面向多域的安全互操作机制研究
|
摘要
多域安全互操作为分布式资源和服务的最大共享创造了条件,越来越多的大规模分布式系统被划分成多个高度自治的管理域或安全域进行管理,从而优化系统性能,提高资源利用率。多域安全互操作研究已成为分布式访问控制领域的热点问题,其相关技术在政府、军队、金融和医疗等许多重要领域都已得到广泛的应用。
近年来,随着大规模分布式系统新应用的不断涌现,多域环境也在悄然发生着巨大的转变:跨域访问的大量增加、成员域的数量不断增大、成员域间的异构程度日益复杂等等,这些转变随之而来所引发的信任危机和安全漏洞都对当前现有的多域安全互操作系统提出了新的挑战,因此,无论是从身份认证、信任管理,还是从跨域角色映射、多域互操作策略集成,都需要新的策略和机制来提供更强的自治性和协同性以适应多域环境的发展。
在新的多域环境下,来自外域的未知访问请求日益增加,对于大量尚在进行的跨域访问,仅对当前用户做出可信与否的静态判定,显然无法应对潜在入侵者在获得可信身份后仍可进行的各种破坏行为,如非法授权、越级访问等。对此,提出了一种基于信任级的多域安全互操作模型ASITL,对协商主体采取动态、量化的“信任级”评估,既保护了陌生主体间披露证书的隐私性和安全性,又通过自适应的调整跨域交互操作机制,在信任评估的同时融入对未知事件的自适应能力,提高了多域环境下应对异常事件的容忍能力和应对潜在安全威胁的预警能力。
针对SERAT机制在构造跨域角色映射路径时忽略域内原有角色层次和洪泛方式广播认证信息所带来的角色层次冲突和安全隐患,提出一种基于角色等级的跨域角色映射机制IMRK,以域为单位分别对源角色和目标角色进行角色等级评估,在保持各域原有角色层次的基础上将各域的局部角色转化为多域的全局角色,从而将映射的主体提升到相同的角色层面进行比较,减少了角色层次冲突和广播认证信息所带来的安全隐患,较好的保持了多域环境下跨域角色映射后各域的安全性和自治性。
多域环境下,各成员域为了满足本域的安全需求,制定不同的访问控制策略体系来维护本域的安全性和自治性。由于各成员域使用的模型、语法、计划模式、数据标记模式和约束各不相同,为尽量避免多域策略集成时可能产生的概念和逻辑关系的冲突,提出一种基于本体相似度的多域互操作策略集成方法SPIOS,将各成员域的本地安全需求转换成访问控制策略本体的形式,在对访问控制策略本体进行语义映射的基础上融入贝叶斯机器学习机制,自适应的归纳出满足各成员域安全性和自治性特点的多域安全互操作策略模型。
异构冲突的检测和解决是多域安全互操作策略集成必须解决的首要目标。人工参与的解决方法无形中增加了触发其它冲突的概率,并且过多的人工干预将直接导致系统安全性的降低。由于多域策略集成冲突的形式化表达具有一阶谓词逻辑的特征,对此提出一种基于一阶规则集学习的自适应冲突检测机制SACDM,通过构造冲突规则知识库,自适应判别策略集成过程中冲突的类型并采取相应的处理措施,较好解决多域策略集成过程中异构冲突的产生,缓解了人工干预所带来的安全隐患。
针对多域安全互操作策略集成过程中临时冗余信息对新策略的干扰和集成策略架构体系过于庞大、过于复杂等问题,分析优化过程对于策略集成体系的重要性。给出了多域策略集成顺序、冲突检测过程以及平衡阈值参数评估等三种优化的思路,以期进一步增强多域策略集成体系的安全性和稳定性,提高多个集成环节的执行效率。
Multi-domain secure interoperations provide the largest resource and service shareing in distributed environment and improve the performance and the efficiency of the system.More and more large scale distributed systems have been divided into multi autonomy domains or security domains, called multi-domain systems, to realize secure management and control through secure interoperations. It has been a hot issue in access control area. Multi-domain secure interoperation technology has been widely used in many application areas, such as government, army, finance and medical treatment.
With welling up of many new applications in large scale distributed systems, the multi-domain environment has been changed for recent years: the large amount of requests cross domains, the increasing number of domains and the heterogeneous degree between domains.The trust risks and security vulnerabilities triggered by these changes have proposed challenges to current multi-domain systems. Therefore, we need new technologies supplying more autonomous and cooperative to adapt such developments, not only in identity authorizing and trust management, but in role mapping and strategy integration. It has important academic significance and application values.
In view of large amount of requests from foreign domains, a simple decision of "trust" or not is too insufficient to deal with potential intrusions, such as authorization risk or illegal accesses. A self-adaptive secure interoperation module based on trust-level is proposed which protects negotiation parts disclosure of credentials in privacy and security. Detecting unknown network events with a self-adaptive mechanism, the tolerance to deal with abnormal situations and accidents is improved. Moreover, it automatically adjusts and monitors a user's trust-level, which can effectively prevent resource sharing among domains from malice intrusions or potential security threatens.
To solve the negative impacts of the SERAT module on cross domain role mappings to local domain role hierarchy, an inter-domain mapping based on role ranking module is proposed. It can effectively avoid the circle inherit conflicts and the security problems of broadcasting the authorization information. With a global role rank maintaining the original role hierarchy of each domain, the mapping subjects can be compared at the same level. So the initialized role in the home domain can be correctly mapped to the goal role in the target domain. The security and autonomy of each domain is preferably kept with the inter-domain mappings.
In multi-domain environment, there are different access control systems to maintain security and autonomy between domains. And different access control systems use diverse modules, syntax, schemes, data markers and constraints to express their own policies. Describing access control policies at semantic level is an effective method to avoid conceptual and logical conflicts in multi-domain policies integration. In view of domain ontology, a secure policy integration method based on ontology similarity is proposed. Using a machine learning algorithm of Bayesian, it can self-adaptively construct a secure multi-domain interoperation model to satisfy the autonomy and cooperation of all domains.
Heterogeneous conflict detecting and disposal is the chief goal of multi-domain interoperation strategy integration. Manual detecting increases the occurance probability of other conflicts and decrease the security of system. For the expressions of conflicts have the features of first-order predication logic, we proposed a self-adaptive conflicts detecting method based on first-order logic. It can automatically judge the kind of conflicts and adopt corresponding measure in process of strategy integration, resolving the seurity risks of manual participation.
As we known, a mass of temporary redundancy information may disturb new strategies and make the final integration sytem much more huge and complex. The integration process need optimize. We discuss the optimized method through integration order, concising conflicts detecting process and evaluating balance threshold to improve the self-adaptive ability and performance of the multi-domain strategy integration system.
