协作计算环境下基于使用控制模型的访问控制研究
|
摘要
协作计算把网络汇集的计算资源、数据资源、软件资源等各种资源和系统组合起来,以实现资源共享、协同工作和联合计算,为各种用户提供基于网络的各类综合性服务。在这样开放式的协作环境中,系统的安全面临严峻挑战,而访问控制是关健问题之一。传统的访问控制是在集中式环境的背景下开发的,难以应用于协作环境。当前的研究集中在基于角色访问控制的扩展、信任管理和上下文信息等方面,并且取得非常重要的进展,但仍存在许多问题有待解决。因此,对若干关键技术进行深入研究,既具有理论意义亦具有实用价值。
以分布式的医疗信息系统为例,针对隐私敏感的信息需要安全保护问题,基于使用控制的可管理模型可以解决多种主体之间的并行控制、系列控制和使用控制的问题,并且为协调分布式的现代信息系统中多主体之间错综复杂关系,提供综合性控制和管理的良好框架。从安全目标、安全模型、体系结构和相关安全机制等四个层次从上至下的对隐私保护问题进行了全方位的研究。这种分层的方法有助于为解决多主体多方向的访问控制问题提供一个有效的整体安全解决方案。
多域环境的异构、动态和区域自治的特点为安全互操作访问控制研究提出了新的挑战。近来在多域安全互操作访问控制方面做了大量研究,大多在单域内基于角色访问控制的前提下,将外域角色映射到本地角色来实现访问控制,在外域和本地角色的管理上缺乏系统化的统一。多域安全互操作的可管理使用控制模型,通过义务组件的定义,对外域和本地用户角色指派进行统一管理,并且弥补了原有模型的安全漏洞。该模型提供了足够的灵活性,可以区分外域用户和本地用户,从而对外域用户实施更为严格的控制,同时保留了传统RBAC模型的优点。设计和实现了一个原型系统,初步验证了模型的有效性。
网格环境中多节点的异构性、复杂的互操作协调机制、动态变化的特点决定其需要灵活、易于扩展和细粒度的授权机制。现有的模型大多在相对静止的前提下,基于主体的标识、组和角色信息进行授权,缺乏具体的上下文信息和灵活的安全策略。网格环境下基于使用控制和上下文的动态访问控制模型兼顾了传统的静态授权和依据上下文信息对主体的动态权限控制。该模型具有较强的表达能力,能够实施多重综合性和复杂多变的安全策略,适合网格环境下多种复杂的访问控制安全策略相互融合的安全需求,并且为网格环境提供一个可重用的、支持互操作的和通用的访问控制框架。实现了一个原型系统,以验证模型的效率和易于实现性。
普适计算是物理世界与信息空间的天衣无缝的融合,用户、设备在环境中的物理位置以及上下文信息是和计算服务紧密结合的。传统的安全机制不能解决普适计算下动态和全新的安全问题。普适计算环境下基于上下文的使用控制模型采用信任协商解决安全认证问题,对基本的使用控制模型进行了扩展,不仅能够根据主体静态的安全属性进行授权方面的管理,而且在条件组件中对上下文信息进行了综合性的分析和运用,能够动态的调整主体访问服务的权限。
In order to implement resource sharing, work together, collaboration computing gathers all kinds of computing, data, and software resources and system and provides synthesis service for user around network. System security will be faced with austere challenges in open and collaboration environment and access control is a key factor. Traditional access control models are developed for concentration environment and are difficult to apply into open and collaboration environment. Based on trust management (TM), extension of role-based access control and context aware technologies, some research work has been done. Unfortunately, there remain many challenging problems. So some key technologies of access control in open and collaboration environments are investigated in the thesis.
In today’s dynamic distributed digital environment, traditional one-way control no longer provides adequate trustworthiness. Based on the usage control model, a comprehensive access control model called Administrative Usage Control model (AUCON) model is proposed, which resolves access control problem for Parallel Control, Series Control and Usage Control. This model provides a formal model which can control the provider subject to issue ticket for consumer subject and monitor the access of consumer to privacy-sensitive object. The architecture section presents formal structural ways in which appropriate mechanisms can be implemented to achieve predefined security objectives. The problem is described in detail from security Object and security Model to Architecture and Mechanisms and this layered approach provides a whole effective security solution for privacy protection problem.
The heterogeneous, dynamic and self-governing in local domain nature of multi-domains environments introduces challenging security issues. Despite the recent advances in access control approaches applicable to secure interoperability between multi-domains, there remain issues that to perform role-based access control model in one domain and implement security interoperability by translating role of foreign domain to local role. Amongst them are the lacks of uniform administration for role of foreign and local domain. An access control scheme named Administrative Usage Control (AUCON) are proposed, which corrects the security shortcoming of previous model and administrates user-role assignment for local and foreign domain with untie method. This model provides flexible enough mechanism to distinguish user of foreign and local domain and enforces more strict control for foreign user, while retaining the advantages of traditional RBAC model.
Due to inherent heterogeneity, complicated interoperability mechanism and highly dynamic nature, grid environment requires scalable, flexible, and fine-gained access control mechanism. Despite the recent advances in access control for grid application do address important aspects of the overall authorization, these efforts focus on the pre-defined access control policies where authorization depends on identity or role of the subject. However, they are lacks of flexible approaches to adapt the dynamically security request. Based on usage control model, a dynamic access control model named Dynamic Context_aware Grid Usage Control model (DC_GUCON) are proposed. In this model, authorization component evaluates access requests based on subject attributes, object attributes and requests. While conditions component dynamic grants and adapts permission to the subject based on a set of contextual information collected from the user and system environments. As a proof-of-concept, a prototype system based on this architecture are developed and implemented to demonstrate the feasibility and performance of this model.
