摘要
虚拟组织是网格协同解决问题的高效资源组织形式。按需、动态、即时构建虚拟组织适应了网格应用的多样性和网格资源的动态性。但目前支持动态构建虚拟组织的声誉机制、保障其可靠运行的授权机制尚不完善,主要表现在:集中式网格声誉模型的可扩展性差而分布式模型则普遍依赖于DHT技术来实现全局声誉管理;虚拟组织授权系统缺乏对授权执行过程的细粒度控制,而授权决策过程缺乏连续决策能力且策略规范难以表达精细的授权策略。本文针对上述问题进行了深入研究,主要工作如下:
(1)研究了动态网格虚拟组织环境下的声誉评价机制。提出一种模糊集信任度量方法,按QoS属性分类度量,采用7个等级评价服务,综合评价值得出信任向量。仿真实验表明此方法较以往方法更好地刻画了网格服务的行为特征。针对网格节点上所有网格服务的行为特征给出网格节点的局部声誉度量方法。通过提出一种声誉覆盖网构建、运行与维护协议,实现了局部声誉值的汇聚。分析和仿真表明,此协议能够较好地抑止窜改和协同欺骗行为并适应了网格环境的特点。
(2)提出了基于层次角色委托的服务网格虚拟组织授权执行模型。模型支持委托角色授予与撤销功能以及相应的关联性限制特性。通过加入信任度细化了关联性限制的表达粒度;通过定义角色树作为委托授权的基本单位并对角色树进行剪枝,改善了部分委托实现的难度;通过定义带信任度的委托传播树细化了对委托传播限制的控制。提出的委托凭证全面支持了角色委托的临时性、关联性、部分性、传播性限制需求。对模型中的委托授权执行规则做了形式化描述,并证明了执行规则能够细粒度地控制委托授权的执行过程。实例展示表明此模型满足了网格应用对委托限制多方面的需求。
(3)提出了一套适合服务网格授权决策的使用控制模型SG_UCON_(ABC)以及相应的策略规范。分别针对基于授权谓词决策的UCON_A、基于义务行为决策的UCON_B和基于条件谓词决策的UCON_C表达能力弱的缺陷,提出了相应的SG_UCONA、SG_UCON_B和SG_UCON_C模型。在模型中,用委托凭证处理过程的状态组合替换原来简单的访问状态,决策组件根据请求时系统状态输出合理的委托凭证,根据系统状态的变化再决策可转换委托凭证的处理状态。为了验证SG-UCON_(ABC)的授权策略表达能力,给出了其相应的形式化策略规范,并证明了其完备性和正确性。实例展示表明,SG UCON_(ABC)及其策略规范有效地避免了相同访问请求重复产生委托凭证问题、能够细粒度地表达授权策略、输出合理的决策结果。
(4)提出了一种细粒度的网格虚拟组织授权决策服务。此服务实现了网格授权属性的可变性和授权决策的连续性,并依据系统状态变化进行连续的授权决策来改变委托凭证的处理状态,而委托凭证处于激活状态时才能被授权执行服务使用,可以满足权限按需激活的要求。通过Petri网技术将主要决策过程模型化为Petri网来验证其正确性,验证结果表明其不会出现死锁、停止不前的状态,并且决策过程所处的状态是有限的,能够处理授权决策中实际出现的各种情况。
(5)扩展了网格虚拟组织授权系统对工作流授权的支持。定义了委托步和委托结构体以及它们之间的依赖关系,它能形式化地描述流程任务间的内在约束关系。阐述了委托步的生命周期模型,依据它可方便地描述授权流状态的动态更新过程。提出的虚拟组织工作流授权执行控制算法确保了工作流授权执行过程不会违背委托人的意愿。实例展示表明了此模型满足职责分离和最小特权原则。
Virtual organization is defined as flexible,secure,coordinated resource sharing among dynamic collections of individuals,institutions,and resources.Constructing virtual orginazation on demand in a dynamic and timely manner is suitable for the diversity of grid applications and the dynamic characteristic of grid resources.But current reputation mechanisms for dynamic virtual organization constructing and authorization mechanisms for dynamic virtual organization running are incomplete.For example,the expansibility of centralized reputation models is bad,distributed reputation models mostly depend on distributed hash table technology to implement global reputation management;authorization systems of virtual organization lack authorization enforcement function,whereas their authorization decision processes also lack the capability of continuous decision and policy specifications do not express fine-grained authorization policies for resources.The above problems are researched deeply in this paper.The main work and contributions are presented in the following aspects:
(1)To suit for the characteristic of dynamic virtual orginazation,a new reputation mechanism is proposed.
