on Information and Systems Security,2001,4(3):224~274.
[87] American National Standards Institute Inc. Role based access control, ANSI-INCITS359-2004,2004.
[88] Sandhu R and Zhang X. Peer-to-peer access control architecture using trustedcomputing technology. Proceedings of the10th ACM Symposium on AccessControl Models and Technologies, Stockholm, Sweeden, June2005:147~158.
[89] Edjlali G, Acharya A, Chaudhary V. History-based access control for mobilecode. Proceedings of the5th ACM Conference on Computer andCommunication Security, San Francisco, California, USA, November1998:38~48.
[90] Ray I, Chakraborty S. A vector model of trust for developing trustworthysystems. Proceedings of the9th European Symposium of Research inComputer Security, volume3193of Lecture Notes in Computer Science, SophiaAntipolis, France, September2004:260~275.
[91] Chakraborty S, Ray I. TrustBAC-integrating trust relationships into the RBACmodel for access control in open systems. Proceedings of the11th ACMSymposium on Access Control Models And Technologies, Lake Tahoe,California, USA, June2006:49~58.
[92] Almenarez F, Marin A, Campo C, et a1. TrustAC: Trust-Based access control forpervasive devices. LNCS450. Berlin: Springer-Verlag,2005:225~238.
[93] Damiani E, Vimercati S, Samarati P. New paradigm for access control in openenvironments. Proceedings of the5th IEEE Symposium on Signal Processingand Information Technology, Athens, Greece, December2005.
[94] Sandhu R, Coyne E, Feinstein H, Youman C. Role-Based Access ControlModels. IEEE Computer,1996,29(2):38~47.
[95] Bertino E, Bonatti P, Ferrari E. TRBAC: A Temporal Role-Based Access ControlModel. ACM Transactions on Information and System Security.2001,4(3):191~223.
[96] Joshi J, Bertino E, Latif U, et al. A generalized temporal role-based accesscontrol model. IEEE Transactions on Knowledge and Data Engineering,2005,17(1):4~23.
[97] Joshi J, Bertino E, Ghafoor A. An analysis of expressiveness and design issuesfor the generalized temporal role-based access control model. IEEE Transactionson Dependable and Secure Computing,2005,2(2):157~175.
[98] Covington M, Long W, Srinivasan S. Securing context-aware applications usingenvironment roles. Proceedings of the6th ACM Symposium on Access ControlModels and Technologies. Chantilly, Virginia, USA. ACM Press,2001:10~20.
[99] Ray I, Kumar M, Yu L. LRBAC: a location-aware role-based access controlmodel. Proceedings of the Second International Conference on InformationSystems Security (ICISS2006). Kolkata, India: Springer-Verlag,2006:147~161.
[100] Wang L, Wijesekera D, Jajodia S. A logic-based framework for attribute basedaccess control. Proceedings of the2004ACM workshop on Formal methods insecurity engineering. ACM Press, New York, USA.2004:45~55.
[101] Priebe T, Dobmeier W, Kamprath N. Supporting attribute-based access controlwith ontologies. Proceedings of the1st International Conference on Availability,Reliability and Security, IEEE Computer Society, Vienna, Austria.2006:465~472.
[102] Guth S, Simon B, Zdun U. A contract and rights management framework designfor interacting brokers. Proceedings of the36th International Conference onSystem Sciences, IEEE Computer Society, Big Island, Hawaii, USA.2003:283~293.
[103] Park J S, Hwang J. Role-based Access Control for Collaborative Enterprise inPeer-to-Peer Computing Environments. Proceedings of the8th ACMSymposium on Access Control Models and Technologies, ACM Press, VillaGallia, Como, Italy.2003:93~99.
[104] Shaflq B, Bertino E, Ghafoor A. Access Control Management in a DistributedEnvironment Supporting Dynamic Collaboration. Proceedings of the2005Workshop on Digital Identity Management,ACM Press,Fairfax, Virginia, USA.2005:104~112.
[105] Cui XT, Chen YL, Gu JZ. Ex-RBAC: An Extended Role Based Access ControlModel for Location-aware Mobile Collaboration System. Proceedings of the2ndInternational Conference on Interact Monitoring and Protection, IEEE ComputerSociety, Silicon Valley, USA.2007:36~41.
[106] Furst K, Schmidt T, Wippel G. Managing Access in Extended EnterpriseNetworks. IEEE Internet Computing.2002,6(5):67~74
[107] Lee CN, Chiang CW, Horng MF. Collaborative web computing environment: aninfrastructure for scientific computation. IEEE Internet Computing,2000,4(2):27~35.
[108] Bammigatti PH, Rao DPR. Generic WA-RBAC: role based access control modelfor web applications. Proceedings of the9th International Conference onInformation Technology, IEEE Computer Society, Bhubaneswar, India.2006:237~240.