Pervasive computing is the integration of cyberspace and physical space. In this incorporated space, users can obtain digital services non-intrusively anytime and anywhere. However, the ubiquitous and mobile environment introduces a new security challenge and traditional security mechanisms are not suited for problems occur in pervasive computing environment. A access control model named Pervasive computing Context_aware Usage Control model (PC_UCON) are proposed, which extends usage control model and resolves authentication with automated trust negotiation technologies. In this model, authorization component actualizes authorization manager based on static security attributes and requests. While conditions component dynamic grants and adapts permission to the subject based on a set of contextual information. .
以分布式的医疗信息系统为例,针对隐私敏感的信息需要安全保护问题,基于使用控制的可管理模型可以解决多种主体之间的并行控制、系列控制和使用控制的问题,并且为协调分布式的现代信息系统中多主体之间错综复杂关系,提供综合性控制和管理的良好框架。从安全目标、安全模型、体系结构和相关安全机制等四个层次从上至下的对隐私保护问题进行了全方位的研究。这种分层的方法有助于为解决多主体多方向的访问控制问题提供一个有效的整体安全解决方案。
多域环境的异构、动态和区域自治的特点为安全互操作访问控制研究提出了新的挑战。近来在多域安全互操作访问控制方面做了大量研究,大多在单域内基于角色访问控制的前提下,将外域角色映射到本地角色来实现访问控制,在外域和本地角色的管理上缺乏系统化的统一。多域安全互操作的可管理使用控制模型,通过义务组件的定义,对外域和本地用户角色指派进行统一管理,并且弥补了原有模型的安全漏洞。该模型提供了足够的灵活性,可以区分外域用户和本地用户,从而对外域用户实施更为严格的控制,同时保留了传统RBAC模型的优点。设计和实现了一个原型系统,初步验证了模型的有效性。
网格环境中多节点的异构性、复杂的互操作协调机制、动态变化的特点决定其需要灵活、易于扩展和细粒度的授权机制。现有的模型大多在相对静止的前提下,基于主体的标识、组和角色信息进行授权,缺乏具体的上下文信息和灵活的安全策略。网格环境下基于使用控制和上下文的动态访问控制模型兼顾了传统的静态授权和依据上下文信息对主体的动态权限控制。该模型具有较强的表达能力,能够实施多重综合性和复杂多变的安全策略,适合网格环境下多种复杂的访问控制安全策略相互融合的安全需求,并且为网格环境提供一个可重用的、支持互操作的和通用的访问控制框架。实现了一个原型系统,以验证模型的效率和易于实现性。
普适计算是物理世界与信息空间的天衣无缝的融合,用户、设备在环境中的物理位置以及上下文信息是和计算服务紧密结合的。传统的安全机制不能解决普适计算下动态和全新的安全问题。普适计算环境下基于上下文的使用控制模型采用信任协商解决安全认证问题,对基本的使用控制模型进行了扩展,不仅能够根据主体静态的安全属性进行授权方面的管理,而且在条件组件中对上下文信息进行了综合性的分析和运用,能够动态的调整主体访问服务的权限。
In order to implement resource sharing, work together, collaboration computing gathers all kinds of computing, data, and software resources and system and provides synthesis service for user around network. System security will be faced with austere challenges in open and collaboration environment and access control is a key factor. Traditional access control models are developed for concentration environment and are difficult to apply into open and collaboration environment. Based on trust management (TM), extension of role-based access control and context aware technologies, some research work has been done. Unfortunately, there remain many challenging problems. So some key technologies of access control in open and collaboration environments are investigated in the thesis.
In today’s dynamic distributed digital environment, traditional one-way control no longer provides adequate trustworthiness. Based on the usage control model, a comprehensive access control model called Administrative Usage Control model (AUCON) model is proposed, which resolves access control problem for Parallel Control, Series Control and Usage Control. This model provides a formal model which can control the provider subject to issue ticket for consumer subject and monitor the access of consumer to privacy-sensitive object. The architecture section presents formal structural ways in which appropriate mechanisms can be implemented to achieve predefined security objectives. The problem is described in detail from security Object and security Model to Architecture and Mechanisms and this layered approach provides a whole effective security solution for privacy protection problem.
The heterogeneous, dynamic and self-governing in local domain nature of multi-domains environments introduces challenging security issues. Despite the recent advances in access control approaches applicable to secure interoperability between multi-domains, there remain issues that to perform role-based access control model in one domain and implement security interoperability by translating role of foreign domain to local role. Amongst them are the lacks of uniform administration for role of foreign and local domain. An access control scheme named Administrative Usage Control (AUCON) are proposed, which corrects the security shortcoming of previous model and administrates user-role assignment for local and foreign domain with untie method. This model provides flexible enough mechanism to distinguish user of foreign and local domain and enforces more strict control for foreign user, while retaining the advantages of traditional RBAC model.