The existing distributed reputation mechanisms can not efficiently solve the problems of grid environment,and the trust measurement methods can not nicely depict behaviors of grid service.A fuzzy set method of trust measurement is proposed,which adopts seven grades to evaluate grid service according to the QoS attributes and the trust vector of grid service is calculated with evaluation values.The experimental results show this method is better than the existing methods.Based on behaviors of grid service, local reputation values of grid nodes are obtained,and aggregated through proposed Reputation Overlay Network(RON).The theoretical analyses and experimental results show that,RON can efficiently restrain the forgery and collusion attack,and satisfy demands of more nicely calculating global reputation.
(2)To control authorization enforcement process in a fine-grained manner and satisfy restricted delegation requirements of grid applications,a hierarchical-role based delegation authorization enforcement model for virtual organization is proposed.
The dynamic characteristic of delegation role granting or revocation and the associated constraint of delegation role granting are effectively supported.The fine-grained associated role dependency is implemented by adding trustworthiness. Partial delegation problem is easily solved by defining the role tree as the basic unit of delegation authorization and by the pruning of the role tree.The delegation spread tree with trustworthiness is defined to implement multi-step delegation in a fine-grained manner.The delegation certification is proposed to fully express temporary delegation, associated role delegation,partial delegation,multi-step delegation.Based on above works,a set of formal delegation authorization enforcement rules is proposed and proved,and the delegation authorization enforcement process is effectively controlled by it.The exhibited example shows that the model satisfies various restricted delegation requirements of grid applications.
(3)To keep free from weak capabilities of expression of the usage control model based on authorization predicate(UCONA),based on obligation action(UCON_B),and based on condition predication decision(UCON_C),their improved models and the corresponding policy specifications are proposed,respectively.
The delegation certification is used to express decision response in a fine-grained manner,and the UCONA,UCON_B,and UCON_C are improved as SG_UCON_A(UCON_A for service grid),SG_UCON_B(UCON_B for service grid),and SG_UCON_C(UCON_C for service grid),respectively.Delegation certification processing statuses are defined to replace the simple access status.Decision component can make the reasonable delegation certification based on the system status when a request arrives,and also make decision to change the delegation certification processing status when the system status is changed.To verify expressive capabilities of the above models,the corresponding policy specifications are given,and their completeness and soundness are proved.The exhibited example shows that,they can avoid generating the delegation certification for the same access requests repeatedly,express authorization policy in a fine-grained manner,and export reasonable decision responses.
(4)To implement mutability of authorization attribute and continuity of authorization decision in virtual organizations for service grid,a fine-grained grid authorization decision service is proposed.
This service can maintain processing status of delegation certification when the system status is changed,such as changing its status according to response of continuous authorization decision.Delegation certification can be used by authorization enforcement service only when its processing status is‘using_dc',which satisfy the requirement of enabled permission on demand in grid application.Authorization decision process is modeled in Petri nets,and its correctness is verified in this paper. The validation result shows there are not deadlock,stop and infinite circle in the authorization decision process,and the statuses of this process are limited and the various instances are dealt with in it.
(5)To dynamically manage the permissions through tasks and tasks'status of workflow in virtual organization,an authorization enforcement model for workflow was proposed.
Delegation step,delegation unit and their dependency relationships are defined to formally describe inherent restriction relationships between flow tasks,which can more nicely describe an authorization workflow.A life period model of delegation step is defined,which can more nicely describe the status update process of an authorization workflow.The authorization enforcement process of workflow can be controlled by the proposed workflow authorization enforcement algorithm in a fine-grained manner.The exhibited example shows that the model can satisfy security requirements of workflow application in virtual organization.
引文
[1]Open Grid Forum.https://forge.gridforum.org/
[2]The Globus Alliance.http://forge.globus.org/
[3]Foster I,Kesselman C.Globus:A metacomputing infrastructure toolkit[J].International Journal of Supercomputer Applications,1997,11(2):115-128.