[109] Dong LJ, Yu SS, Ouyang K. The dynamic endpoint-based access control modelon VPN. Proceedings of the International Conference on Networking,Architecture, and Storage, IEEE Computer Society, Guilin, China.2007:44~54.
[110] Thomas R, Sandhu R. Task-Based authentication controls (TBAC): A family ofmodels for active and enterprise-oriented authentication management.Proceedings of the IFIP WGll.3Workshop on Database Security, l997:166~181.
[111] Sejong Oh, Seog Park. Task-role-based access control model. InformationSystems,2003(28):533~562.
[112] Damiani M, Bertino E, Catania B. GEO-RBAC: A spatially aware RBAC. ACMTransactions on Information and System Security,2007,10(1):1~42.
[113]张宏,贺也平,石志国.一个支持空间上下文的访问控制形式模型.中国科学E辑:信息科学,2007,37(2):254~271.
[114] Ray I, Toahchoodee M. A spatio-temporal role-based access control model.Proceedings of the21st Annual IFIP WG11.3Working Conference on Data andApplication Security, LNCS, Vol.4602,2007:211~226.
[115] Ray I, Toahchoodee M. A spatio-temporal access control model supportingdelegation for pervasive computing applications. Proceedings of the5thInternational Conference on Trust, Privacy and Security in Digital Business,LNCS, Vol.5185,2008:48~58.
[116] Chen L, Crampton J. On spatio-temporal constraints and inheritance inrole-based access control. Proceedings of the2008ACM symposium onInformation, computer and communications security. New York, NY, USA,ACM Press,2008:205~216.
[117]李凤华,王巍,马建峰,等.基于行为的访问控制模型及其行为管理.电子学报,2008,36(10):1881~1890.
[118] Abowd G, Mynatt E. Charting past, present, and future research in ubiquitouscomputing. ACM Transactions on Human-Computer Interaction,2000,7(1):29~58.
[119] Want R, Hopper A, Falcao V, et al. The active badge location system. ACMTransactions on Information Systems,1992,10(1):91~102.
[120] Fletcher R. Low-cost electromagnetic tagging: design and implementation:[PhDDissertation]. Massachusetts, USA: MIT Media Lab,2001.
[121] Essa I. Computers seeing people. AI Magazine,1999,20(1):69~82.
[122] Orr RJ, Abowd G. The smart floor: A mechanism for natural user identificationand tracking. Proceedings of the CHI2000Human Factors in ComputingSystems. New York: ACM Press,2000:275~276.
[123] Demirdjian D, Tollmar K, Koile K, et al. Activity maps for location-awarecomputing. Proceedings of the Sixth IEEE Workshop on Applications ofComputer Vision, Orlando, Florida,2002:70~78.
[124] Krumm J, Harris S, Meyers B, et al. Multi-camera multi-person tracking foreasyliving. Proceedings of the IEEE Workshop on Visual Surveillance.Washington: IEEE Computer Society Press,2000:3~10.
[125] Pentland A. Perceptual intelligence. Communications of the ACM,2000,43(3):35~44.
[126] Ward A, Jones A, Hopper A. A new location technique for the active office.IEEE Personal Communications,1997,4(5):42~47.
[127] Priyantha N, Chakraborty A, Balakrishnan H. The cricket location supportsystem. Proceedings the Sixth Annual ACM/IEEE International Conference onMobile Computing and Networking. New York: ACM Press,2000:32~43.
[128] Bahl P, Padmanabhan V. Radar: an in-building RF-based user location andtracking system. In: Proceedings of the19th Annual Joint Conference of theIEEE Computer and Communications Societies. Washington: IEEE ComputerSociety Press,2000:775~784.
[129] Castro P, Chiu P, Kremenek T, et al. A probabilistic location service for wirelessnetwork environments. In: Proceedings of the International Conference onUbiquitous Computing (Ubicomp). Berlin: Springer-Verlag,2001:18~24.
[130] DoD. Trusted Computer System Evaluation Criteria (TCSEC), DoD5200.28-STD.
[131] TCG. Trusted Computing Group. http://www.trustedcomputinggroup.org
[132] Smith S. Trusted computing platforms: design and applications. Boston: Springer,2005.
[133]刘宏月,阎军智,马建峰.基于可信度的细粒度RBAC访问控制模型框架.通信学报,2009,30(10A):51~57.
[134] Roichman A, Gudes E. Fine-grained Access Control to Web Databases.Proceedings of SACMAT’2007:31~40. Sophia Antipolis, France, June20-22,2007.
[135] Li X L, Naeem NA, Kemme B. Fine-Granularity Access Control in3-tierLaboratory Information Systems. Proceedings of the9th International DatabaseEngineering&Application Symposium:391~397. Montreal, Canada July25-27,2005.
[136] Sujansky WV, Faus SA, Stone E, Brennan PF. A method to implementfine-grained access control for personal health records through standardrelational database queries. Journal of Biomedical Informatics,2010,43(5),Supplement1: S46~S50.