近年来,随着大规模分布式系统新应用的不断涌现,多域环境也在悄然发生着巨大的转变:跨域访问的大量增加、成员域的数量不断增大、成员域间的异构程度日益复杂等等,这些转变随之而来所引发的信任危机和安全漏洞都对当前现有的多域安全互操作系统提出了新的挑战,因此,无论是从身份认证、信任管理,还是从跨域角色映射、多域互操作策略集成,都需要新的策略和机制来提供更强的自治性和协同性以适应多域环境的发展。
在新的多域环境下,来自外域的未知访问请求日益增加,对于大量尚在进行的跨域访问,仅对当前用户做出可信与否的静态判定,显然无法应对潜在入侵者在获得可信身份后仍可进行的各种破坏行为,如非法授权、越级访问等。对此,提出了一种基于信任级的多域安全互操作模型ASITL,对协商主体采取动态、量化的“信任级”评估,既保护了陌生主体间披露证书的隐私性和安全性,又通过自适应的调整跨域交互操作机制,在信任评估的同时融入对未知事件的自适应能力,提高了多域环境下应对异常事件的容忍能力和应对潜在安全威胁的预警能力。
针对SERAT机制在构造跨域角色映射路径时忽略域内原有角色层次和洪泛方式广播认证信息所带来的角色层次冲突和安全隐患,提出一种基于角色等级的跨域角色映射机制IMRK,以域为单位分别对源角色和目标角色进行角色等级评估,在保持各域原有角色层次的基础上将各域的局部角色转化为多域的全局角色,从而将映射的主体提升到相同的角色层面进行比较,减少了角色层次冲突和广播认证信息所带来的安全隐患,较好的保持了多域环境下跨域角色映射后各域的安全性和自治性。
多域环境下,各成员域为了满足本域的安全需求,制定不同的访问控制策略体系来维护本域的安全性和自治性。由于各成员域使用的模型、语法、计划模式、数据标记模式和约束各不相同,为尽量避免多域策略集成时可能产生的概念和逻辑关系的冲突,提出一种基于本体相似度的多域互操作策略集成方法SPIOS,将各成员域的本地安全需求转换成访问控制策略本体的形式,在对访问控制策略本体进行语义映射的基础上融入贝叶斯机器学习机制,自适应的归纳出满足各成员域安全性和自治性特点的多域安全互操作策略模型。
异构冲突的检测和解决是多域安全互操作策略集成必须解决的首要目标。人工参与的解决方法无形中增加了触发其它冲突的概率,并且过多的人工干预将直接导致系统安全性的降低。由于多域策略集成冲突的形式化表达具有一阶谓词逻辑的特征,对此提出一种基于一阶规则集学习的自适应冲突检测机制SACDM,通过构造冲突规则知识库,自适应判别策略集成过程中冲突的类型并采取相应的处理措施,较好解决多域策略集成过程中异构冲突的产生,缓解了人工干预所带来的安全隐患。
针对多域安全互操作策略集成过程中临时冗余信息对新策略的干扰和集成策略架构体系过于庞大、过于复杂等问题,分析优化过程对于策略集成体系的重要性。给出了多域策略集成顺序、冲突检测过程以及平衡阈值参数评估等三种优化的思路,以期进一步增强多域策略集成体系的安全性和稳定性,提高多个集成环节的执行效率。
Multi-domain secure interoperations provide the largest resource and service shareing in distributed environment and improve the performance and the efficiency of the system.More and more large scale distributed systems have been divided into multi autonomy domains or security domains, called multi-domain systems, to realize secure management and control through secure interoperations. It has been a hot issue in access control area. Multi-domain secure interoperation technology has been widely used in many application areas, such as government, army, finance and medical treatment.
With welling up of many new applications in large scale distributed systems, the multi-domain environment has been changed for recent years: the large amount of requests cross domains, the increasing number of domains and the heterogeneous degree between domains.The trust risks and security vulnerabilities triggered by these changes have proposed challenges to current multi-domain systems. Therefore, we need new technologies supplying more autonomous and cooperative to adapt such developments, not only in identity authorizing and trust management, but in role mapping and strategy integration. It has important academic significance and application values.
In view of large amount of requests from foreign domains, a simple decision of "trust" or not is too insufficient to deal with potential intrusions, such as authorization risk or illegal accesses. A self-adaptive secure interoperation module based on trust-level is proposed which protects negotiation parts disclosure of credentials in privacy and security. Detecting unknown network events with a self-adaptive mechanism, the tolerance to deal with abnormal situations and accidents is improved. Moreover, it automatically adjusts and monitors a user's trust-level, which can effectively prevent resource sharing among domains from malice intrusions or potential security threatens.
To solve the negative impacts of the SERAT module on cross domain role mappings to local domain role hierarchy, an inter-domain mapping based on role ranking module is proposed. It can effectively avoid the circle inherit conflicts and the security problems of broadcasting the authorization information. With a global role rank maintaining the original role hierarchy of each domain, the mapping subjects can be compared at the same level. So the initialized role in the home domain can be correctly mapped to the goal role in the target domain. The security and autonomy of each domain is preferably kept with the inter-domain mappings.
In multi-domain environment, there are different access control systems to maintain security and autonomy between domains. And different access control systems use diverse modules, syntax, schemes, data markers and constraints to express their own policies. Describing access control policies at semantic level is an effective method to avoid conceptual and logical conflicts in multi-domain policies integration. In view of domain ontology, a secure policy integration method based on ontology similarity is proposed. Using a machine learning algorithm of Bayesian, it can self-adaptively construct a secure multi-domain interoperation model to satisfy the autonomy and cooperation of all domains.
Heterogeneous conflict detecting and disposal is the chief goal of multi-domain interoperation strategy integration. Manual detecting increases the occurance probability of other conflicts and decrease the security of system. For the expressions of conflicts have the features of first-order predication logic, we proposed a self-adaptive conflicts detecting method based on first-order logic. It can automatically judge the kind of conflicts and adopt corresponding measure in process of strategy integration, resolving the seurity risks of manual participation.
As we known, a mass of temporary redundancy information may disturb new strategies and make the final integration sytem much more huge and complex. The integration process need optimize. We discuss the optimized method through integration order, concising conflicts detecting process and evaluating balance threshold to improve the self-adaptive ability and performance of the multi-domain strategy integration system.
引文
[1] V-Gomez J. Multidomain Security. Computer & Security, 1994,13(1): 161-184
[2] Strasser T, Rooker M, Ebenhofer G, et al. Multi-domain model-driven design of Industrial Automation and Control Systems. In: Proceedings of IEEE International Conference on Emerging Technologies and Factory Automation 2008. Hamburg,Germany, September 2008. 1067-1071
[3] Chandran S M, Panyim, Korporn, et al. A Requirements Driven Trust Framework for Secure Interoperation in Open Environments. In: Proceedings of the 4th International Conference on Trust Management. Pisa, Italy, May 2006. 33-47
[4] Zhang Yue, Joshi J B D. ARBAC07: A Role-based Administration Model for RBAC with Hybrid Hierarchy. In: Proceedings of Information Reuse and Integration. Las Vegas, USA, August 2007.196-202
[5] Chandran S M, Joshi J B D. Towards Administration of a Hybrid Role Hierarchy. In:Proceedings of IEEE International Conference on Information Reuse and Integration 2005. Las Vegas, USA, May 2005. 500-505
[6] Ardagna C, Cremonini M, Damiani E, et al. Supporting Location-based Conditions in Access Control Policies. In: Proceedings of the 2006 ACM Symposium on Information, Computer and Communication Security. Taipei, Taiwan, September 2006.212-222
[7] Zhang Yue, Joshi J B D. Temporal UAS: Supporting Efficient RBAC Authorization,in Presence of the Temporal Role Hierarchy. In: Proceedings of IEEE/IFIP International Conference on Embedded and Ubiquitous Computing. Shanghai,China, December 2008. 264-271
[8] Damiani M, Bertino E, Catania B, et al. GEO-RBAC: A spatially Aware RBAC.ACM Transactions on Information and System Security, 2007, 10(1): 29-37
[9] Kumar M, Newman R. STRBAC-An Approach Towards Spatio-temporal Role-based Access Control. In: Proceedings Communication, Network, and Information Security. Cambrige, MA, USA, October 2006. 150-155
[10] Li N, Mao Z. Administration in Role-based Access Control. In: Proceedings of the
??2nd ACM symposium on Information, computer and communications security.New York, USA, July 2007. 127-138
[11] Chen H, Li N. Constraint Generation for Separation of Duty. In: Proceedings of the 11th ACM symposium on Access control models and technologies. Lake Tahoe,California, USA, March 2006. 130-138