[4]DOE SCIENCE GRID.http://doesciencegrid.org/
[5]TeraGrid.http://www.teragrid.org/
[6]EUROGRID.http://www.eurogrid.org/
[7]The DataGrid Project.http://eu-datagrid.web.cern.ch/eu-datagrid/
[8]Foster I,Kesselman C,Tuecke S.The anatomy of the grid[J].International Journal of High performance Computing Applications,2001,15(3):200-222.
[9]Joshy Joseph,Craig Fellenstein著,战晓苏,张少华译.网格计算[M].北京:清华大学出版社,2005,37-38.
[10]F.Azzedin,M.Maheswaran.Evolving and Managing Trust in Grid Computing Systems.In 2002 Canadian Conference on Electrical and Computer Engineering[C].Hotel Fort Garry,Winnipeg,Manitoba,Canada:IEEE Computer Society Press,2002,1424-1429.
[11]Azzedin F,Maheswaran M.A trust brokering system and its application to resource management in public resource grids[A].18th International Parallel and Distributed Processing Symposium(IPDPS'04)[C].Santa Fe:IEEE Computer Society,2004.22-32.
[12]G.von Laszewski,B.E.Alunkal,and I.Veljkovic.Towards reputable grids[J].Scalable Computing:Practice and Experience,2005,6(3):95-106.
[13]Kamvar SD,Scholosser MT,Molina HG.The EigenTrust algorithm for reputation management in P2P networks[A],In:Lawrence S,ed.Proc.of the 12th Int'l World Wide Web Conf.(WWW 2003)[C].Budapest:ACM Press,2003.640-651.
[14]李景涛,荆一楠,肖晓春等.基于相似度加权推荐的P2P环境下的信任模型[J].软件学报,2007,18(1):157-167.
[15]S.Song,K.Hwang,and Y.K.Kwok.Trusted Grid with Security Binding and Trust Integration[J].Journal of Grid Computing,2005,3(1):53-73.
[16]R.Zhou and K.Hwang.Trust Overlay Networks for Global Reputation Aggregation in P2P Grid Computing[R].tech.report TR-2005-16,Internet and Grid Computing Lab.,Univ.of Southern California,October 2005.
[17]Ripeanu M.Peer-to-Peer architecture case study:Gnutella network[R].Technical Report,TR-2001-26,Chicago:University of Chicago,2001.
[18]M.Cai,M.Frank and P.Szekely.MAAN:A multi-attribute addressable network for grid information services[J].Journal of Grid Computing,2004.
[19]E.Sit and R.Morris.Security Considerations for P2P Distributed Hash Tables[A].Proc.IPTPS 2002[C].2002.
[20]F.Kerschbaum,J.Haller,Y.Karabulut,et al.Pathtrust:A trust-based reputation service for virtual organization formation[A].In iTrust2006:Proceedings of the 4th International Conference on Trust Management[C],volume 3986 of Lecture Notes in Computer Science,Springer,2006.193-205.
[21]Lin C,Varadharajan V,Wang Y,et al.Enhancing grid security with trust management[A].Proceedings of the 2004 IEEE International Conference on Services Computing[C],IEEE Computer Society Washington,DC,USA,2004.303-310.
[22]Song S,Hwang K.Fuzzy trust integration for security enforcement in grid computing[A].International Symposium on Network and Parallel Computing (NPC2004)]C].Heidel-berg:Springer-Verlag GmbH,2004.
[23]朱峻茂,杨寿保,樊建平等.Grid与P2P混合计算环境下基于推荐证据推理的信任模型[J],计算机研究与发展,2005,42(5):797-803.
[24]陈建刚,王汝传,王海艳.网格资源访问的一种主观信任机制[J].电子学报,2006,34(5):817-821.
[25]林剑柠,吴慧中.基于主观逻辑理论的网格信任模型分析[J].计算机研究与发展,2007,44(8):1365-1370.
[26]Globus Toolkit 3.0.http://www-unix.globus.org/toolkit/download.html
[27]Alfei R.,Cecchini R.,Ciaschini V.et al.From gridmap-file to VOMS:Managing authorization in a grid environment[J].Future Generation Computer Systems Journal,2005,21(4):549-558.