Due to inherent heterogeneity, complicated interoperability mechanism and highly dynamic nature, grid environment requires scalable, flexible, and fine-gained access control mechanism. Despite the recent advances in access control for grid application do address important aspects of the overall authorization, these efforts focus on the pre-defined access control policies where authorization depends on identity or role of the subject. However, they are lacks of flexible approaches to adapt the dynamically security request. Based on usage control model, a dynamic access control model named Dynamic Context_aware Grid Usage Control model (DC_GUCON) are proposed. In this model, authorization component evaluates access requests based on subject attributes, object attributes and requests. While conditions component dynamic grants and adapts permission to the subject based on a set of contextual information collected from the user and system environments. As a proof-of-concept, a prototype system based on this architecture are developed and implemented to demonstrate the feasibility and performance of this model.
Pervasive computing is the integration of cyberspace and physical space. In this incorporated space, users can obtain digital services non-intrusively anytime and anywhere. However, the ubiquitous and mobile environment introduces a new security challenge and traditional security mechanisms are not suited for problems occur in pervasive computing environment. A access control model named Pervasive computing Context_aware Usage Control model (PC_UCON) are proposed, which extends usage control model and resolves authentication with automated trust negotiation technologies. In this model, authorization component actualizes authorization manager based on static security attributes and requests. While conditions component dynamic grants and adapts permission to the subject based on a set of contextual information. .
引文
[1] R. Campbell, Z. Liu, D. Mickunas, et a1.Seraphim: Dynamic interoperable security architecture for active networks. IEEE OPENARCH 2000, Tel-Aviv, March 2000.308~319
[2] Foster I,Kesselman C,Tuecke S The Anatomy of the Grid Enabling Sealable Virtual Organizations.International Journal of High Performance Computing Applications,2001,15(3):200~222
[3] Foster I,Kesselman C.Tuecke G.et a1.A Security Architecture for Computational Grids . In : ACM Conference on Computer and Communications Security Conference.1998.83~91
[4]都志辉,陈渝,刘鹏.网格计算[M].北京:清华大学出版社,2002.67~80
[5] Ranganathan K.Trustworthy pervasive computing: the hard security problems. In: Proceedings of the 2nd IEEE Conference on Pervasive Computing and Communications Workshops. Washington: IEEE Computer Society, 2004.117~121
[6] Weiser M. The computer for the twenty-first century. Scientific American, 1991, 265 (3): 94~104
[7] Thomas RK, Sandhu R. Models, protocols, and architectures for secure pervasive computing: challenges and research directions. In: Proceedings of the Second IEEE Annual Conference on Pervasive Computing and Communications Workshops. Washington: IEEE Computer Society, 2004.164~170
[8] E. Cohen, R. K. Thomas, and W. Winsborough et al. Models for coalition-based access control (CBAC). In: Proc. 7th ACM Symposium on Access Control Models and Technologies (SACMAT 2002). Monterey, CA, USA. 2002. New York, NY, USA: ACM Press, 2002. 97~106
[9]徐光祐,史元春,谢伟凯.普适计算.计算机学报, 2003, 26(9): 1042~1050
[10] E. Freudenthal, T. Pesin, and L. Port et al. dRBAC: Distributed role-based access control for dynamic coalition environments. Technical Report TR2001-819, New York University. 2001
[11] M.Y. Becker and P. Sewell. Cassandra: flexible trust management, applied to electronic health records. In: B. Werner ed. Proceedings of the 17th IEEE Computer Security Foundations Workshop (CSFW’04). Pacific Grove, CA, USA. 2004. Los Alamitos: IEEE CS Press, 2004. 139~154
[12] J. B. D. Joshi, A. Ghafoor, and W. Aref et al. Digital government security infrastructure design challenges, IEEE Computer, 2001, 34(2): 66~72
[13] I. Foster, C. Kesselman, J. M. Nick and S.Tuecke,“Grid Services for Distributed System Integration,”IEEE Computer, 2002, 35(6):37~46
[14] Overview of the Grid Security Infrastructure, http://www.globus.org/security/ overview.html
[15] Coen MH, Phillips B, Warshawsky N, et al. Meeting the computational needs of intelligent environments: the metaglue system. In: Nixon P, Lacey G, Dobson S eds. Proceedings of the 1st International Workshop on Managing Interactions in Smart Environments. Berlin: Springer-Verlag, 1999. 201~212
[16] Weiser M. Some computer science issues in ubiquitous computing. Communications of the ACM, 1993, 36(7):74~84
[17] Iachellov G, Abowd GD, Security requirements for environmental sensing technology. In: Proceedings of the 2nd Workshop on Ubicomp Security, Seattle, USA, 2003
[18] Lahlou S, Langheinrich M, R?cker C. Privacy and trust issues with invisible computers. Communications of the ACM, 2005, 48(3): 59~60