[12] Fugkeaw S, Manpanpanich P, Jantrapremjitt S. A Robust Single Sign-On Authentication Model based on Multi-Agent System and PKI. In: Proceedings of IEEE International Conference on Networking. Sainte-Luce, Martinique, France,April 2007. 101-101
[13] Bo Lang, Foster I, Frank Siebenlist, et al. A Multipolicy Authorization Framework for Grid Security. In: Proceedings of the 5th IEEE International Symposium on Network Computing and Applications. Cambridge, Massachusetts, July 2006.269-272
[14] Coyne E, Weil T. An RBAC Implementation and Interoperability Standard: The INCITS Cyber Security 1.1 Model. Security & Privacy, 2008, 6(1): 84-87
[15] Ray I, Toahchoodee M. A Spatio-temporal Role-based Access Control Model. In:Proceedings of the 21th Annual IFIP WG 11.3 Working Conference on Data and Applications Security. Redondo Beach, CA, USA, July 2007. 211-226
[16] Joshi J B D, Bertino E, Latif U, et al. A Generalized Temporal Role-based Access control Model. IEEE Transactions on Knowledge and Data Engineering, 2005,17(1): 4-23
[17] Jajodia S, Samarati P, Subrahmanian V S, et al. A Unified Framework for Enforcing Multiple Access Control Policies. In: Proceedings of the ACM SIGMOD International Conference on Management of Data. Tucson, Arizona, USA, May 1997.474-485
[18] McLean J. Security Models and Information Flow, In: Proceedings of 1990 IEEE Symposium on Security and Privacy. Oakland, CA, May 1990. 180-187
[19] David E Bell, Leonard J LaPadula. Secure Computer Systems: A Refinement of the Mathematical Model. Technical Report ESD-TR-73-278, Vol. Ⅲ AD 780 528,Electronic Systems Division, Air Force Systems Command, Hanscom Air Force Base, Bedford, MA, USA, 1974
[20] Li Jiageng, David Cordes. A Scalable Authorization Approach for the Globus grid system. Future Generation Computer Systems Archive, 2005, 21(2): 291- 301
[21] Chen Liang, Jason Crampton. Inter-domain Role Mapping and Least Privilege. In:Proceedings of the Symposium on Access Control Models and Technologies.Sophia Antipolis, France, June 2007. 157-162
[22] Geethakumari G, Atul Negi, Sastry V N. Indirect Authorization Topologies for Grid Access Control. In: Proceedings of the 9th International Conference on Information Technology. Bhubaneswar, Orissa, India, December 2006. 186-187
[23] Daniele Braga, Stefano Ceri, Florian Daniel, et al. Optimization of Multi-domain Queries on the Web. In: Proceedings of Workshop on Information Integration Methods, Architectures, and Systems. Cancun, Mexico, April 2008. 254-261
[24] Sinnott R, Watt J, Koetsier J, et al. Supporting Decentralized, Security focused Dynamic Virtual Organizations across the Grid. In: Proceedings of 2nd IEEE International Conference on e-Science and Grid Computing. Amsterdam,Netherlands, December 2006. 22-32
[25] Chen H, Li N. Constraint Generation for Separation of Duty. In: Proceedings of the 11th ACM symposium on Access control models and technologies. Lake Tahoe,California, USA, June 2006. 130-138
[26] Winsborough W, Ninghui L. Safety in Automated Trust Negotiation. In:Proceedings of IEEE Symposium on Security and Privacy. Berkeley, CA, May 2004. 147-160
[27] Jean Bacon, David M Eyers, Jatinder Singh, et al. Access control in Publish/subscribe Systems. In: Proceedings of the 2nd International Conference on Distributed Event-based Systems. Rome, Italy, July 2008.23-34
[28] Anquan Jie. The Realization of RBAC Model in Office Automation System. In:Proceedings of International Seminar on Future Information Technology and Management Engineering. Leicestershire, UK, November 2008. 360-363
[29] Ajayi O, Sinnott R, Stell A. Trust Realisation in Collaborative Clinical Trials Systems. In: Proceedings of Health-Care Computing Conference HC2007.Harrogate, England, March 2007. 193-206
[30] PMohamed Shehab, Kamal Bhattacharya, Arif Ghafoor. Web services discovery in secure collaboration environments. ACM Transactions on Internet Technology (TOIT), 2007, 8(1): 5-26
[31] Boniface M, Wilken P. ARTEMIS: Towards a Secure Interoperability Infrastructure for Healthcare Information Systems. In: Proceedings of Healthgrid 2005. Oxford,UK, April 2005. 181-189
[32] Ferraiolo D F. Proposed NIST Standard for Role-Based Access Control. ACM Transactions on Information and System Security, 2001,4(3): 224-274
[33] Sandhu R S, Coyne E J, Feinstein H L, et al. Role-Based access control models.IEEE Computer, 1996,29(2): 38-47
[34] Shen H, Hong F. An Attribute-Based Access Control Model for Web Services. In:Proceedings of the 7th International Conference on Parallel and Distributed Computeing, Applications and Technologies. Taipei, Taiwan, December 2006.74-79
[35] Lu Jianfeng, Li Ruixuan, Lu Zhengding, et al. Integrating Trust and Role for Secure Interoperation in Multi-Domain Environment. In: Proceedings of Information Security and Assurance. Busan, Korea, April 2008. 77-82
[36] Hall A, Pomm C, Widmayer P. A Combinatorial Approach to Multi-domain Sketch Recognition. In: Proceedings of the 4th Eurographics workshop on Sketch-based interfaces and modeling. Riverside, California, October 2007. 7-14
[37] PChristine Alvarado, PRandall Davis. Dynamically constructed Bayes Nets for Multi-domain Sketch Understanding. ACM SIGGRAPH 2007 courses. San Diego,California, August 2007. 1-25
[38] Bhatti R, Joshi J B D, Bertino E, et al. X-GTRBAC Admin: A Decentralized Administration Model for Enterprise-Wide Access Control. ACM Transactions on Information and System Security, 2005, 8(4): 388-432
[39] Robles R J, Min Kyu Choi, Sang Soo Yeo, et al. Application of Role-Based Access Control for Web Environment. In: Proceedings of International Symposium on Ubiquitous Multimedia Computing. Hobart, Australia, October 2008. 171-174
[40] Robinson D C, Sloman M S. Domain-based Access Control for Distributed Computing System, Software Engineering Journal, 1988, 3(5): 161-170
[41] Woo Y C, Lam S S. Authorization in Distributed Systems: A formal approach. In: Proceedings of 13th IEEE Computer Society Symposium on Research in Security and Privacy. Oakland, CA, May 1992. 33-50
[42] Theimer M M, Nichols D A, Terry D B. Delegation through Access Control Programs. In: Proceedings of 12th International conference on Distributed Systems. Yokohama, Japan, June 1992. 529-536
[43] Tang Zhuo, Li Ruixuan, Lu Zhengding. A Request-Driven Role Mapping for Secure Interoperation in Multi-Domain Environment. In: Proceedings of IFIP International Conference on Network and Parallel Computing Workshops. Dalian, China, September 2007. 83-90
[44] Lauri I, Pesonen W, David M, et al. A Capability-Based Access Control Architecture for Multi-Domain Publish/Subscribe Systems. In: Proceedings of the 2006 Symposium on Applications and the Internet. Phoenix, Arizona, USA, January 2006. 222-228
[45] Zhang Yue, Joshi J B D. A Request-driven Secure Interoperation Framework in Loosely-coupled Multi-domain Environments Employing RBAC policies. In: Proceedings of 3rd International Conference on Collaborative Computing: Networking, Applications and Worksharing. New York, USA, November 2007. 25-32
[46] Grau B C, Horrocks I, Kazakov Y, et al. Just the Right Amount: Extracting Modules form Ontologies. In: Proceedings of the 16th international conference on World Wide Web. New York, USA, May 2007. 717-726
[47] Iranmanesh Z, Amini M, Jalili R. A Logic for Multi-domain Authorization Considering Administrators. In: Proceedings of 9th IEEE International Workshop on Policies for Distributed Systems and Networks. Palisades, New York, USA, June 2008. 189-196
[48] 金莉,卢正鼎.多域环境下安全互操作研究进展.计算机科学,2009,36(2):47-54
[49] Kapadia A, Muhtadi J A, Campbell R H, et al. IRBAC 2000: Secure Interoperability Using Dynamic Role Translation. Technical Report UIUCDCS-R-2000-2162, University of Illinois, 2000
[50] Freudenthal E, Pesin T, Port L. dRBAC: Distributed role-based access control for dynamic coalition environments. In: Proceedings of the 22nd International Conference on Distributed Computing Systems. Vienna, Austria, July 2002. 294-306