[28] Open Grid Forum: Project:OGSA-AUTHZ-WG. https: //forge, gridforum. org/ sf/ projects/ ogsa-authz.
[29] OASIS. Profiles for the OASIS Security Assertion Markup Language (SAML) V2.0. OASIS Standard, 15 March 2005.
[30] OASIS, extensible Access Control Markup Language (XACML) Version 2.0. OASIS Standard, 1 Feb 2005.
[31] M. Thompson, A. Essiari, S. Mudumbai. Certificate-based Authorization Policy in a PKI Environment[J]. ACM Transactions on Information and System Security (TISSEC), Nov. 2003,6(4): 566-588.
[32] Lorch M, Adams D, Kafura D, et al. The PRIMA system for privilege management, authorization and enforcement in grid environments [A]. In: Proceedings of the 4th International Workshop on Grid Computing (Grid 2003) [C]. Los Alamitos: IEEE Computer Society, 2003. 109-116.
[33] D. W. Chadwick, O. Otenko. The PERMIS X.509 Role Based Privilege Management Infrastructure [A]. In: proceedings of the 7th ACM Symposium on Access Control Models and Technologies(SACMAT02)[C]. Monterey, California,USA: ACM, 2002. 135-140.
[34] Pearlman L, Welch V, Foster I, et al. A community authorization service for group collaboration[A]. In:Proceedings of IEEE 3rd International Workshop on Policies for Distributed Systems and Networks[C]. Washington DC: IEEE Computer Society,2002. 50-59.
[35]VOMS Architecture vl.l[EB/OL], http://grid-auth.infn.it/docs/VOMS-vl_l.pdf, Febrary2003.
[36] R. Alfieri et al. (EDG Security Co-ordination Group). Managing Dynamic User Communities in a Grid of Autonomous Resources [A]. Proceedings of Computing in High Energy and Nuclear Physics [C], 2003.
[37] J Park, R Sandhu. Towards Usage Control Models: Beyond Traditional Access Control[A]. Proceedings of the 7th ACM Symposium on Access Control Models and Technologies(SACMAT02) [C], Monterey, California, USA: ACM, 2002:57-64.
[38] Martinelli F., Mori P., Vaccarelli A.. Towards continuous usage control on grid computational services[A]. In: Proceedings of the Joint International Conference on Automomics and Autonomous Systems/International Conferenc on Networking and Services (ICAS/ICNS)[C], Papeete, France, USA: IEEE, 2005, 506-513.
[39] Yongquan Cui, Fan Hong, Cai Fu. Context-aware usage-based grid authorization framework[J]. WuHan University Journal of Natural Sciences, 2006, 11(6): 1736 -1740.
[40] Yiduo Mei, Xiaoshe Dong, Weiguo Wu, Shangyuan Guan, Jing Xu. UCGS: a usage control approach for grid services[A]. In: Proceedings of the International Conference on Computational Intelligence and Security Workshops (CISW 2007)[C], Harbin, china, USA: IEEE CS, 2007, 486-489.
[41] Fabio Martinelli and Paolo Mori. A model for usage control in grid systems[A]. In: Proceedings of International Conference on Security, Trust and Privacy in Grid Systems(Grid-STP 2007)[C], Nice, France, USA: IEEE CS, 2007, 169-175.
[42] Xinwen Zhang, Masayuki Nakae, Michael J. Covington, Ravi Sandhu. A usage-based authorization framework for collaborative computing systems[A]. In:Proceedings of the eleventh ACM Symposium on Access Control Models and Technologies(SACMAT06)[C], Lake Tahoe, California, USA: ACM, 2006, 180 - 189.
[43] Xinwen Zhang, Masayuki Nakae, Michael J. Covington, and Ravi Sandhu. Toward a usage-based security framework for collaborative computing systems[J]. ACM Transactions on Information and System Security(TISSEC), 2008, 11(1): 1-36.
[44] Lamport, L.. The temporal logic of actions [J]. ACM Transactions on Programming Languages and Systems, 1994, 16(3): 872-923.
[45] Xinwen Zhang, Francesco Parisi-Presicce, Ravi Sandhu, et al. Formal model and policy specification of usage control[J]. ACM Transactions on Information and System Security(TISSEC), 2005, 8(4): 351-387.