[19] Covington MJ, Fogla P, Zhan Z, et al. A context-aware security architecture for emerging applications. In: Proceedings of the 18th Annual Computer Security Applications Conference (ACSAC 2002) . Washington : IEEE Computer Society, 2002.249~260
[20] Creese S, Goldsmith M, Roscoe B, et al. Research directions for trust and security in human-centric computing. In: Proceedings of the First Workshop on Security and Privacy in Pervasive Computing. Vienna, Austria, 2004
[21] DoD, Trusted Computer System Evaluation Criteria (TCSEC), DoD 5200.28-STD
[22] Lampson, B. W.,“Dynamic Protection Structures,”AFIPS Conference Proceedings, 1969.27~38
[23] Ware, W. H., Security Controls for Computer Systems (U): Report of Defense Science Board Task Force on Computer Security, Santa Monica, CA: The RAND Corporation, February 1970
[24] Anderson, J. P., Computer Security Technology Planning Study Volume II, ESD-TR-73-51, Electronic Systems Division, Air Force Systems Command, Hanscom Field, Bedford, MA, 01730, October 1972
[25] B. W. Lampson. Protection. In: Proceedings of the 5th Princeton Symposium on Information Science and Systems. Princeton, New Jersey, USA. 1971. 437–443. Reprinted in ACM Operating Systems Review. 1974, 8(1):18~24
[26] G. S. Graham and P. J. Denning. Protection– principles and practice. In: Proceedings of the 1972 Spring Jt. Computer Conference. Atlantic City, N. J, USA. 1972. Montvale, N. J, USA: AFIPS Press. 1972. 417~429
[27] M. A. Harrison, W. L. Ruzzo, and J. D. Ullman. Protection in operating systems. Communications of the ACM, 1976, 19(8): 461~471
[28] Bell, D. E., and L. J. LaPadula, Secure Computer Systems: Mathematical Foundations and Model, Bedford, MA: The Mitre Corporation, 1973
[29] D. E. Bell and L. J. LaPadula. Secure computer systems: a mathematical model. Technical Report ESD-TR-278, Vol. II, Mitre Corp., Bedford, MA, 1973
[30] D. E. Bell and L. J. LaPadula. Secure computer systems: a refinement of the mathematical model. Technical Report ESD-TR-278, Vol. III, Mitre Corp., Bedford, MA, 1974
[31] D. E. Bell and L. J. LaPadula. Secure computer system: unified exposition and MULTICS interpretation. Technical Report ESD-TR-306, Mitre Corp, Bedford, MA, USA, 1976
[32] D. E. Bell and L. J. LaPadula, Secure Computer System: Unified Exposition and MULTICS Interpretation, MTR-2997 Rev. 1, Bedford, MA: The MITRE Corporation, March 1976
[33] Harrison, M., W. Ruzzo, and J. Ullman, Protection in Operating Systems, CACM 19, No. 8, August 1976.461~471
[34] D. D. Clark and D. R. Wilson. A comparison of commercial and military computer security policies. In: Proceedings of 1987 IEEE Symposium on Security and Privacy. Oakland. 1987. Los Alamitos: IEEE CS Press, 1987.184~194
[35] Nash, M., and K. Poland,“Some Conundrums Concerning Separation of Duty,”presented at the IEEE Symposium on Security and Privacy, Oakland, CA,1990
[36] Brewer, D. F. C., and M. J. Nash,“The Chinese Wall Security Policy,”Proceedings IEEE Computer Society Symposium on Research in Security and Privacy, April 1989. 215~228
[37] D. F. Ferraiolo and R. Kuhn. Role-based access control. In The 15th National Computer Security Conf , Baltimore , MD , 1992.406~413
[38] Ferraiolo, D., D. Gilbert, and N. Lynch,“An Examination of Federal and Commercial Access Control Policy Needs,”in Proceedings of the NIST-NSA National (USA) Computer Security Conference, 1993.107~116
[39] Ferraiolo, D., and D. R. Kuhn,“Role-Based Access Control,”in Proceedings of the NIST-NSA National (USA) Computer Security Conference, 1992. 554~563
[40] Ferraiolo, D. F., J. Cugini, and D. R. Kuhn,“Role-Based Access Control (RBAC): Features and Motivations,”in Proceedings of the 11th Annual Computer Security Application Conference, New Orleans, LA, December 11–15 1995.241~248
[41] Sandhu, R. S., et al.,“Role-Based Access Control: A Multidimensional View,”Proceedings of the 10th Annual Computer Security Applications Conference, December 1994.54~62
[42] G R. Sandhu, E. J. Conyne, and H. L. Feinstein et al. Role based access control models. IEEE Computer, 1996, 29(2): 38~47
[43] J. Ahn and R. Sandhu. Role-based authorizatio constraints specification. ACM Transactions on Information and System Security, 2000, 3(4): 207~226
[44] Bertino, E., E. Ferrari, and V. Atluri,“A Flexible Model for the Specification and Enforcement of Authorizations in Workflow Management Systems,”2nd ACM Workshop on Role-Based Access Control, November 1997
[45] Sandhu, R., D. Ferraiolo, and R. Kuhn,“The NIST Model for Role-Based Access Control: Towards a Unified Standard,”Proc. 5th ACM Workshop on Role-Based Access Control, July 26–27, 2000
[46] G. J. Ahn and R. Sandhu. Role-based authorizatio constraints specification. ACM Transactions on Information and System Security, 2000, 3(4): 207~226
[47]洪帆.何绪斌,徐智勇.基于角色的访问控制.小型微型计算机系统,2000,2(2):l98~200
[48] Security frameworks for open systems: Access control framework. Technical Report ISO/IEC 10181-3, ISO, 1996