[51] Fu Zhengfang. Trust-based Authorization Model on Interval-valued Fuzzy Sets Theory. In: Proceedings of the 7th World Congress on Intelligent Control and Automation. Chongqing, China, June 2008. 2530-2535
[52] Ajayi O, Sinnott R, Stell A. Trust Realisation in Multi-domain Collaborative Environments. In: Proceedings of the 6th IEEE/ACIS International Conference on Computer and Information Science. Melbourne, Australia, July 2007. 906-911
[53] Li N H, Mitchell J C, Winsborough W H. Design of A Role-based Trust Management Framework. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy. Oakland, California, USA, May 2002.114-130
[54] Li N H, Winsborough W H, Mitchell J C. Distributed Credential Chain Discovery in Trust Management. In: Proceedings of the 8th ACM Conference on Computer and Communications Security. Philadelphia, Pennsylvania, USA, November 2001. 156-165
[55] Winsborough W H, Seamons K E, Jones V E. Automated Trust Negotiation. In: Proceedings of DARPA Information Survivability Conference and Exposition. Hilton Head, South Carolina, January 2000. 88-102
[56] Smith B, Seamons K E, Jones M D. Responding to Policies at Runtime in TrustBuilder. In: Proceedings of the 5th International Workshop on Policies for Distributed Systems and Networks. New York, USA, June 2004. 149-158
[57] Herzberg A, Mass Y, Michaeli J, et al. Access Control Meets Public Key Infrastructure, or: Assigning roles to strangers. In: Proceedings of the 2000 IEEE Symposium on Security and Privacy. Berkeley, California, USA, May 2000. 2-14
[58] 李建欣,怀进鹏,李先贤.自动信任协商研究.软件学报,2006,1(17):124-133
[59] 张煜,张文燚,李先贤等.多自治域协同环境中群组通信的安全访问控制.计算机研究与发展,2005,49(2):1558-1563
[60] 王远,徐锋,曹春等.一个基于信任管理的分布式访问控制系统的设计与实现. 计算机科学,2005,32(8):226-229
[61] 陈颖,杨寿保,郭磊涛等.网格环境下的一种动态跨域访问控制策略.计算机研究与发展,2006,43(11):1863-1869
[62] 朱贤.多域环境下基于信任管理的访问控制研究:[博士学位论文].武汉:华中科技大学图书馆,2006
[63] Denker G., Millen J, Miyake Y. Cross-domain Access Control via PKI. In: Proceedings of the Third International Workshop on Policies for Distributed Systems and Networks. Monterey, CA, USA, June 2002. 202-205
[64] Smithi Piromruen, James B D Joshi. An RBAC Framework for Time Constrained Secure Interoperation in Multi-domain Environment. In: Proceedings of IEEE Workshop on Object-oriented Real-time Databases. Sedona, AZ, USA, February 2005. 36-45
[65] Patil V, Mei A, Mancini L. Addressing Interoperability Issues in Access Control Models. In: Proceedings of the 2nd ACM symposium on Information, computer and communications security. Singapore, March 2007. 389-391
[66] Qun Ni, Dan Lin, Elisa Bertino, et al. Conditional Privacy-Aware Role Based Access Control. In: Proceedings of the 12th ACM symposium on Access control models and technologies, LNCS 4734. Dresden, Germany, September 2007. 72-89
[67] Chen Xiyuan, Wu Di, Lin Jian, et al. A security Violation Detection Method for RBAC Based Interoperation. In: Proceedings of 2006 International Conference on Computational Intelligence and Security. Guangzhou, China, November 2006. 1491-1496
[68] Lang Bo, Lu You, Zhang Xin, et al. A Flexible Access Control Mechanism Supporting Large Scale Distributed Collaboration. In Proceedings of the 8th International Conference on Computer Supported Cooperative Work in Design. Xiamen, China, September 2004. 500-504
[69] Hu Hualiang, Chen Deren, Huang Changqing. Secure of Role Based Distributed Collaboration Systems. In: Proceedings of 2004 IEEE International Conference on Systems, Man & Cybernetics. Hague, Netherlands, October, 2004. 5520-5524
[70] Ajith Kamath, Ramiro Liscano, Abdulmotaleb El Saddik. User-Credential Based Role Mapping in Multi-domain Environment. In: Proceedings of the 2006 International Conference on Privacy, Security and Trust. Oshawa, Canada, October 2006. 96-105
[71] James B D Joshi, Rafae Bhatti, Elisa Bertino, et al. An Access Control Language for Multidomain Environments. IEEE Internet Computing, 2004, 8(6): 40-50
[72] Jin Li, Lu Zhengding. ASITL: Adaptive Secure Interoperation using Trust-Level. In: Proceedings of Intelligence and Security Informatics: Pacific Asia Workshop. C. C. Yang et al. (Eds.): PAISI 2007, LNCS 4430, Chengdu China, April 2007. 117-128
[73] Jin Li, Lu Zhengding. A Novel Secure Interoperation System. In: Proceedings of 2007 International Conference on Computational Science. Y. Shi et al. (Eds.): ICCS 2007, Part Ⅱ, LNCS 4488, Beijing China, May 2007. 808-814
[74] 金莉,卢正鼎.一种自适应的多域安全互操作模型.小型微型计算机系统(已录用)
[75] Suronapee Phoomvuthisarn. Trust and Role Based Access Control for Secure Interoperation("TracSI"). In: Proceedings of International Symposium on Communications and Information Technologies, ISCIT '07. Sydney, Australia, October 2007. 1458-1463
[76] Burmester M, Das P, Edwards M, et al. Multi-domain Trust Management in Variable-threat Environments using Rollback-access. In: Proceedings of Military Communications Conference, MILCOM 2008. San Diego, CA, November 2008. 1-7
[77] Oluwafemi Ajayi, Dynamic Trust Negotiation. In: Proceedings of the 15th ACM Mardi Gras conference: From lightweight mash-ups to lambda grids: Understanding the spectrum of distributed computing requirements, applications, tools, infrastructures, interoperability, and the incremental adoption of key capabilities. Louisiana, USA, January 2008. 3-10
[78] Li J, Huai J, Xu J, et al. TOWER: Practical Trust Negotiation Framework for Grids. In: Proceedings of the 2nd IEEE International Conference on e-Science and Grid Computing. Amsterdam, Netherlands, December 2006. 26-37
[79] Tatyana Ryutov, Li Zhou, Clifford Neuman. Adaptive Trust Negotiation and Access Control. In: Proceedings of ACM Symposium on Access Control Models and Technologies 2005. Stockholm, Sweden, June 2005. 139-146
[80] Huu T, Michael H, Vijay V, et al. A Trust based Access Control Framework for P2P File-Sharing Systems. In: Proceedings of the 38th Annual Hawaii International Conference on System Sciences. Big Island, Hawaii, USA, January 2005. 302-312
[81] Oluwafemi Ajayi, Richard Sinnott, Anthony Stell. Trust Realisation in Multi-domain Collaborative Environments. In: Proceedings of 6th IEEE/ACIS International Conference on Computer and Information Science (ICIS 2007). Melbourne, Australia, July 2007. 906-911
[82] 洪帆,崔国华,付小青.计算机安全.武汉:华中科技大学出版社,2005.40-41
[83] Mohamed S, Elisa B, Arif G. SERAT: Secure Role Mapping Technique for Decentralized Secure Interoperability. In: Proceedings of the 10th ACM Symposium on Access Control Models and Technologies. ACM Press, Stockholm, Sweden, June 2005. 159-167
[84] Martino L D, Qun Ni, Dan Lin, et al. Multi-domain and Privacy-aware Role based Access Control in eHealth. In: Proceedings of Second International Conference on Pervasive Computing Technologies for Healthcare, PervasiveHealth 2008. Tampere, Finland, January 2008. 131-134
[85] Wang Xiaoqing, Gu Tianyang, Guo Yong, et al. An Efficient Algorithm of Role Mapping across Security Domains in Data-Sharing Environments. In: Proceedings of the 9th International Conference on Web-Age Information Management. Zhangjiajie, China, July 2008.606-611
[86] Zhang Yue, Joshi J B D. ARBAC07: A Role-based Administration Model for RBAC with Hybrid Hierarchy. In: Proceedings of IEEE International Conference on Information Reuse and Integration. Las Vegas, USA, August 2007. 196-202
[87] Joshi James B D, Elisa Bertino. Fine-grained Role-based Delegation in Presence of Hybrid Role Hierarchy. In: Proceedings of the 11th ACM Symposium on Access Control Models and Technologies. Lake Tahoe, California, USA, June 2006. 81-90
[88] Park J S, An G, Chandra D. Trusted P2P computing environments with role-based access control. IET Information Security, 2007, 1(1): 27-35
[89] Szigeti J, Ballok I, Cinkler T. Efficiency of Information Update Strategies for Automatically Switched Multi-Domain Optical Networks. In: Proceedings of the 7th International Conference on Transparent Optical Networks. Barcelona, Spain,July 2005. 445-454