[137]熊金波,马建峰.多媒体数据库安全多级访问控制模型.通信学报,2011.
[138]廖俊国,洪帆,肖海军,张昭理.细粒度的基于角色的访问控制模型.计算机工程与应用,2007,43(34),138~140.
[139] Ruohomaa S., Kutvonen L. Trust management survey. Proceedings of the iTrustThird International Conference on Trust Management, LNCS3477,Springer-Verlag, Berlin Heidelberg,2005:77~92.
[140] Caronni G. Walking the Web of trust. Proceedings of the IEEE9th InternationalWorkshops on Enabling Technologies: Infrastructure for CollaborativeEnterprises. IEEE Press,2000:153~l59.
[141] Povey D. Developing electronic trust policies using a risk management model.Proceedings of the1999CQRE Congress.1999:1~16.
[142] Abdul-Rahman A, Hailes S. Using recommendation for managing trust indistributed systems. Proceedings of the IEEE Malaysia International Conferenceon Communication’97(MICC’97). Kuala Lumper: IEEE Press, l997.
[143] Manchala DW. E-commerce trust metrics and models. IEEE Internet Computing,2000.
[144] Khambatti M, Dasgupta P, Ryu KD. A role-based model for peer-to-peercommunities and dynamic coalitions. Proceedings of the2nd IEEE InternationalInformation Assurance Workshop. New York: IEEE Press,2004:141~154.
[145] Zacharia G, Maes P. Trust management through reputation mechanisms. AppliedArtificial Intelligence.2000, l4(8):881~907.
[146] Zacharia G, Moukas A, Maes P. Collaborative reputation mechanisms inelectronic marketplaces. Proceedings of the32nd Annual Hawaii InternationalConference on System Sciences,(HICSS-32).1999.
[147] Liang ZQ, Shi WS. PET: A personalized trust model with reputation and riskevaluation for p2p resource sharing. The38th International Conference onSystem Science, Hawaii,2005:256~264.
[148] Sabater J, Sierra C. Reputation and social network analysis in multi-agentsystems. First International Joint Conference on Autonomous Agents andMulti-Agent Sysms, Bologna, Italy,2002.
[149] Song S, Hwang K, Zhou RF. Trusted P2P Transactions with Fuzzy ReputationAggregation. IEEE Internet Computing,18~28,2005.
[150] Yu B, Singh MP, Sycara K. Developing Trust in Large-Scale Peer-to-PeerSystems. Proceedings of the1st IEEE Symposium on Multi-Agent Security andSurviablility, Philadepllia,2004.
[2] Garlan D, Siewiorek DP, Smailagic A, et al. Project aura: toward distraction-freepervasive computing. IEEE Pervasive Computing,2002,1(2):22~31.
[3] Salz P. The disappearing computer. Time Europe,2000,155(8):1~8.
[4] Johanson B, Fox A, Winograd T. The interactive workspaces project: experienceswith ubiquitous computing rooms. IEEE Pervasive Computing,2002,1(2):67~75.
[5] Endeavour Project. http://endeavour.cs.berkeley.edu.
[6] Stanford V. Using pervasive computing to deliver elder care. IEEE PervasiveComputing Mobile and Ubiquitous Systems,2002,1(1):10~13.
[7] DreamSpace Project. http://www.research.ibm.com/natural/dreamspace.
[8] Brumitt B, Meyers B, KrummJ, et al. EasyLiving: technologies for intelligentenvironments. Proceedings of the2nd International Symposium on Handheldand Ubiquitous Computing. Berlin: Springer Verlag,2000:12~27.
[9] Xie WK, Shi YC, Xu GY. Smart classroom-an intelligent environment for tele-education. Proceedings of the2nd IEEE Pacific-Rim Conference on Multimedia.Berlin: Springer Verlag,2001:662~668.
[10] Weiser M. The computer for the twenty-first century. Scientific American,1991,265(3):94~104.
[11]徐光祐,史元春,谢伟凯.普适计算.计算机学报,2003,26(9):1042~1050.
[12] Schmidt A. Implicit human computer interaction through context. PersonalTechnologies,2000,4(6):191~199.
[13] Rosenthal L, Stanford V. NIST information technology laboratory pervasivecomputing initiative. Proceedings of IEEE9th International Workshops onEnabling Technologies: Infrastructure for Collaborative Enterprises, NIST, USA,2000:30~36.
[14]郭亚军.普适计算安全的关键技术研究.博士学位论文.武汉:华中科技大学,2006.
[15] Lampson B. Protection. Proceedings of5th Princeton Symposium onInformation Science and Systems,1971.437~443. Reprinted in ACM OperatingSystems Review,1974,8(1):18~24.
[16] Harrison M, Ruzzo W, Ullman J. Protection in operating systems.Communications of the ACM,1976,19(8):461~471.