[46] Federico Stagni, A.E.Arenas, Benjamin Aziz. On usage control in data grids. Istituto Nazionale di Fisica Nucleare sez. di Ferrara, via Saragat 1 - 44100 Ferrara, Italy, e-Science centre, STFC Rutherford Appleton Laboratory, Oxfordshire, UK,CoreGRID Tech. Rep. TR-0154, June 2008.
[47] D. Chadwick. Functional components of grid service provider authorisation service middleware.Technical report,Open Grid Forum,2008.Available:http://forge.gridforum,org/sf/projects/ogsa-authz/
[48]Moshe Y,Vardi.Branching vs.linear time:final showdown[A].In Tiziana Margaria andWang Yi,editors,Proceedings of the 7th International Conference On Tools and Algorithms for the Construction and Analysis of Systems(TACAS 2001)[C],volume 2031 of Lecture Notes in Computer Science,Springer,Genova,Italy,2001,1-22.
[49]W3C,Web Services Architecture,2003.http://www.w3.org/TR/2003/WD-ws-arch-20030808/
[50]Gnutelliums LLC.Gnutella protocol specification version 0.4[EB/OL].2006.http://www9.1imewire.com/developer/gnutella_protocol_0.4.pdf
[51]L.M.Camarinha-Matos,H.Afsarmanesh.A Roadmap for Strategic Research on Virtual Organizations[A].Proceedings of IFIP Working Conference on Virtual Enterprises-PRO-VE'03[C],Lugano,Switzerland,2003,33-46.
[52]S.Wesner,L.Schubert,T.Dimitrakos.Dynamic virtual organizations in engineering[A].In Proceedings of German-Russian Workshop[C],2005.
[53]L.Xiong,and L.Liu.A Reputation-Based Trust Model for Peer-to-Peer eCommerce Communities[A].Proceedings of the IEEE Conference on ECommerce[C],2003.
[54]L.Xiong,L.Liu.PeerTrust:Sopporting reputation-based trust for peer-to-peer electronic communities[J].IEEE Trans.on Knowledge and Data Engineering,2004,16(7):843-857.
[55]姜守旭,李建中.一种P2P电子商务系统中基于声誉的信任机制[J].软件学报,2007,18(10):2551-2563.
[56]窦文,王怀民,贾焰等.构造基于推荐的Peer-to-Peer环境下的Trust模型[J].软件学报,2004,15(4):571-583.
[57]Song S,Hwang K,Zhou R,Kwok YK.Trusted P2P transactions with fuzzy reputation aggregation[J].IEEE Internet Computing,2005,9(6):24-34.
[58]袁巍,李津生,洪佩琳.一种P2P网络分布式信任模型及仿真[J].系统仿真学报,2006,18(4):938-942.
[59]张骞,张霞,文学志等.Peer-to-Peer环境下多粒度Trust模型构造[J].软件学报,2006,17(1):96-107.
[60]唐扬斌,王怀民,常俊胜.自组织虚拟计算环境中的组信誉机制[J].软件学报,2007,18(8):1968-1986.
[61]彭冬生,林闯,刘卫东.一种直接评价节点诚信度的分布式信任机制[J].软件学报,2008,19(4):936-945.
[62]Foster I,Kessleman C,Nick JM,et al.The physiology of the grid —An open grid services architecture for distributed systems integration[EB/OL].Open Grid Service Infrastructure WG,Global Grid Forum.http://www.globus.org/ research/ papers/ogsa.pdf,2002.
[63]Tuecke,S.,et.al.,Open Grid Service Infrastructure,Version 1.0,June 27,2003.
[64]单保华,杨冬菊,张利永等.一种有盟主的服务虚拟组织模型及其在电子政务中的应用[J].计算机学报,2006,29(7):1241-1251.
[65]Abdul-Rahman A,Hailes S.Using Recommendations for Managing Trust in Distributed Systems[A].In:IEEE Malaysia International Conference on Communication[C],1997.
[66]徐锋,吕建,郑玮等.一个软件服务协同中信任评估模型的设计[J].软件学报,2003,14(6):1043-1051.
[67]王远,吕建,徐锋等.一种适用于网构软件的信任度量及演化模型[J].软件学报,2006,17(4):682-690.