[90] Mesko D, Viola G, Cinkler T. A Hierarchical and a Non-Hierarchical European Multi-Domain Reference network: Routing and Protection. In: Proceedings of the 12th International Telecommunications Network Strategy and Planning Symposium.NewDelhi, India, November 2006. 1-5
[91] Du Siqing, Joshi J B D. Supporting Authorization Query and Inter-domain Role Mapping in Presence of Hybrid Role Hierarchy. In: Proceeding of the 11 th ACM Symposium on Access Control Models and Technologies. CA, USA, June 2006.228-236
[92] Chuang Michael. An Integrated Framework for Trust-Based Access Control for Open Systems. In: Proceeding of 2006 International Conference on Collaborative Computing: Networking, Applications and Worksharing. Atlanta, Georgia, USA,November 2006. 1-11
[93] Basit Shafiq, Joshi James B D, Elisa Bertino, et al. Secure Interoperation in a Multi-Domain Environment Employing RBAC Policies. IEEE Transactions on Knowledge and Data Engineering, 2005,17(11): 1557-1577
[94] Sun Yuqing, Gong Bin, Meng Xiangxu, et al. Active Authorization Management for Multi-domain Cooperation. In: Proceedings of the 11 th International Conference on Computer Supported Cooperative Work in Design. Melbourne, Australia, April 2007. 162-167
[95] Zhang Wenbo, Zhang Hongqi, Zhang Bin, et al. An Identity-Based Authentication Model for Multi-domain in Grid Environment. In: Proceedings of 2008 International Conference on Computer Science and Software Engineering. Wuhan,China, December 2008, 3: 165-169
[96] Polito S G, Schulzrinne H. Authentication and Authorization Method in Multi-domain, Multi-provider Networks. In: Proceedings of the 3rd EuroNGI Conference on Next Generation Internet Networks. Trondheim, Norway, May 2007.174-181
[97] Dechenko Y, Gommans L, de Laat C. Extending Role Based Access Control Model for Distributed Multidomain Applications. In: Proceedings IFIP SEC 2007 Conference. Sandton Gauteng, South Africa, May 2007.301-312
[98] Luo Xin, Yang Yixian, Niu Xinxin, et al. Trust Propagation Policy for Secure Interoperability in Multi-domain Environments. In: Proceedings of International Conference on Information Management, Innovation Management and Industrial Engineering. Taipei, Taiwan, December 2008, 3. 181-184
[99] Rao A M M, Mohanty H. Design Issues of a Policy Enforcer to Secure Multi-domain Environment. In: Proceedings of International Conference on Information Technology. Rome, Italy, April 2008. 199-200
[100] Joshi J B D, Bhatti R, Bertino E, et al. An Access Control Language for Multidomain Environments. IEEE Internet Computing, 2004, 8(6): 40-50
[101] Dzbor M, Kubias A, Gridinoc L, et al. The role of access rights in ontology customization, Deliverable 4.4. 1, NeOn Project, 2007
[102] Kagal L, Berners Lee T, Connolly D, et al. Self-describing delegation networks for the Web. In: Proceedings of the 7th IEEE International Workshop on Policies for Distributed Systems and Networks, London-Ontario, Canada, June 2006. 205-214
[103] Wu Di, Lin Jian, Dong Yabo, et al. Using semantic web technologies to specify constraints of RBAC. In: Proceedings of the 6th International Conference on Parallel and Distributed Computing Applications and Technologies. Dalian, China, December 2005. 543-545
[104] 宋炜,张铭.语义网简明教程.北京:高等教育出版社,2004.111-115
[105] Bechhofer S, Van Harmelen F, Hendler J, et al. OWL Web Ontology Language Reference. Technical Report Recommendation REC-owl-ref-20040210. World Wide Web Consortium, 2004
[106] Marc Ehrig, York Sure. Ontology Mapping-An Integrated Approach. In: Proceedings of the first European Semantic Web Symposium, ESWS 2004. Crete, Greece, May 2004. 76-91
[107] Bisson G. Why and how to define a similarity measure for object based representation systems. In: Proceedings of 2nd international conference on Building and Sharing Very Large Scale Knowledge Bases. Netherlands, April 1995. 236-246
[108] Van Rijsbergen. Information Retrieval. London: Butterworths, 1979. 35-55
[109] Lorenzo Cirio, Isabel F Cruz, Roberto Tamassia. A Role and Attribute Based Access Control System Using Semantic Web Technologies. In: Proceedings of International IFIP Workshop on Semantic Web and Web Semantics, LNCS 4806.Springer, Nevada, USA, June 2007. 1256-1266
[110] Cecilia M Ionita, Sylvia L Osborn. Specifying an Access Control Model for Ontologies for the Semantic Web. In: Proceedings of 2005 SIAM International Conference on Data Mining. Trondheim, Norway, September 2005. 73-85
[111] Toninelli A, Motanari R, Kagal L, et al. A Semantic Context-aware Access Control Framework for Secure Collaborations in Pervasive Computing Environments. In:Proceedings of the 5th International Semantic Web Conference. Athens, GA, USA,November 2006. 473-486
[112] Do H, Melnik S, Rahm E. Comparision of schema matching evaluations. In:Proceedings of the 2nd International workshop on Web and Databases (German Informatics Scoiety). Madison, Wisconsin, June 2002. 221-237
[113] Zhu Haibin. Conflict resolution with roles in a collaborative system, International Journal of Intelligent Control and Systems, 2005,10(1): 11-20
[114] Chen Xiyuan, Wu Di, Lin Jian, et al. A Secrety Violation Detection Method for RBAC Based Interoperation. In: Proceedings of 2006 International Conference on Computational Intelligence and Security. Guangzhou, China, November 2006.1491-1496
[115] Andreas Schaad. Detecting Conflicts in a Role-based Delegation Model. In:Proceedings of the 17th Annual Computer Security Applications Conference. New Orleans, Louisiana, December 2001. 117-126
[116] Hiroaki Kamoda, Masaki Yamaoka, Shigeyuki Matsuda. Policy Conflict Analysis Using Free Variable Tableaux for Access Control in Web Services Environments, In:Proceedings of the 14th International World Wide Web Conference. Edinburgh,Scotland, May 2005. 5-12
[117] Yi Ren, Xiao Zhiting, Guo Sipei. An Extended RBAC Model for Uniform Implementation of Role Hierarchy and Constraint. In: Proceedings of 2008 International Symposium on Electronic Commerce and Security. Guangzhou, China,August 2008.169-174
[118] Lauri I W Pesonen, David M Eyers, Jean Bacon. Encryption-enforced Access Control in Dynamic Multi-domain Publish/subscribe Networks. In: Proceedings of the 2007 international conference on Distributed event-based systems. Toronto,Canada, June 2007. 104-115
[119] Quinlan J R, Chameron Jones R M. FOIL: A midterm report. In: Proceedings of the 6th European Conference on Machine Learning. Vienna, Austria, April 1993. 3-20
[120] Hannah K Lee, Heiko Luedemann. Lightweight Decentralized Authorization Model for Inter-domain Collaborations. In: Proceedings of the 2007 ACM Workshop on Secure Web Services. Fairfax, USA, November 2007. 83-89
[2] Strasser T, Rooker M, Ebenhofer G, et al. Multi-domain model-driven design of Industrial Automation and Control Systems. In: Proceedings of IEEE International Conference on Emerging Technologies and Factory Automation 2008. Hamburg,Germany, September 2008. 1067-1071
[3] Chandran S M, Panyim, Korporn, et al. A Requirements Driven Trust Framework for Secure Interoperation in Open Environments. In: Proceedings of the 4th International Conference on Trust Management. Pisa, Italy, May 2006. 33-47
[4] Zhang Yue, Joshi J B D. ARBAC07: A Role-based Administration Model for RBAC with Hybrid Hierarchy. In: Proceedings of Information Reuse and Integration. Las Vegas, USA, August 2007.196-202
[5] Chandran S M, Joshi J B D. Towards Administration of a Hybrid Role Hierarchy. In:Proceedings of IEEE International Conference on Information Reuse and Integration 2005. Las Vegas, USA, May 2005. 500-505
[6] Ardagna C, Cremonini M, Damiani E, et al. Supporting Location-based Conditions in Access Control Policies. In: Proceedings of the 2006 ACM Symposium on Information, Computer and Communication Security. Taipei, Taiwan, September 2006.212-222