[17] Bell DE, LaPadula LJ. Secure computer systems: mathematical foundations.Technical Report M74-244, The MITRE Corporation, Bedford, Mass, May1973.
[18] Bell DE, LaPadula LJ. Secure computer systems: a mathematical model.Technical Report M74-244, The MITRE Corporation, Bedford, Mass, May1973.
[19] Bell DE, LaPadula LJ. Secure computer systems: a refinement of themathematical model. MTR-2547, Vol.Ⅲ, The MITRE Corporation, Bedford,Mass, April1974.
[20] Bell DE, LaPadula LJ. Secure computer systems: unified exposition and multicsinterpretation. Technical Report ESD-TR-75-306, The MITRE Corporation,Bedford, Massachusetts, March1975.
[21] Biba KJ. Integrity considerations for secure computer systems. Technical ReportTR-3153, The MITRE Corporation, Bedford, MA, April1977.
[22] Lipner SB. Non-discretionary controls for commercial applications. Proceedingsof IEEE Computer Society Symposium on Security and Privacy, Oakland, CA,May1982:2~10.
[23] Sandhu R. Lattice-based access control models. IEEE Computer,1993,26(11):9~19.
[24] Ferriaolo D, Kuhn R. Role-based access control. Proceedings of15thNIST-NCSC National Computer Security Conference. Baltimore, Maryland,USA, October1992:554~563.
[25] Sandhu R, Coyne E, Feinstein H, et al. Role-based access control models. IEEEComputer,1996,29(2):38~47.
[26] Sandhu R, Bhamidipati V, Munawer Q. The ARBAC97model for role-basedadministration of roles. ACM Transactions on Information and System Security,1997,2(1):105~135.
[27] Ferraiolo D, Sandhu R, Gavrila S, et al. Proposed NIST standard for role-basedaccess control. ACM Transactions on Information and System Security,2001,4(3):224~274.
[28]李怀明.电子政务系统中基于组织的访问控制技术研究.博士学位论文.大连:大连理工大学,2009.
[29] Gambetta D. Can we trust trust? Gambetta D (Ed.), Trust: Making and BreakingCooperative Relations. Basil Blackwell: Oxford press,1990:213~237.
[30] Mayer RC, Davis JH, Schoorman DF. An integrative model of organizationaltrust. The Academy of Management Review,1995,20(3):709~734.
[31] Huang J, Fox M. An ontology of trust: formal semantics and transitivity.Proceedings of the8th international conference on Electronic commerce.2006:ACM New York, NY, USA.
[32] Marsh SP. Formalizing trust as a computational concept. PhD Dissertation,University of Stirling, Scotland, U.K.,1994.
[33] Grandison T, Sloman M. A survey of trust in Internet applications. IEEECommunications Surveys and Tutorials,2000,3(4):1~30.
[34] Azzedin F, Maheswaran M. Evolving and managing trust in grid computingsystems. Proceedings of IEEE Canadian Conference on Electrical and ComputerEngineering, Washington, DC: IEEE Computer Society Press,2002:1424~1429.
[35] J sang A, Ismail R, Boyd C. A survey of trust and reputation systems for onlineservice provision. Decision Support Systems,2007,43(2):618~644.
[36] Donovan A, Yolanda G. A survey of trust in computer science and the SemanticWeb. Journal of Web Semantics,2007,5:58~71.
[37] Mohan A, Blough D. Attribute trust a framework for evaluating trust inaggregated attributes via a reputation system. Sixth Annual Conference onPrivacy, Security and Trust,2008.
[38] Chakraborty S, Ray I. TrustBAC integrating trust relationships into the RBACmodel for access control in open systems. SACMAT2006.
[39] Huang J, Nicol D. A calculus of trust and its application to PKI and identitymanagement. Proceedings of the8th Symposium on Identity and Trust on theInternet,2009.
[40] Rasmusson L, Janssen S. Simulated Social Control for Secure InternetCommerce. Proceedings of the1996New Security Paradigms Workshop. ACMpress,1996.
[41] Blaze M, Feigenbaum J, Lacy J. Decentralized trust management. Proceedings ofthe17th IEEE Symposium on Security and Privacy, Washington, DC: IEEEComputer Society Press,1996:164~l73.
[42] Blaze M, Feigenbaum J, Ioannidis J, et a1. The role of trust management indistributed systems security. Secure Internet Programming: Issues for Mobile andDistributed Objects. Berlin: Springer-Verlag,1999:185~2l0.
[43] Chu YH, Feigenbaum J, LaMacchia B, et al. REFEE: Trust management for webapplications. Computer Networks and ISDN Systems,1997,29(8-13):953~964.
[44] Blaze M, Feigenbaum J, Keromytis AD. Keynote: Trust management for publickey infrastructure. Cambridge1998Security Protocols International Workshop.Berlin: Springer—Verlag,1999:59~63.