[49] Messmer, E.,“Role-Based Access Control on a Roll,”Network World, July 30, 2001 at http://www.nwfusion.com/news/2001/0727burton.html
[50] Jonathan D. Moffett,“Control Principles and Role Hierarchies”, In Proceedings of the 3rd ACM Workshop on Role-Based Access Control. October 1998
[51] Jonathan D. Moffett and Emil C. Lupu,“The use of role hierarchies in access control”, In Proceedings of the 4th ACM
[52] S. Osborn, R. Sandhu, and Q. Munawer. Configuring role-based access control to enforce mandatory and discretionary access control policies. ACM Transactions on Information and System Security,2000, 3(2): 85~106
[53] R. Sandhu and Q. Muawer. How to do discretionary access conrol using roles. In: Proceedings of the 3th ACM Workshop on Role-based Access Control, Youman C and Jaeger T, Chairs. New York, NY, USA: ACM Press, 1998. 47~54
[54] Ravi Sandhu and Venkata Bhamidipati,“The URA97 model for role-based user-role assignment”, In Proceedings of IFIP WG 11.3 Workshop on Database Security, August 1997.147~152
[55] Ravi Sandhu and Venkata Bhamidipati,“The ARBAC97model for Role-based administration of Roles: PreliminaryDescription and Outline”, In Proceedings of second ACM Workshop on Role-Based Access Control. November 1997.117~125
[56] Ravi Sandhu and Venkata Bhamidipati,“Role-based administration of user-role assignment: The URA97 model and its Oracle implementation”, The Journal of Computer Security, 1999 ,7(2):44~56
[57] Ravi Sandhu and Qamar Munawer,“The ARBAC99 model for administration of roles”, In Proceedings of the Annual Computer Security Applications Conference. 1999.17~26
[58] Najam Perwaiz and Ian Sommerville,“Structured management of role-permission relationships”, In Proceedings of 6th ACM Symposium on Access Control Models and Technologies (SACMAT2001), May 2001. 75~86
[59] R. Sandhu, V. Bhaidipati, and Q. Munawer. The ARBAC97 model from role-based administration of roles. ACM Transactions of Information and System Security, 1999, 2(1): 105~135
[60] Oh, S., and R. Sandhu,“A Model for Role Administration Using Organization Structure,”Proc. of the 7th ACM Symposium on Access Control Models and Technologies, 2002. 155~162
[61] E. Barka and R. Sandhu. A Role-Based Delegation Model and Some Extensions. In: Proc. of 23rd National Information Systems Security Conference (NISSC 2000). Baltimore, Maryland, USA. 2000
[62] L. Zhang, G. J. Ahn, and B. T. Chu. A rule-based Framework for Role-Based Delegation. In: Proc. 6th ACM Symposium on Access Control Models and Technologies (SACMAT 2001). Chatilly, Virginia, USA. New York, NY USA: ACM Press. 2001.153~162
[63] X. Zhang, S. Oh, and R. Sandhu. PBDM: A flexible delegation model in RBAC. In: Proc. 8th ACM Symposium on Access Control Models and Technologies (SACMAT 2003). Como, Italy. New York, NY USA: ACM Press. 2003.149~157
[64] L. Zhang, G. J. Ahn, and B. T. Chu. A role-based delegation framework for healthcare information systems. In: Proc. 7th ACM Symposium on Access Control Models and Technologies (SACMAT 2002). Monterey, CA, USA. 2002. New York, NY, USA: ACM Press, 2002. 125~134
[65] James B.D. Joshi, Walid G. Aref, Arif Ghafoor, and Eugene H. Spafford,“Security models for web-based applications”, Communications of the ACM, 2001,44(2):74~83
[66] Ryutov, Tatyana and Neuman. The Set and Function Approach to Modeling Authorization in Distributed Systems. Proceedings of the Workshop on Mathematical Methods and Models and Architecture for Computer Networks Security, Clifford 2001.204~219
[67] Ryutov, Tatyana and Neuman. The Speciation and Enforcement of Advanced Security Policies. Proceedings of the Workshop on Policies for Distributed Systems and Networks, Clifford 2002.329~334
[68] M. Thompson, W. Johnston, S. Mudumbai, G. Hoo, K. Jackson, and A. Essiari,“Certificate-based Access Control for Widely Distributed Resources”, Proceedings of the Eighth Usenix Security Symposium, Aug. 1999.312~327
[69] E. Bertino, P. A. Bonatti and E. Ferrari. TRBAC: A temporal role-based access control model. ACM Transactions of Information and System Security, 2001, 4(3): 191~223
[70] J. Joshi, E. Bertino and U. Latif et al. A generalized temporal role-based access control model. IEEE Transactions of Knowledge and Data Engineering, 2005, 17(1): 4~23
[71] Park, J. S., and R. Sandhu,“RBAC on the Web by Smart Certificates,”Proc.ACM Workshop on Role-Based Access Control, New York: ACM Press. 1999.1~9
[72] Deinhart, K., et al.,“Method and System for Advanced Role-Based Access Control in Distributed and Centralized Computer Systems,”U.S. Patent 5,911,143, June 8, 1999.13~32
[73] Joshi, J. B. D., et al.,“Security Models for Web-Based Applications,”Communications of the ACM, 2001, 44(2): 38~44
[74] A. Kapadia, J. A. Muhtadi, and R. Campbell et al. IRBAC 2000: secure interoperability using dynamic role translation. Technical Report UIUCDCS-R-2000-2162, University of Illinois. Urbana, IL, USA. 2000
[75] J. A. Muhtadi, A. Kapadia, and R. Campbell et al. The A-IRBAC 2000 model: administrative interoperability role-based access control. Technical Report UIUCDCS-R-2000-2163, University of Illinois. Urbana, IL, USA. 2000