[7] Zhang Yue, Joshi J B D. Temporal UAS: Supporting Efficient RBAC Authorization,in Presence of the Temporal Role Hierarchy. In: Proceedings of IEEE/IFIP International Conference on Embedded and Ubiquitous Computing. Shanghai,China, December 2008. 264-271
[8] Damiani M, Bertino E, Catania B, et al. GEO-RBAC: A spatially Aware RBAC.ACM Transactions on Information and System Security, 2007, 10(1): 29-37
[9] Kumar M, Newman R. STRBAC-An Approach Towards Spatio-temporal Role-based Access Control. In: Proceedings Communication, Network, and Information Security. Cambrige, MA, USA, October 2006. 150-155
[10] Li N, Mao Z. Administration in Role-based Access Control. In: Proceedings of the
??2nd ACM symposium on Information, computer and communications security.New York, USA, July 2007. 127-138
[11] Chen H, Li N. Constraint Generation for Separation of Duty. In: Proceedings of the 11th ACM symposium on Access control models and technologies. Lake Tahoe,California, USA, March 2006. 130-138
[12] Fugkeaw S, Manpanpanich P, Jantrapremjitt S. A Robust Single Sign-On Authentication Model based on Multi-Agent System and PKI. In: Proceedings of IEEE International Conference on Networking. Sainte-Luce, Martinique, France,April 2007. 101-101
[13] Bo Lang, Foster I, Frank Siebenlist, et al. A Multipolicy Authorization Framework for Grid Security. In: Proceedings of the 5th IEEE International Symposium on Network Computing and Applications. Cambridge, Massachusetts, July 2006.269-272
[14] Coyne E, Weil T. An RBAC Implementation and Interoperability Standard: The INCITS Cyber Security 1.1 Model. Security & Privacy, 2008, 6(1): 84-87
[15] Ray I, Toahchoodee M. A Spatio-temporal Role-based Access Control Model. In:Proceedings of the 21th Annual IFIP WG 11.3 Working Conference on Data and Applications Security. Redondo Beach, CA, USA, July 2007. 211-226
[16] Joshi J B D, Bertino E, Latif U, et al. A Generalized Temporal Role-based Access control Model. IEEE Transactions on Knowledge and Data Engineering, 2005,17(1): 4-23
[17] Jajodia S, Samarati P, Subrahmanian V S, et al. A Unified Framework for Enforcing Multiple Access Control Policies. In: Proceedings of the ACM SIGMOD International Conference on Management of Data. Tucson, Arizona, USA, May 1997.474-485
[18] McLean J. Security Models and Information Flow, In: Proceedings of 1990 IEEE Symposium on Security and Privacy. Oakland, CA, May 1990. 180-187
[19] David E Bell, Leonard J LaPadula. Secure Computer Systems: A Refinement of the Mathematical Model. Technical Report ESD-TR-73-278, Vol. Ⅲ AD 780 528,Electronic Systems Division, Air Force Systems Command, Hanscom Air Force Base, Bedford, MA, USA, 1974
[20] Li Jiageng, David Cordes. A Scalable Authorization Approach for the Globus grid system. Future Generation Computer Systems Archive, 2005, 21(2): 291- 301
[21] Chen Liang, Jason Crampton. Inter-domain Role Mapping and Least Privilege. In:Proceedings of the Symposium on Access Control Models and Technologies.Sophia Antipolis, France, June 2007. 157-162
[22] Geethakumari G, Atul Negi, Sastry V N. Indirect Authorization Topologies for Grid Access Control. In: Proceedings of the 9th International Conference on Information Technology. Bhubaneswar, Orissa, India, December 2006. 186-187
[23] Daniele Braga, Stefano Ceri, Florian Daniel, et al. Optimization of Multi-domain Queries on the Web. In: Proceedings of Workshop on Information Integration Methods, Architectures, and Systems. Cancun, Mexico, April 2008. 254-261
[24] Sinnott R, Watt J, Koetsier J, et al. Supporting Decentralized, Security focused Dynamic Virtual Organizations across the Grid. In: Proceedings of 2nd IEEE International Conference on e-Science and Grid Computing. Amsterdam,Netherlands, December 2006. 22-32
[25] Chen H, Li N. Constraint Generation for Separation of Duty. In: Proceedings of the 11th ACM symposium on Access control models and technologies. Lake Tahoe,California, USA, June 2006. 130-138
[26] Winsborough W, Ninghui L. Safety in Automated Trust Negotiation. In:Proceedings of IEEE Symposium on Security and Privacy. Berkeley, CA, May 2004. 147-160
[27] Jean Bacon, David M Eyers, Jatinder Singh, et al. Access control in Publish/subscribe Systems. In: Proceedings of the 2nd International Conference on Distributed Event-based Systems. Rome, Italy, July 2008.23-34
[28] Anquan Jie. The Realization of RBAC Model in Office Automation System. In:Proceedings of International Seminar on Future Information Technology and Management Engineering. Leicestershire, UK, November 2008. 360-363
[29] Ajayi O, Sinnott R, Stell A. Trust Realisation in Collaborative Clinical Trials Systems. In: Proceedings of Health-Care Computing Conference HC2007.Harrogate, England, March 2007. 193-206
[30] PMohamed Shehab, Kamal Bhattacharya, Arif Ghafoor. Web services discovery in secure collaboration environments. ACM Transactions on Internet Technology (TOIT), 2007, 8(1): 5-26
[31] Boniface M, Wilken P. ARTEMIS: Towards a Secure Interoperability Infrastructure for Healthcare Information Systems. In: Proceedings of Healthgrid 2005. Oxford,UK, April 2005. 181-189
[32] Ferraiolo D F. Proposed NIST Standard for Role-Based Access Control. ACM Transactions on Information and System Security, 2001,4(3): 224-274
[33] Sandhu R S, Coyne E J, Feinstein H L, et al. Role-Based access control models.IEEE Computer, 1996,29(2): 38-47
[34] Shen H, Hong F. An Attribute-Based Access Control Model for Web Services. In:Proceedings of the 7th International Conference on Parallel and Distributed Computeing, Applications and Technologies. Taipei, Taiwan, December 2006.74-79
[35] Lu Jianfeng, Li Ruixuan, Lu Zhengding, et al. Integrating Trust and Role for Secure Interoperation in Multi-Domain Environment. In: Proceedings of Information Security and Assurance. Busan, Korea, April 2008. 77-82
[36] Hall A, Pomm C, Widmayer P. A Combinatorial Approach to Multi-domain Sketch Recognition. In: Proceedings of the 4th Eurographics workshop on Sketch-based interfaces and modeling. Riverside, California, October 2007. 7-14
[37] PChristine Alvarado, PRandall Davis. Dynamically constructed Bayes Nets for Multi-domain Sketch Understanding. ACM SIGGRAPH 2007 courses. San Diego,California, August 2007. 1-25
[38] Bhatti R, Joshi J B D, Bertino E, et al. X-GTRBAC Admin: A Decentralized Administration Model for Enterprise-Wide Access Control. ACM Transactions on Information and System Security, 2005, 8(4): 388-432
[39] Robles R J, Min Kyu Choi, Sang Soo Yeo, et al. Application of Role-Based Access Control for Web Environment. In: Proceedings of International Symposium on Ubiquitous Multimedia Computing. Hobart, Australia, October 2008. 171-174
[40] Robinson D C, Sloman M S. Domain-based Access Control for Distributed Computing System, Software Engineering Journal, 1988, 3(5): 161-170
[41] Woo Y C, Lam S S. Authorization in Distributed Systems: A formal approach. In: Proceedings of 13th IEEE Computer Society Symposium on Research in Security and Privacy. Oakland, CA, May 1992. 33-50
[42] Theimer M M, Nichols D A, Terry D B. Delegation through Access Control Programs. In: Proceedings of 12th International conference on Distributed Systems. Yokohama, Japan, June 1992. 529-536
[43] Tang Zhuo, Li Ruixuan, Lu Zhengding. A Request-Driven Role Mapping for Secure Interoperation in Multi-Domain Environment. In: Proceedings of IFIP International Conference on Network and Parallel Computing Workshops. Dalian, China, September 2007. 83-90
[44] Lauri I, Pesonen W, David M, et al. A Capability-Based Access Control Architecture for Multi-Domain Publish/Subscribe Systems. In: Proceedings of the 2006 Symposium on Applications and the Internet. Phoenix, Arizona, USA, January 2006. 222-228