[68]王远,吕建,徐锋等.一种面向网构软件体系结构的信任驱动服务选取机制[J].软件学报,2008,19(6):1350-1362.
[69]王小英,赵海,林涛等.基于信任F的普适计算服务选择模型[J].通信学报,2005,26(5):1-8.
[70]陈贞翔,葛连升,王海洋等.普适环境中基于信任的服务评价和选择模型[J].软件学报,2006,17(Suppl.):200-210.
[71]K.Aberer and Z.Despotovic.Managing Trust in a Peer-to-Peer Information System[A].In Proceedings of the 10th International Conference on Information and Knowledge Management(ACM CIKM)[C],New York,USA,2001.
[72]Cornelli F.Choosing reputable servents in a P2P network[A].In:Lassner D,ed.Proc.of the 1 lth Int'l World Wide Web Conf[C].Hawaii:ACM Press,2002.441-449.
[73]Swamynathan G,Zhao BY,Almeroth KC.Exploring the feasibility of proactive reputations[A].In:Proc.of the 5th Int'l Workshop on Peer-to-Peer Systems(IPTPS) [C].Santa Barbara,2006.
[74]Despotovic Z,Aberer K.Maximum likelihood estimation of peers' performance in P2P networks[A].In:Proc.of the 2nd Workshop on the Economics of Peer-to-Peer Systems[C].Cambridge:Harvard University,2004.1-9.
[75]Yu B.,Singh M.P..An Evidential Model of Distributed Reputation Management[A].In:Proceedings of ACM International Conference Autonomous Agents and Multi-Agent Systems(AAMAS'02)[C],Bologna,Italy,2002,82-93.
[76]田春歧,邹仕洪,王文东等.一种基于推荐证据的有效抗攻击P2P网络信任模型[J].计算机学报,2008,31(2):270-281.
[77]A.Singh and Ling Liu.Trustme:Anonymous management of trust relationships in decentralized P2P systems[A].In P2P '03:Proceedings of the 3rd International Conference on Peer-to-Peer Computing[C],pages 142-149,Washington,DC,USA,2003.IEEE Computer Society.
[78]J(?)sang A,Ismail R,Boyd C.A survey of trust and reputation systems for online service provision.Decision Support Systems,2007,43(2):618-644.
[79]扎德著,陈国权译.模糊集合、语言变量及模糊逻辑[M].北京:科学出版社,1982,23-33.
[80]李登峰.模糊多目标多人决策与对策[M].北京:国防工业出版社,2003,84-99.
[81]周晓波,周健,卢汉成等.SACM:一种新的非结构化P2P的拓扑形成模型[J].软件学报,2007,18(12):3131-3138.
[82]Foster I,Jennings N R,Kesselman C.Brain meets brawn:Why grid and agents need each other[A].In:Proceedings of the 3rd International Conference on Autonomous Agents and Multi-Agent Systems(AAMAS'04)[C],New York,USA,2004,8-15.
[83]V.Welch,I.Foster,et al.X.509 proxy certificate for dynamic delegation[A].In Proceedings of the 3rd Annual PKI Workshop[C],Gaithersburg MD,USA,April 2004.20-25.
[84]Seamons KE,Winslett M,Yu T,et al.Requirements for policy languages for trust negotiation[A].In:Michael JB,ed.Proc.of the 3rd IEEE Int'l Workshop on Policies for Distributed Systems and Networks[C],Washington:IEEE Computer Society Press,2002.68-79.
[85]XrML 2.0 Technical Overview[EB/OL],Version 1.0,March 8,2002. http://www.xrml.org/Reference/XrMLTechnicalOverviewV 1.pdf
[86]Ferraiolo DF,Sandhu R,Gavrila S.Proposed NIST standard for role-based access control[J].ACM Transaction on Information and System Security,2001,4(3):224-274.
[87]D.W.Chadwick.Delegation Issuing Service for X.509[A].In:Proc.of NIST 4th Annual PKI Workshop[C],Gaithersberg,USA,April 2005.62-73.
[88]孙为群,单保华,张程等.一种基于角色代理的服务网格虚拟组织访问控制模型[J].计算机学报,2006,29(7):1199-1208.
[89]Zhang LH,Ahn G-J,Chu B-T.A rule-based framework for role-based delegation[A].In:Proc.of the 6th ACM Symp.on Access Control Models and Technologies[C],New York:ACM Press,2001.153-162.