[76] C. E. Phillips, T. C. Ting, and S. A. Demurjian. Information sharing and security in dynamic coalitions. In: Proc. 7th ACM Symposium on Access Control Models and Technologies (SACMAT 2002). Monterey, CA, USA. 2002. New York, NY, USA: ACM Press, 2002. 87~96
[77] J. B. D. Joshi, R. Bhatti, and E. Bertino et al. Access-control language for multidomain environments. IEEE Internet Computing, 2004, 8(6): 40~50
[78] D. Shands, R. Yee, and J. Jacobs et al. Secure virtual enclaves: supporting coalition use of distributed system. In: Proceedings of Network and Distributed System Security Symposium (NDSS 2000). San Diego, CA, USA. 2000. Internet Society, 2000
[79] G.. Denker, J. Millen, and Y. Miyake. Cross-domain access control via PKI. In: B. Werner ed. Proceedings of the Third International Workshop on Policies for Distributed Systems and Networks (POLICY’02). Monterey, CA, USA. 2002. Los Alamitos: IEEE CS Press, 2002. 202~205
[80] M. Blaze, J. Feigenbaum, and J. Lacy. Decentralized Trust Management. In Proc. of the 17th Symposium on Security and Privacy. Oakland, CA, USA. Los Alamitos: IEEE CS Press, 1996. 164~173
[81] S. Weeks. Understanding trust management systems. In: F. M. Titsworth ed. Proceedings of 2001 IEEE Symposium on Security and Privacy. Oakland, CA, USA. 2001. Loa Alamitos: IEEE CS Press, 2001. 94~105
[82] Chu Y, Feigenbaum J, LaMacchia B, et al. REFEREE: trust management for Web applications. World Wide Web Journal, 1997, 2(2):127~139
[83] Jim T. SD3: a trust management system with certified evaluation. In: Proceedings of the 2001 IEEE Symposium on Security and Privacy. Washington: IEEE Computer Society Press, 2001.106~115
[84] Yao WT. Fidelis: a policy-driven trust management framework. In: Proceedings of the 1st International Conference on Trust Management . Berlin : Springer-Verglag, 2003.301~317
[85] Kagal L, Cost S, Finin T, et al. A framework for distributed trust management. In: Proceedings of the Second Workshop on Norms and Institutions in MAS, Autonomous Agents, Montreal, Canada, 2001. 34~45
[86] Kagal L, Undercoffer J, Perich F, et al. A security architecture based on trust management for pervasive computing systems. In: Proceedings of Grace Hopper Celebration of Women in Computing, 2001
[87] A. Chander, D. Dean, and J. C. Mitchell. Reconstructing trust management. Journal of Computer Security, 2004, 12(1): 131~164
[88] Blaze M, Feigenbaum J, Ioannidis J, et al. The role of trust management in distributed system security. In: Vitek J, Jensen C, eds. Secure Internet Programming: Issues in Distributed and Mobile Object Systems, Berlin: Springer-Verlag, 1999.185~210
[89] M Blaze, J. Feigenbaum , and M. Strauss et al. Compliance-checking in the PolicyMaker trust management system. In: R. Hirschfeld ed. Proceedings of Second International Conference on Financial Cryptography. LNCS 1465. Anguila, British West Idies. 1998. Berlin Heidelberg: Springer-Verlag, 1998. 254~274
[90] Y. Huachu, J. Feigenbaum, and B. LaMacchia et al. REFEREE: Trust management for web applications. The World Wide Web Journal, 1997, 2(3): 127~139
[91] M Blaze, J. Feigenbaum , and A. D. Keromytis. KeyNote: trust management for public key infrastructures. In: B. Christinason, B. Crispo, and W. S. Harbison et aleds. Proceedings of the 6th Security Protocols International Workshop. LNCS 1550. Cambridge, UK. 1998. Berlin Heidelberg: Springer-Verlag, 1999. 59~63
[92] C. Ellison. The natural of a usable PKI. Computer Networks, 1999, 31(8): 823~830
[93] J. R. Howell. Naming and sharing resources acroos administrative boundaries. PhD thesis, Dartmouth College, 2000
[94] M Abadi. On SDSI’s linked local name spaces. Journal of Computer Security, 1998, 6(1):3~21
[95] J. Howell and D. Kotz. A formal semantics for SPKI. Technical Report TR 2000-363. Dartmouth College. Hanover, NH. 2000
[96] J. Halpern and R. Meyden. A logic for SDSI’s linked local name spaces. Journal of Computer Security, 2001, 9(1): 47~74
[97] J. Halpern and R. Meyden. A logic reconstruction of SPKI. Journal of Computer Security, 2003, 11(3/4): 581~613
[98] N. Li. Local names in SPKI/SDSI. In: Proceedings of the 13th IEEE Computer Security Foundations Workshop. Cambridge, UK. 2000. Los Alamitos: IEEE CS Press, July 2000. 2~15
[99] N. Li and Mitchell J.C. Understanding SPKI-SDSI using first-order logic. In: D. Martin ed. Proceedings of the 16th IEEE Computer Security Foundations Workshop (CSFW’03). Pacific Grove, CA, USA. 2003. Los Alamitos: IEEE CS Press, 1996. 89~103
[100] D. E. Clarke. SPKI/SDSI HTTP server / certificate chain discovery in SPKI/SDSI. Masters thesis, Massachusetts Institute of Technology. 2001
[101] Li NH, Mitchell JC. RT: a role based trust management framework. In: Werner B, ed. Proceedings of the Third DARPA Information Survivability Conference and Exposition. Washington: IEEE Computer Society Press, 2003.201~212