[45] Zhang Yue, Joshi J B D. A Request-driven Secure Interoperation Framework in Loosely-coupled Multi-domain Environments Employing RBAC policies. In: Proceedings of 3rd International Conference on Collaborative Computing: Networking, Applications and Worksharing. New York, USA, November 2007. 25-32
[46] Grau B C, Horrocks I, Kazakov Y, et al. Just the Right Amount: Extracting Modules form Ontologies. In: Proceedings of the 16th international conference on World Wide Web. New York, USA, May 2007. 717-726
[47] Iranmanesh Z, Amini M, Jalili R. A Logic for Multi-domain Authorization Considering Administrators. In: Proceedings of 9th IEEE International Workshop on Policies for Distributed Systems and Networks. Palisades, New York, USA, June 2008. 189-196
[48] 金莉,卢正鼎.多域环境下安全互操作研究进展.计算机科学,2009,36(2):47-54
[49] Kapadia A, Muhtadi J A, Campbell R H, et al. IRBAC 2000: Secure Interoperability Using Dynamic Role Translation. Technical Report UIUCDCS-R-2000-2162, University of Illinois, 2000
[50] Freudenthal E, Pesin T, Port L. dRBAC: Distributed role-based access control for dynamic coalition environments. In: Proceedings of the 22nd International Conference on Distributed Computing Systems. Vienna, Austria, July 2002. 294-306
[51] Fu Zhengfang. Trust-based Authorization Model on Interval-valued Fuzzy Sets Theory. In: Proceedings of the 7th World Congress on Intelligent Control and Automation. Chongqing, China, June 2008. 2530-2535
[52] Ajayi O, Sinnott R, Stell A. Trust Realisation in Multi-domain Collaborative Environments. In: Proceedings of the 6th IEEE/ACIS International Conference on Computer and Information Science. Melbourne, Australia, July 2007. 906-911
[53] Li N H, Mitchell J C, Winsborough W H. Design of A Role-based Trust Management Framework. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy. Oakland, California, USA, May 2002.114-130
[54] Li N H, Winsborough W H, Mitchell J C. Distributed Credential Chain Discovery in Trust Management. In: Proceedings of the 8th ACM Conference on Computer and Communications Security. Philadelphia, Pennsylvania, USA, November 2001. 156-165
[55] Winsborough W H, Seamons K E, Jones V E. Automated Trust Negotiation. In: Proceedings of DARPA Information Survivability Conference and Exposition. Hilton Head, South Carolina, January 2000. 88-102
[56] Smith B, Seamons K E, Jones M D. Responding to Policies at Runtime in TrustBuilder. In: Proceedings of the 5th International Workshop on Policies for Distributed Systems and Networks. New York, USA, June 2004. 149-158
[57] Herzberg A, Mass Y, Michaeli J, et al. Access Control Meets Public Key Infrastructure, or: Assigning roles to strangers. In: Proceedings of the 2000 IEEE Symposium on Security and Privacy. Berkeley, California, USA, May 2000. 2-14
[58] 李建欣,怀进鹏,李先贤.自动信任协商研究.软件学报,2006,1(17):124-133
[59] 张煜,张文燚,李先贤等.多自治域协同环境中群组通信的安全访问控制.计算机研究与发展,2005,49(2):1558-1563
[60] 王远,徐锋,曹春等.一个基于信任管理的分布式访问控制系统的设计与实现. 计算机科学,2005,32(8):226-229
[61] 陈颖,杨寿保,郭磊涛等.网格环境下的一种动态跨域访问控制策略.计算机研究与发展,2006,43(11):1863-1869
[62] 朱贤.多域环境下基于信任管理的访问控制研究:[博士学位论文].武汉:华中科技大学图书馆,2006
[63] Denker G., Millen J, Miyake Y. Cross-domain Access Control via PKI. In: Proceedings of the Third International Workshop on Policies for Distributed Systems and Networks. Monterey, CA, USA, June 2002. 202-205
[64] Smithi Piromruen, James B D Joshi. An RBAC Framework for Time Constrained Secure Interoperation in Multi-domain Environment. In: Proceedings of IEEE Workshop on Object-oriented Real-time Databases. Sedona, AZ, USA, February 2005. 36-45
[65] Patil V, Mei A, Mancini L. Addressing Interoperability Issues in Access Control Models. In: Proceedings of the 2nd ACM symposium on Information, computer and communications security. Singapore, March 2007. 389-391
[66] Qun Ni, Dan Lin, Elisa Bertino, et al. Conditional Privacy-Aware Role Based Access Control. In: Proceedings of the 12th ACM symposium on Access control models and technologies, LNCS 4734. Dresden, Germany, September 2007. 72-89
[67] Chen Xiyuan, Wu Di, Lin Jian, et al. A security Violation Detection Method for RBAC Based Interoperation. In: Proceedings of 2006 International Conference on Computational Intelligence and Security. Guangzhou, China, November 2006. 1491-1496
[68] Lang Bo, Lu You, Zhang Xin, et al. A Flexible Access Control Mechanism Supporting Large Scale Distributed Collaboration. In Proceedings of the 8th International Conference on Computer Supported Cooperative Work in Design. Xiamen, China, September 2004. 500-504
[69] Hu Hualiang, Chen Deren, Huang Changqing. Secure of Role Based Distributed Collaboration Systems. In: Proceedings of 2004 IEEE International Conference on Systems, Man & Cybernetics. Hague, Netherlands, October, 2004. 5520-5524
[70] Ajith Kamath, Ramiro Liscano, Abdulmotaleb El Saddik. User-Credential Based Role Mapping in Multi-domain Environment. In: Proceedings of the 2006 International Conference on Privacy, Security and Trust. Oshawa, Canada, October 2006. 96-105
[71] James B D Joshi, Rafae Bhatti, Elisa Bertino, et al. An Access Control Language for Multidomain Environments. IEEE Internet Computing, 2004, 8(6): 40-50
[72] Jin Li, Lu Zhengding. ASITL: Adaptive Secure Interoperation using Trust-Level. In: Proceedings of Intelligence and Security Informatics: Pacific Asia Workshop. C. C. Yang et al. (Eds.): PAISI 2007, LNCS 4430, Chengdu China, April 2007. 117-128
[73] Jin Li, Lu Zhengding. A Novel Secure Interoperation System. In: Proceedings of 2007 International Conference on Computational Science. Y. Shi et al. (Eds.): ICCS 2007, Part Ⅱ, LNCS 4488, Beijing China, May 2007. 808-814
[74] 金莉,卢正鼎.一种自适应的多域安全互操作模型.小型微型计算机系统(已录用)
[75] Suronapee Phoomvuthisarn. Trust and Role Based Access Control for Secure Interoperation("TracSI"). In: Proceedings of International Symposium on Communications and Information Technologies, ISCIT '07. Sydney, Australia, October 2007. 1458-1463
[76] Burmester M, Das P, Edwards M, et al. Multi-domain Trust Management in Variable-threat Environments using Rollback-access. In: Proceedings of Military Communications Conference, MILCOM 2008. San Diego, CA, November 2008. 1-7
[77] Oluwafemi Ajayi, Dynamic Trust Negotiation. In: Proceedings of the 15th ACM Mardi Gras conference: From lightweight mash-ups to lambda grids: Understanding the spectrum of distributed computing requirements, applications, tools, infrastructures, interoperability, and the incremental adoption of key capabilities. Louisiana, USA, January 2008. 3-10
[78] Li J, Huai J, Xu J, et al. TOWER: Practical Trust Negotiation Framework for Grids. In: Proceedings of the 2nd IEEE International Conference on e-Science and Grid Computing. Amsterdam, Netherlands, December 2006. 26-37
[79] Tatyana Ryutov, Li Zhou, Clifford Neuman. Adaptive Trust Negotiation and Access Control. In: Proceedings of ACM Symposium on Access Control Models and Technologies 2005. Stockholm, Sweden, June 2005. 139-146
[80] Huu T, Michael H, Vijay V, et al. A Trust based Access Control Framework for P2P File-Sharing Systems. In: Proceedings of the 38th Annual Hawaii International Conference on System Sciences. Big Island, Hawaii, USA, January 2005. 302-312
[81] Oluwafemi Ajayi, Richard Sinnott, Anthony Stell. Trust Realisation in Multi-domain Collaborative Environments. In: Proceedings of 6th IEEE/ACIS International Conference on Computer and Information Science (ICIS 2007). Melbourne, Australia, July 2007. 906-911
[82] 洪帆,崔国华,付小青.计算机安全.武汉:华中科技大学出版社,2005.40-41
[83] Mohamed S, Elisa B, Arif G. SERAT: Secure Role Mapping Technique for Decentralized Secure Interoperability. In: Proceedings of the 10th ACM Symposium on Access Control Models and Technologies. ACM Press, Stockholm, Sweden, June 2005. 159-167
[84] Martino L D, Qun Ni, Dan Lin, et al. Multi-domain and Privacy-aware Role based Access Control in eHealth. In: Proceedings of Second International Conference on Pervasive Computing Technologies for Healthcare, PervasiveHealth 2008. Tampere, Finland, January 2008. 131-134