[45] Abdul-Rahman A, Hailes S. A distributed trust model. Proceedings of the1997New Security Paradigms Workshop. Cumbria, UK. ACM Press,1998:48~60.
[46] Povey D. Developing electronic trust policies using a risk management model.Proceedings of the1999CQRE Congress.1999.
[47] J sang A, Tran N. Trust Management for E-Commerce.http://citeseer.nj.nec.com/375908.html,2000.
[48] Grandison T. Trust Management for Internet Applications. PhD Dissertation,2003.
[49] Diffie W, Hellman M. New directions in cryptography. IEEE Transactions onInformation Theory.1976,22(6):644~654.
[50] Kohnfelder LM. Towards a practical public-key cryptosystem. B.S. Thesis,1978.
[51] ITU-T. Recommendation x.509.1997. ISO/IEC;9594-8, information technology-open systems interconnection-the directory: Authentication framework,3rd Ed.,1997.
[52] Adams C, Farrell S. Internet x.509public key infrastructure certificatemanagement protocols. Request for Comments (RFC)2510, InternetEngineering Task Force, March1999.
[53] ITU-T. Recommendation x.509.2000; ISO/IEC.9594-8. information technology-open systems interconnection-the directory: Public-key and attribute certificateframeworks,4th Ed.,2000.
[54] Neufeld GW. Descriptive names in x.500. Proceedings of Symposium onCommunications architectures and protocols. Washington DC: ACM Press,1989:64~71.
[55] Zimmermann P. PGP source code and internals. Cambridge, MA, USA: MITPress,1995.
[56] ANSI. ANSI x9.45: Enhanced management controls using digital signatures andattribute certificates.1999.
[57] Carl M, Ellison C. Establishing identity without certification authorities.Proceedings of the6th USENIX Security Symposium, USENIX Association, SanJose, CA, USA, July1996:67~76.
[58] Rivest R, Lampson B. SDSI-a simple distributed security infrastructure.CRYPTO’96Rumpsession,1996.
[59] Ellison C, Frantz B, Lampson B, Rivest R, Thomas B, Ylonen T. Simple publickey certificate. Internet Draft draft-ietf-spki-cert-structure-06,1999.
[60] Blaze M, Feigenbaum J, Keromytis D. Keynote: Trust management forpublic-key infrastructures. Security Protocols-the6th International Workshop,LNCS1550, Springer-Verlag, Apr1999:59~63.
[61] Winsborough W, Seamons K, Jones V. Automated trust negotiation. Proceedingsof the DARPA Information Survivability Conference and Exposition.Washington DC: IEEE Press,2000.
[62] Barlow T, Hess A, Seamons KE. Trust negotiation in electronic markets.Proceedings of the8th Research Symposium in Emerging Electronic Markets.Maastricht,2001.
[63]李建欣,怀进鹏,李先贤.自动信任协商研究.软件学报,2006, l7(1):124~133.
[64] Yu T, Winslett M, Seamons KE. Interoperable strategies in Automated TrustNegotiation. ACM Conference on Computer and Communications Security.Philadelphia, Pennsylvania, USA: ACM,2001.
[65] Smith B, Seamons KE, Jones MD. Responding to policies at runtime inTrustBuilder. Proceedings of the5th International Workshop on Policies forDistributed Systems and Networks. New York, USA, June2004:149~158.
[66] Abdul-Rahman A, Hailes S. Supporting trust in virtual communities.Proceedings of International Conference on System Sciences. Hawaii,2000.
[67] Chang E, Dillon T, Hussain FK. Trust and Reputation for Service. OrientedEnvironments: Technologies for Building Business Intelligence and ConsumerConfidence. John Wiley&Sons,2005.
[68]曲向丽.网格环境下互信机制关键技术研究.博士学位论文,国防科技大学,2007.
[69] Beth T, Borcherding M, Klein B. Valuation of trust in open network. Proceedingsof the Third European Symposium on Research in Computer Security.Springer-Verlag,1994:3~18.
[70] J sang A, Knapskog S. A metric for trusted systems. Proceedings of the21stNational Security Conference,1998:16–29.
[71] J sang A. Trust-based decision making for electronic transactions. The FourthNordic Workshop on Secure IT Systems, Stockholm, Sweden,1999.
[72] J sang A. The right type of trust for distributed systems. Proceedings of the1996Workshop on New Security Paradigms. New York: ACM Press,1996:119~131.
[73] J sang A. A model for trust in security systems. Proceedings of the2nd NordicWorkshop on Secure Computer Systems,1997.
[74] J sang A. A subjective metric of authentication. Proceedings of the5th EuropeanSymposium on Research in Computer Security. Springer-Verlag,1998:329~344.
[75] J sang A. A Logic for uncertain propositions. International Journal ofUncertainty, Fuzziness and Knowledge-Based Systems,2001,9(3):1~30.