[102] N. Li and J. C. Mitchell. Datalog with constraints: a foundation for trust-management languages. In: V. Dahl and P. Wadler eds. Proceedings of the 15th International Symposium on Pratical Aspects of Declarative Languages (PADL 2003). LNCS 2562. New Orleans, LA, USA. 2003. Berlin Heidelberg: Springer-Verlag, 2003. 58~73
[103] N. Li, W. H. Winsborough, and J. C. Mitchell. Distributed credential chain discovery in trust management. Journal of Computer Security, 2003, 11(1): 35~86
[104] Yu T, Winslett M. A unified scheme for resource protection in automated trust negotiation. In: Proceedings of the 2003 IEEE Symposium on Security and Privacy. Washington: IEEE Computer Society Press, 2003. 110~122
[105] Seamons KE, Winslett M, Yu T. Limiting the disclosure of access control policies during automated trust negotiation. In: Proceedings of the Network and Distributed System Security Symposium. Internet Society Press, 2001
[106] Yu T, Winslett M, Seamons KE. Interoperable strategies in automated trust negotiation. In: Proceedings of the 8th ACM Conference on Computer and Communications Security. New York: ACM Press, 2001.146~155
[107] K. E. Seamons, M. Winslett, and T, Yu. Trust negotiation in dynamic coalitions. In: B. Werner ed. Proceedings of the 2003 DARPA Information Survivablility Conference and Exposition (DISCEX’03). Washington, DC, USA. 2003. Los Alamitos: IEEE CS Press, 2003, 2(2): 240~245
[108] Seamons KE, Winslett M, Yu T, et al. Protecting privacy during on-line trust negotiation. In: Dingledine R, Syverson PF, eds. Proceedings of the 2nd Workshop on Privacy Enhancing Technologies. Brighton: Springer-Verlag, 2002.129~143
[109] J. Linn and M. Nystrom. Attribute certification: an enabling technology for delegation and role-based controls in distributed environments In: Proc. 1999 ACM Workshop on Role Based Access Control (RBAC’99). Fairfax, VA, USA. 1999. New York, NY, USA: ACM Press. 1999. 121~130
[110] D. W. Chatwick and A. Otenko. The PERMIS X.509 role based privilege management infrastructure. In: Proc. 7th ACM Symposium on Access Control Models and Technologies (SACMAT 2002). Monterey, CA, USA. 2002. New York, NY, USA: ACM Press. 2002. 135~140
[111] ITU-T. Draft revised ITU-T Recommendation X.509.ISO/IEC 9594-8: Information Technology– Open Systems Interconnection– The Directory: Public-Key and Attribute Certificate Frameworks, 2000. ftp://ftp.bull.com/pub/OSIdirectory/4thEditionTexts/X.509_4thEditionDra%ftV2.pdf
[112] Iannella, Renato 2002. Open Digital Rights Language V1.1. Online, Available: http://odrl.net
[113] Jajodia, S, Kudo, M., and Subrahmanian, V.S. 2001. Provisional Authorizations. E-Commerce Security and Privacy Anup Gosh (Ed.) Kluwer Academic Press, 2001
[114] Kaplan, Marc 1996. IBM Cryptolopes, Superdistribution and Digital Right Management. On-line, Available:http://www.research.ibm.com/people/k/Kaplan
[115] ACM Transactions on Information and System Security, 2002,9(2):35~44
[116] B. LaMacchia. Key Challenges in DRM: An Industry Perspective. Proc. 2nd ACM DRM Workshop (in conjunction with ACM CCS Conference) November.2002
[117] MIT 2001. Ten emerging technologies that will change the world. MIT Technology Review (Jan/Feb). P3P 2002. The Platform for Privacy Preferences 1.0 (P3P1.0) Speciation. Online, Available:http://www.w3.org/P3P/
[118] J.Park, R.Sandhu. Towards usage control models: beyond traditional access control. Proceedings of 7th ACM symposium on Access control models and technologies, ACM Press. 2002. 57~64
[119] R. Sandhu and J. Park, Usage control: A vision for next generation access control. In Proceedings of The 2nd International Workshop on Mathematical Methods, Models and Architectures for Computer Networks Security, 2003. 17~31
[120] J.Park, R.Sandhu. The UCONABC Usage Control Model. ACM Transactions on Information and Systems Security, 2004,7(1):128~174
[121]洪帆,崔永泉,付才等.多域安全互操作的可管理使用控制模型研究.计算机科学, 2006,33(3):38 ~47
[122] X.Zhang, J.Park, R.Sandhu, et al., A Logical Specification for Usage Control,SACMAT'04, June 2004, Yorktown Heights, New York, USA,2004.1~10
[123] Jaehong Park and Ravi Sandhu,“Originator Control in Usage Control.”Proc. 3rd IEEE International Workshop on Policies for Distributed Systems and Networks, Monterey, California, June 5-7, 2002. 60~66
[124] Jaehong Park, Ravi Sandhu and James Schifalacqua,“Security Architectures for Controlled Digital Information Dissemination.”Proc. 16th Annual Computer Security Applications Conference, New Orleans, Louisiana, December 11-15, 2000. 224~233
[125] I. Foster, C. Kesselman, J. M. Nick and S.Tuecke,“Grid Services for Distributed System Integration,”IEEE Computer, 2002, 35(6):37~46
[126] Foster, C. Kesselman, Globus: A Metacomputin Infrastructure Toolkit, Intl J. Supercomputer Applications, 1997,11(2):115~128
[127] I. Foster, C. Kesselman, G. Tsudik, S. Tuecke, A Security Architecture for Computational Grids, Proc. 5th ACM Conference on Computer and Communications Security Conference, 1998. 83~92