[85] Wang Xiaoqing, Gu Tianyang, Guo Yong, et al. An Efficient Algorithm of Role Mapping across Security Domains in Data-Sharing Environments. In: Proceedings of the 9th International Conference on Web-Age Information Management. Zhangjiajie, China, July 2008.606-611
[86] Zhang Yue, Joshi J B D. ARBAC07: A Role-based Administration Model for RBAC with Hybrid Hierarchy. In: Proceedings of IEEE International Conference on Information Reuse and Integration. Las Vegas, USA, August 2007. 196-202
[87] Joshi James B D, Elisa Bertino. Fine-grained Role-based Delegation in Presence of Hybrid Role Hierarchy. In: Proceedings of the 11th ACM Symposium on Access Control Models and Technologies. Lake Tahoe, California, USA, June 2006. 81-90
[88] Park J S, An G, Chandra D. Trusted P2P computing environments with role-based access control. IET Information Security, 2007, 1(1): 27-35
[89] Szigeti J, Ballok I, Cinkler T. Efficiency of Information Update Strategies for Automatically Switched Multi-Domain Optical Networks. In: Proceedings of the 7th International Conference on Transparent Optical Networks. Barcelona, Spain,July 2005. 445-454
[90] Mesko D, Viola G, Cinkler T. A Hierarchical and a Non-Hierarchical European Multi-Domain Reference network: Routing and Protection. In: Proceedings of the 12th International Telecommunications Network Strategy and Planning Symposium.NewDelhi, India, November 2006. 1-5
[91] Du Siqing, Joshi J B D. Supporting Authorization Query and Inter-domain Role Mapping in Presence of Hybrid Role Hierarchy. In: Proceeding of the 11 th ACM Symposium on Access Control Models and Technologies. CA, USA, June 2006.228-236
[92] Chuang Michael. An Integrated Framework for Trust-Based Access Control for Open Systems. In: Proceeding of 2006 International Conference on Collaborative Computing: Networking, Applications and Worksharing. Atlanta, Georgia, USA,November 2006. 1-11
[93] Basit Shafiq, Joshi James B D, Elisa Bertino, et al. Secure Interoperation in a Multi-Domain Environment Employing RBAC Policies. IEEE Transactions on Knowledge and Data Engineering, 2005,17(11): 1557-1577
[94] Sun Yuqing, Gong Bin, Meng Xiangxu, et al. Active Authorization Management for Multi-domain Cooperation. In: Proceedings of the 11 th International Conference on Computer Supported Cooperative Work in Design. Melbourne, Australia, April 2007. 162-167
[95] Zhang Wenbo, Zhang Hongqi, Zhang Bin, et al. An Identity-Based Authentication Model for Multi-domain in Grid Environment. In: Proceedings of 2008 International Conference on Computer Science and Software Engineering. Wuhan,China, December 2008, 3: 165-169
[96] Polito S G, Schulzrinne H. Authentication and Authorization Method in Multi-domain, Multi-provider Networks. In: Proceedings of the 3rd EuroNGI Conference on Next Generation Internet Networks. Trondheim, Norway, May 2007.174-181
[97] Dechenko Y, Gommans L, de Laat C. Extending Role Based Access Control Model for Distributed Multidomain Applications. In: Proceedings IFIP SEC 2007 Conference. Sandton Gauteng, South Africa, May 2007.301-312
[98] Luo Xin, Yang Yixian, Niu Xinxin, et al. Trust Propagation Policy for Secure Interoperability in Multi-domain Environments. In: Proceedings of International Conference on Information Management, Innovation Management and Industrial Engineering. Taipei, Taiwan, December 2008, 3. 181-184
[99] Rao A M M, Mohanty H. Design Issues of a Policy Enforcer to Secure Multi-domain Environment. In: Proceedings of International Conference on Information Technology. Rome, Italy, April 2008. 199-200
[100] Joshi J B D, Bhatti R, Bertino E, et al. An Access Control Language for Multidomain Environments. IEEE Internet Computing, 2004, 8(6): 40-50
[101] Dzbor M, Kubias A, Gridinoc L, et al. The role of access rights in ontology customization, Deliverable 4.4. 1, NeOn Project, 2007
[102] Kagal L, Berners Lee T, Connolly D, et al. Self-describing delegation networks for the Web. In: Proceedings of the 7th IEEE International Workshop on Policies for Distributed Systems and Networks, London-Ontario, Canada, June 2006. 205-214
[103] Wu Di, Lin Jian, Dong Yabo, et al. Using semantic web technologies to specify constraints of RBAC. In: Proceedings of the 6th International Conference on Parallel and Distributed Computing Applications and Technologies. Dalian, China, December 2005. 543-545
[104] 宋炜,张铭.语义网简明教程.北京:高等教育出版社,2004.111-115
[105] Bechhofer S, Van Harmelen F, Hendler J, et al. OWL Web Ontology Language Reference. Technical Report Recommendation REC-owl-ref-20040210. World Wide Web Consortium, 2004
[106] Marc Ehrig, York Sure. Ontology Mapping-An Integrated Approach. In: Proceedings of the first European Semantic Web Symposium, ESWS 2004. Crete, Greece, May 2004. 76-91
[107] Bisson G. Why and how to define a similarity measure for object based representation systems. In: Proceedings of 2nd international conference on Building and Sharing Very Large Scale Knowledge Bases. Netherlands, April 1995. 236-246
[108] Van Rijsbergen. Information Retrieval. London: Butterworths, 1979. 35-55
[109] Lorenzo Cirio, Isabel F Cruz, Roberto Tamassia. A Role and Attribute Based Access Control System Using Semantic Web Technologies. In: Proceedings of International IFIP Workshop on Semantic Web and Web Semantics, LNCS 4806.Springer, Nevada, USA, June 2007. 1256-1266
[110] Cecilia M Ionita, Sylvia L Osborn. Specifying an Access Control Model for Ontologies for the Semantic Web. In: Proceedings of 2005 SIAM International Conference on Data Mining. Trondheim, Norway, September 2005. 73-85
[111] Toninelli A, Motanari R, Kagal L, et al. A Semantic Context-aware Access Control Framework for Secure Collaborations in Pervasive Computing Environments. In:Proceedings of the 5th International Semantic Web Conference. Athens, GA, USA,November 2006. 473-486
[112] Do H, Melnik S, Rahm E. Comparision of schema matching evaluations. In:Proceedings of the 2nd International workshop on Web and Databases (German Informatics Scoiety). Madison, Wisconsin, June 2002. 221-237
[113] Zhu Haibin. Conflict resolution with roles in a collaborative system, International Journal of Intelligent Control and Systems, 2005,10(1): 11-20
[114] Chen Xiyuan, Wu Di, Lin Jian, et al. A Secrety Violation Detection Method for RBAC Based Interoperation. In: Proceedings of 2006 International Conference on Computational Intelligence and Security. Guangzhou, China, November 2006.1491-1496
[115] Andreas Schaad. Detecting Conflicts in a Role-based Delegation Model. In:Proceedings of the 17th Annual Computer Security Applications Conference. New Orleans, Louisiana, December 2001. 117-126
[116] Hiroaki Kamoda, Masaki Yamaoka, Shigeyuki Matsuda. Policy Conflict Analysis Using Free Variable Tableaux for Access Control in Web Services Environments, In:Proceedings of the 14th International World Wide Web Conference. Edinburgh,Scotland, May 2005. 5-12
[117] Yi Ren, Xiao Zhiting, Guo Sipei. An Extended RBAC Model for Uniform Implementation of Role Hierarchy and Constraint. In: Proceedings of 2008 International Symposium on Electronic Commerce and Security. Guangzhou, China,August 2008.169-174
[118] Lauri I W Pesonen, David M Eyers, Jean Bacon. Encryption-enforced Access Control in Dynamic Multi-domain Publish/subscribe Networks. In: Proceedings of the 2007 international conference on Distributed event-based systems. Toronto,Canada, June 2007. 104-115
[119] Quinlan J R, Chameron Jones R M. FOIL: A midterm report. In: Proceedings of the 6th European Conference on Machine Learning. Vienna, Austria, April 1993. 3-20
[120] Hannah K Lee, Heiko Luedemann. Lightweight Decentralized Authorization Model for Inter-domain Collaborations. In: Proceedings of the 2007 ACM Workshop on Secure Web Services. Fairfax, USA, November 2007. 83-89