[90]Joshi JBD,Bertino E,Ghafoor A.Temporal hierarchy and inheritance semantics for GTRBAC[A].In:Proc.of the 7th ACM Symp.on Access Control Models and Technologies[C],New York:ACM Press,2002.74-83.
[91]Zhang XW,Oh S,Sandhu RS.PBDM:A flexible delegation model in RBAC[A].In:Proc.of the 8th ACM Symp.on Access Control Models and Technologies[C],New York:ACM Press,2003.149-157.
[92]赵庆松,孙玉芳,孙波.RPRDM——基于重复和部分角色的转授权模型[J].计算机研究与发展,2003,40(2):221-227.
[93]Lee Hyung-Hyo,Lee Young-Rok,Noh Bong-Ham.A new role-based delegation model using sub-role hierarchies[A].In:Proceedings of the 18th International Symposium on Computer and Information Sciences,Antalya,Turkey[C],2003,811-818.
[94]徐震,散斓,冯登国.基于角色的受限委托模型[J].软件学报,2005,16(5):970-978.
[95]翟征德,冯登国,徐震.细粒度的基于信任度的可控委托授权模型[J].软件学报,2007,18(8):2002-2015.
[96]Barka E,Sandhu R.Framework for role-based delegation models[A].In:Proc.of the 16th Annual Computer Security Application Conf[C],IEEE Computer Society Press,2000.168-176.
[97]Ezedin S.Barka.Framework for role-based delegation models[Ph.D.Thesis]. Fairfax Virginia: George Mason University, 2002.
[98] Barka E, Sandhu R. A role-based delegation model and some extensions [A]. In: Proc. of the 23rd National Information Systems Security Conf. (NISSC 2000) [C], 2000.
[99] Sandhu RS, Coyne EJ, Feinstein HL, et al. Role-Based access control models[J]. IEEE Computer, 1996,29(2): 38-47.
[100] Chen F, Sandhu R. Constraints for role-based access control[A]. In: Youman C, Sandhu R, Coyne E, eds. Proc. of the 1st ACM Workshop on Role-Based Access Control[C], New York: ACM Press, 1996.
[101] Simon RT, Zurko ME. Separation of duty in role-based environments [A]. In: Proc. of the 10th Computer Security Foundations Workshop[C], Washington, DC: IEEE Computer Society Press, 1997. 183-194.
[102] Gligor VD, Gavrila SI, Ferraiolo D. On the formal definition of separation-of-duty policies and their composition[A]. In: Proc. of the 1998 IEEE Computer Society Symp. on Research in Security and Privacy[C], Washington, DC: IEEE Computer Society Press, 1998. 172-183.
[103] Jaeger T. On the increasing importance of constraints [A]. In: Proc. of the 4th ACM Workshop on Role-Based Access Control[C], New York: ACM Press, 1999. 33-42.
[104]Joshi JBD, Shafiq B, Ghafoor A, et al. Dependencies and separation of duty constraints in GTRBAC[A]. In: Proc. of the 8th ACM Symp. on Access Control Models and Technologies[C], New York: ACM Press, 2003. 51-64.
[105] Ahn GJ, Sandhu R. Role-Based authorization constraints specification[J]. ACM Trans, on Information and System Security, 2000,3(4): 207-226.
[106] 董光宇,卿斯汉,刘克龙.带时间特色的角色授权约束[J].软件学报, 2002,13(8): 1521-1527.
[107] Xu Z, Feng DG, Li L, et al. UC-RBAC: A usage constrained role-base access control model[A]. In: Qing SH, Gollmann D, Zhou JY, eds. Proc. of the 5th Int'l Conf. on Information and Communications Security[C], LNCS 2836, Heidelberg:Springer-Verlag, 2003. 337-347.
[108] Bandmann O, Dam M, Firozabadi BS. Constrained delegation[A]. In: Proc. of the 23rd Annual IEEE Symp. on Security and Privacy[C], Oakland: IEEE Computer Society Press,2002.131-143.
[109]Wainer J,Kumar A.A fine-grained,controllable user-to-user delegation method in RBAC[A].In:Proc.of the 10th ACM Symp.on Access Control Models and Technologies[C],New York:ACM Press,2005.59-66.