[76] J sang A. The consensus operator for combining beliefs. Artificial Intelligence,2002,1(2):157~170.
[77] Kagal L, Finin T, Anupnm J. Trust-Based Security in Pervasive ComputingEnvironments. IEEE Computer,2001,34(12):154~157.
[78] Almenarez F, Marin A, Campo C, et a1. PTM: A Pervasive Trust ManagementModel for Dynamic open Environments. Proceedings of the First Workshop onPervasive Security and Trust at MobiQuitous, Boston, USA,2004.
[79] Almenarez F, Marin A, Diaz D, Sanchez J. Developing a Model for TrustManagement in Pervasive Devices. Proceedings of the Third IEEE InternationalWorkshop on Pervasive Computing and Communication Security, at the FourthAnnual IEEE International Conference on Pervasive Computing andCommunications. Washington DC: IEEE Computer Society Press,2006:267~272.
[80] Almenarez F, Diaz D, Marin A. Secure Ad-hoc mBusiness: EnhancingWindowsCE security.Proceedings of the First Conference on Trust DigitalBusiness, Zaragoza, ESPAGNE. Springer, Berlin, ALLEMAGNE,2004:90~99.
[81] Jameel H, Hung LX, Kalim U, et a1. A Trust Model for Ubiquitous Systemsbased on Vectors of Trust Values.Proceedings of the Seventh IEEE InternationalSymposium on Multimedia. Washington DC: IEEE Computer Society,2005:674~679.
[82] Samarati P, Vimercati S. Access control: Policies, Models, and mechanisms.Focardi R, Gorrierieds R(Ed). Foundations of Security Analysis and Design.Berlin: Springer-Verlag,2000:137~196.
[83] Almenarez F, Marin A, Campo C, et a1. TrustAC: Trust-Based access control forpervasive devices. LNCS450. Berlin: Springer-Verlag,2005:225~238.
[84]刘宏月,范九伦,马建峰.访问控制技术研究进展.小型微型计算机系统,2004,25(1):56~59.
[85] Ferraiolo D, Kuhn R. Role-based access controls. Proceedings of the15th NIST-NCSC National Computer Security Conference. Bultimore Maryland, USA,October1992:554~563.
[86] Ferraiolo D, Sandhu R, Gavrila S, et al. Proposed NIST standard for role-basedaccess control. ACM Transaction on Information and Systems Security,2001,4(3):224~274.
[87] American National Standards Institute Inc. Role based access control, ANSI-INCITS359-2004,2004.
[88] Sandhu R and Zhang X. Peer-to-peer access control architecture using trustedcomputing technology. Proceedings of the10th ACM Symposium on AccessControl Models and Technologies, Stockholm, Sweeden, June2005:147~158.
[89] Edjlali G, Acharya A, Chaudhary V. History-based access control for mobilecode. Proceedings of the5th ACM Conference on Computer andCommunication Security, San Francisco, California, USA, November1998:38~48.
[90] Ray I, Chakraborty S. A vector model of trust for developing trustworthysystems. Proceedings of the9th European Symposium of Research inComputer Security, volume3193of Lecture Notes in Computer Science, SophiaAntipolis, France, September2004:260~275.
[91] Chakraborty S, Ray I. TrustBAC-integrating trust relationships into the RBACmodel for access control in open systems. Proceedings of the11th ACMSymposium on Access Control Models And Technologies, Lake Tahoe,California, USA, June2006:49~58.
[92] Almenarez F, Marin A, Campo C, et a1. TrustAC: Trust-Based access control forpervasive devices. LNCS450. Berlin: Springer-Verlag,2005:225~238.
[93] Damiani E, Vimercati S, Samarati P. New paradigm for access control in openenvironments. Proceedings of the5th IEEE Symposium on Signal Processingand Information Technology, Athens, Greece, December2005.
[94] Sandhu R, Coyne E, Feinstein H, Youman C. Role-Based Access ControlModels. IEEE Computer,1996,29(2):38~47.
[95] Bertino E, Bonatti P, Ferrari E. TRBAC: A Temporal Role-Based Access ControlModel. ACM Transactions on Information and System Security.2001,4(3):191~223.
[96] Joshi J, Bertino E, Latif U, et al. A generalized temporal role-based accesscontrol model. IEEE Transactions on Knowledge and Data Engineering,2005,17(1):4~23.
[97] Joshi J, Bertino E, Ghafoor A. An analysis of expressiveness and design issuesfor the generalized temporal role-based access control model. IEEE Transactionson Dependable and Secure Computing,2005,2(2):157~175.
[98] Covington M, Long W, Srinivasan S. Securing context-aware applications usingenvironment roles. Proceedings of the6th ACM Symposium on Access ControlModels and Technologies. Chantilly, Virginia, USA. ACM Press,2001:10~20.
[99] Ray I, Kumar M, Yu L. LRBAC: a location-aware role-based access controlmodel. Proceedings of the Second International Conference on InformationSystems Security (ICISS2006). Kolkata, India: Springer-Verlag,2006:147~161.