[110]翟征德.基于量化角色的可控委托模型[J].计算机学报,2006,29(8):1401-1407.
[111]Joshi JBD,Bertino E,Latif U,et al.A generalized temporal role based access control model[J].IEEE Trans.on Knowledge and Data Engineering,2005,17(1):4-23.
[112]孙波,赵庆松,孙玉芳.TRDM——具有时限的基于角色的转授权模型[J].计算机研究与发展,2004,41(7):1104-1109.
[113]E Bertino,PA Bonatti,E Ferrari.TRBAC:A temporal role-based access control model[J].ACM Transaction on Information and System Security,2001,4(3):191-233.
[114]R Sandhu,J Park.Usage control:A vision for next generation access control[A].In:Proceedings of the Second International Workshop on Mathematical Methods,Models and Architectures for Computer Networks Security[C],Petersbug,Russia,2003,17-31.
[ll5]Park J,Zhang XW,Sandhu R.Attribute mutability in usage control[A].In:Proceedings of 18th Annual Conference on Data and Applications Security[C].Catalonia,Springer Spain,2004,15-29.
[116]J Park,R Sandhu.The UCON_(ABC)usage control model[J].ACM Transaction on Information and System Security(TISSEC),2004,7(1):128-174.
[117]钟勇,秦小麟,郑吉平等.一种灵活的使用控制授权语言框架研究[J].计算机学报,2006,29(8):1408-1418.
[118]Zhang ZY,Yang L,Pei QQ,Ma JF.Research on usage control model with delegation characteristics based on OM-AM methodology[A].In:Proceedings of IFIP International Conference on Network and Parallel Computing[C],Dalian,China,IEEE CS,2007,238-243.
[119]Sans T,Cuppens F,Cuppens-Boulahia N.A framework to enforce access control,usage control and obligations[A].In:Proceedings of Annales Des Telecommunications-annals of Telecommunications[C],Springer-Verlag France,2007,1329-1352.
[120]Hilty M,Pretschner A,Basin D,Schaefer C,Walter T.A policy language for distributed usage control[A].In:Proceedings of 12th European Symposium on Research in Computer Security[C],Dresden Germany,Springer-Verlag Berlin,2007,531-546.
[121]袁崇义.Petri网原理与应用[M].北京:电子工业出版社,2005:58-66.
[122]Murata T..Petri nets:Properties,analysis and applications[J].Proceedings of the IEEE,1989,77(4):541-580.
[123]Thomas R K,Sandhu R S.Task-based authorization controls(TBAC):A family of models for active and enterprise-oriented authorization managment[A].Proceedings of the IF IP WG11.3 Workshop on Database Security[C],1997,166-181.
[124]Bertino E,Ferrari E,Atluri V.The specification and enforcement of authorization constraints in workflow management systems[J].ACM Transactions on Information and System Security,1999,2(1):65-104.
[125]Reinhardt A Botha,Jan H P Eloff.Separation of duties for access control enforcement in workflow environments[J].IBM Systems Journal,2001,40(3):666-682.
[126]Kumar A.A framework for handling delegation in workflow management systems[A].Proceedings of Work shop on Information[C],Charlotte,NC,1999.
[127]Botha R A,EloffJ H P.Designing role hierarchies for access control in workflow systems[A].Computer Software and Applications Conference[C],2001.COM PSAC 2001.25th Annual International,2001,117-122.
[128]Castano S,Casat i F,Fugini M.Managing workflow authorization constraints through active database technology[J].Information Systems Frontiers,2001,3(3):319-338.
[129]刘建勋,张申生,步丰林.基于角色访问控制在工作流管理系统中的应用研究[J].小型微型计算机系统,2003,24(6):1067-1070.
[130]洪帆,李静.基于任务的授权模型[J].计算机研究与发展,2002,39(8):998-1003.
[131]邓集波,洪帆.基于任务的访问控制模型[J].软件学报,2003,14(1):76-82.
[132]邢光林,洪帆.基于角色和任务的工作流授权模型及约束描述[J].计算机研究与 发展,2005,42(11):1946-1953.
[133]马亮,顾明.基于角色的工作流系统访问控制模型[J].小型微型计算机系统,2006,29(8):136-140.