[100] Wang L, Wijesekera D, Jajodia S. A logic-based framework for attribute basedaccess control. Proceedings of the2004ACM workshop on Formal methods insecurity engineering. ACM Press, New York, USA.2004:45~55.
[101] Priebe T, Dobmeier W, Kamprath N. Supporting attribute-based access controlwith ontologies. Proceedings of the1st International Conference on Availability,Reliability and Security, IEEE Computer Society, Vienna, Austria.2006:465~472.
[102] Guth S, Simon B, Zdun U. A contract and rights management framework designfor interacting brokers. Proceedings of the36th International Conference onSystem Sciences, IEEE Computer Society, Big Island, Hawaii, USA.2003:283~293.
[103] Park J S, Hwang J. Role-based Access Control for Collaborative Enterprise inPeer-to-Peer Computing Environments. Proceedings of the8th ACMSymposium on Access Control Models and Technologies, ACM Press, VillaGallia, Como, Italy.2003:93~99.
[104] Shaflq B, Bertino E, Ghafoor A. Access Control Management in a DistributedEnvironment Supporting Dynamic Collaboration. Proceedings of the2005Workshop on Digital Identity Management,ACM Press,Fairfax, Virginia, USA.2005:104~112.
[105] Cui XT, Chen YL, Gu JZ. Ex-RBAC: An Extended Role Based Access ControlModel for Location-aware Mobile Collaboration System. Proceedings of the2ndInternational Conference on Interact Monitoring and Protection, IEEE ComputerSociety, Silicon Valley, USA.2007:36~41.
[106] Furst K, Schmidt T, Wippel G. Managing Access in Extended EnterpriseNetworks. IEEE Internet Computing.2002,6(5):67~74
[107] Lee CN, Chiang CW, Horng MF. Collaborative web computing environment: aninfrastructure for scientific computation. IEEE Internet Computing,2000,4(2):27~35.
[108] Bammigatti PH, Rao DPR. Generic WA-RBAC: role based access control modelfor web applications. Proceedings of the9th International Conference onInformation Technology, IEEE Computer Society, Bhubaneswar, India.2006:237~240.
[109] Dong LJ, Yu SS, Ouyang K. The dynamic endpoint-based access control modelon VPN. Proceedings of the International Conference on Networking,Architecture, and Storage, IEEE Computer Society, Guilin, China.2007:44~54.
[110] Thomas R, Sandhu R. Task-Based authentication controls (TBAC): A family ofmodels for active and enterprise-oriented authentication management.Proceedings of the IFIP WGll.3Workshop on Database Security, l997:166~181.
[111] Sejong Oh, Seog Park. Task-role-based access control model. InformationSystems,2003(28):533~562.
[112] Damiani M, Bertino E, Catania B. GEO-RBAC: A spatially aware RBAC. ACMTransactions on Information and System Security,2007,10(1):1~42.
[113]张宏,贺也平,石志国.一个支持空间上下文的访问控制形式模型.中国科学E辑:信息科学,2007,37(2):254~271.
[114] Ray I, Toahchoodee M. A spatio-temporal role-based access control model.Proceedings of the21st Annual IFIP WG11.3Working Conference on Data andApplication Security, LNCS, Vol.4602,2007:211~226.
[115] Ray I, Toahchoodee M. A spatio-temporal access control model supportingdelegation for pervasive computing applications. Proceedings of the5thInternational Conference on Trust, Privacy and Security in Digital Business,LNCS, Vol.5185,2008:48~58.
[116] Chen L, Crampton J. On spatio-temporal constraints and inheritance inrole-based access control. Proceedings of the2008ACM symposium onInformation, computer and communications security. New York, NY, USA,ACM Press,2008:205~216.
[117]李凤华,王巍,马建峰,等.基于行为的访问控制模型及其行为管理.电子学报,2008,36(10):1881~1890.
[118] Abowd G, Mynatt E. Charting past, present, and future research in ubiquitouscomputing. ACM Transactions on Human-Computer Interaction,2000,7(1):29~58.
[119] Want R, Hopper A, Falcao V, et al. The active badge location system. ACMTransactions on Information Systems,1992,10(1):91~102.
[120] Fletcher R. Low-cost electromagnetic tagging: design and implementation:[PhDDissertation]. Massachusetts, USA: MIT Media Lab,2001.
[121] Essa I. Computers seeing people. AI Magazine,1999,20(1):69~82.
[122] Orr RJ, Abowd G. The smart floor: A mechanism for natural user identificationand tracking. Proceedings of the CHI2000Human Factors in ComputingSystems. New York: ACM Press,2000:275~276.
[123] Demirdjian D, Tollmar K, Koile K, et al. Activity maps for location-awarecomputing. Proceedings of the Sixth IEEE Workshop on Applications ofComputer Vision, Orlando, Florida,2002:70~78.
[124] Krumm J, Harris S, Meyers B, et al. Multi-camera multi-person tracking foreasyliving. Proceedings of the IEEE Workshop on Visual Surveillance.Washington: IEEE Computer Society Press,2000:3~10.
[125] Pentland A. Perceptual intelligence. Communications of the ACM,2000,43(3):35~44.
[126] Ward A, Jones A, Hopper A. A new location technique for the active office.IEEE Personal Communications,1997,4(5):42~47.
[127] Priyantha N, Chakraborty A, Balakrishnan H. The cricket location supportsystem. Proceedings the Sixth Annual ACM/IEEE International Conference onMobile Computing and Networking. New York: ACM Press,2000:32~43.
[128] Bahl P, Padmanabhan V. Radar: an in-building RF-based user location andtracking system. In: Proceedings of the19th Annual Joint Conference of theIEEE Computer and Communications Societies. Washington: IEEE ComputerSociety Press,2000:775~784.
[129] Castro P, Chiu P, Kremenek T, et al. A probabilistic location service for wirelessnetwork environments. In: Proceedings of the International Conference onUbiquitous Computing (Ubicomp). Berlin: Springer-Verlag,2001:18~24.
[130] DoD. Trusted Computer System Evaluation Criteria (TCSEC), DoD5200.28-STD.
[131] TCG. Trusted Computing Group. http://www.trustedcomputinggroup.org
[132] Smith S. Trusted computing platforms: design and applications. Boston: Springer,2005.
[133]刘宏月,阎军智,马建峰.基于可信度的细粒度RBAC访问控制模型框架.通信学报,2009,30(10A):51~57.
[134] Roichman A, Gudes E. Fine-grained Access Control to Web Databases.Proceedings of SACMAT’2007:31~40. Sophia Antipolis, France, June20-22,2007.
[135] Li X L, Naeem NA, Kemme B. Fine-Granularity Access Control in3-tierLaboratory Information Systems. Proceedings of the9th International DatabaseEngineering&Application Symposium:391~397. Montreal, Canada July25-27,2005.
[136] Sujansky WV, Faus SA, Stone E, Brennan PF. A method to implementfine-grained access control for personal health records through standardrelational database queries. Journal of Biomedical Informatics,2010,43(5),Supplement1: S46~S50.
[137]熊金波,马建峰.多媒体数据库安全多级访问控制模型.通信学报,2011.
[138]廖俊国,洪帆,肖海军,张昭理.细粒度的基于角色的访问控制模型.计算机工程与应用,2007,43(34),138~140.
[139] Ruohomaa S., Kutvonen L. Trust management survey. Proceedings of the iTrustThird International Conference on Trust Management, LNCS3477,Springer-Verlag, Berlin Heidelberg,2005:77~92.
[140] Caronni G. Walking the Web of trust. Proceedings of the IEEE9th InternationalWorkshops on Enabling Technologies: Infrastructure for CollaborativeEnterprises. IEEE Press,2000:153~l59.
[141] Povey D. Developing electronic trust policies using a risk management model.Proceedings of the1999CQRE Congress.1999:1~16.
[142] Abdul-Rahman A, Hailes S. Using recommendation for managing trust indistributed systems. Proceedings of the IEEE Malaysia International Conferenceon Communication’97(MICC’97). Kuala Lumper: IEEE Press, l997.
[143] Manchala DW. E-commerce trust metrics and models. IEEE Internet Computing,2000.
[144] Khambatti M, Dasgupta P, Ryu KD. A role-based model for peer-to-peercommunities and dynamic coalitions. Proceedings of the2nd IEEE InternationalInformation Assurance Workshop. New York: IEEE Press,2004:141~154.
[145] Zacharia G, Maes P. Trust management through reputation mechanisms. AppliedArtificial Intelligence.2000, l4(8):881~907.
[146] Zacharia G, Moukas A, Maes P. Collaborative reputation mechanisms inelectronic marketplaces. Proceedings of the32nd Annual Hawaii InternationalConference on System Sciences,(HICSS-32).1999.
[147] Liang ZQ, Shi WS. PET: A personalized trust model with reputation and riskevaluation for p2p resource sharing. The38th International Conference onSystem Science, Hawaii,2005:256~264.
[148] Sabater J, Sierra C. Reputation and social network analysis in multi-agentsystems. First International Joint Conference on Autonomous Agents andMulti-Agent Sysms, Bologna, Italy,2002.
[149] Song S, Hwang K, Zhou RF. Trusted P2P Transactions with Fuzzy ReputationAggregation. IEEE Internet Computing,18~28,2005.
[150] Yu B, Singh MP, Sycara K. Developing Trust in Large-Scale Peer-to-PeerSystems. Proceedings of the1st IEEE Symposium on Multi-Agent Security andSurviablility, Philadepllia,2004.