[128] R. Butler, D. Engert, I. Foster, C. Kesselman, S. Tuecke, J. Volmer, V. Welch, A National-Scale Authentication infrastructure, IEEE Computer, 2000,33(12):60~66
[129] Foster, C. Kesselman, S. Tuecke, The Anatomy of the Grid, Intl. J. Supercomputer Applications, 2001,15(3):43~56
[130] N. Nagaratnam, P. Janson, J. Dayka, et al., Tuecke : The Security Architecture for Open Grid Services , 2002
[131] Overview of the Grid Security Infrastructure, http://www.globus.org/security/ overview.html
[132] L. Pearlman, V. Welch, I. Foster, C. Kesselman, and S. Tuecke,“A Community Authorization Service for Group Collaboration”, Proceedings of the IEEE 3rd International Workshop on Policies for Distributed Systems and Networks, 2002. 139~143
[133] D. Chadwick, A. Otenko,“The Permis X.509 Role Based Privilege Management Infrastructure”, Proceedings of SACMAT Conference, ACM Press, 2002. 135~140
[134] K. Keahey, V. Welch, S. Lang, B. Liu, and S. Meder,“Fine-Grain Authorization Policies in the GRID: Design and Implementation”, Proceedings of the 1st International Workshop on Middleware for Grid Computing, 2003.14~18
[135] L. Ramakrishnan, et al.,“An Authorization Framework for a Grid Based Component Architecture”,Proc. of the 3rd International Workshop on Grid Computing, 2002
[136] G. Zhang and M. Parashar. Dynamic context-aware access control for grid applications. In IEEE Computer Society Press, editor, 4th International Workshop on Grid Computing (Grid2003), Phoenix, AZ, USA, 2003.101~108
[137] G. Zhang and M. Parashar. Context-aware dynamic access control for pervasive computing. In 2004 Communication Networks and Distributed Systems Modeling and Simulation Conference (CNDS'04), San Diego, California, USA, January 2004
[138] CUI Yongquan, HONG Fan, FU Cai. Context-aware Usage_based Grid Authorization Framework. Wuhan University Journal of Natural Sciences, 2006,11(6):1736~1740
[139] H Yao, H Hu, B Huang, R Li. Dynamic Role and Context-Based Access Control for Grid Applications[C]. Proceedings of the Sixth International Conference on Parallel and Distributed Computing, Applications and Technologies (PDCAT'05). 2005.404~406
[140] F Martinelli,P Mori,A Vaccarelli. Towards Continuous Usage Control on Grid Computational Services[C]. Proceedings of the Joint International Conference on Autonomic and Autonomous Systems and International Conference on Networking and Services (ICAS/ICNS), 2005. 82~89
[141] W Qiang, H Jin, X Shi. RB-GACA: A RBAC Based Grid Access Control Architecture [J]. International Journal of Grid and Utility Computing (IJGUC), 2005, 1(1): 61~70
[142] Guanying Bu, Zhiwei Xu. Access Control in Semantic Grid [J]. Future Generation Computer Systems,2004,11 (2): 113~122
[143] Coen MH, Phillips B, Warshawsky N, et al. Meeting the computational needs of intelligent environments: the metaglue system. In: Nixon P, Lacey G, Dobson S eds. Proceedings of the 1st International Workshop on Managing Interactions in Smart Environments. Berlin: Springer-Verlag, 1999. 201~212
[144] Weiser M. Some computer science issues in ubiquitous computing. Communications of the ACM, 1993, 36(7):74~84
[145] Coen MH, Phillips B, Warshawsky N, et al. Meeting the computational needs of intelligent environments: the metaglue system. In: Nixon P, Lacey G, Dobson S eds. Proceedings of the 1st International Workshop on Managing Interactions in Smart Environments. Berlin: Springer-Verlag, 1999. 201~212
[146] Salz P. The disappearing computer. Time Europe, 2000, 155(8): 1~8
[147] Johanson B , Fox A , Winograd T . The interactive workspaces project: experiences with ubiquitous computing rooms. IEEE Pervasive Computing, 2002, 1 (2): 67~75
[148] Endeavour Project. http:// endeavour.cs.berkeley.edu
[149] DreamSpace Project. http://www.research.ibm.com/natural/dreamspace
[150] Brumitt B, Meyers B, KrummJ, et al. EasyLiving: technologies for intelligent environments. In: Proceedings of the 2nd International Symposium on Handheld and Ubiquitous Computing. Berlin: Springer Verlag, 2000. 12~27
[151] Xie WK, Shi YC, Xu GY. Smart classroom-an intelligent environment for tele-education. In: Proceedings of the 2nd IEEE Pacific-Rim Conference on Multimedia. Berlin: Springer Verlag, 2001. 662~668
[152] Abowd GD, Mynatt ED, Charting past, present and future research in ubiquitous computing. ACM Transactions on Human-Computer Interaction, 2000, 7(1): 29~58
[153] English C, Terzis S, Nixon P. Towards self-protecting ubiquitous systems: monitoring trust-based interactions. In: Proceedings of the System Support for Ubiquitous Computing Workshop (UbiComp). Brighton: Springer-Verlag, 2004. 50~54
[154] Rangan P. An axiomatic basis of trust in distributed systems. In: Proceedings of the 1988 IEEE Computer Society Symposium on Security and Privacy. Washington: IEEE Computer Society Press, 1988.204~211
[155] Kagal L, Finin T, Joshi A. Trust-based security in pervasive computing environments. IEEE Computer, 2001, 34(12):154~157
[156] Al-Muhtadi J, Ranganathan A, Campbell R, et al. A flexible, privacy-preserving authentication framework for ubiquitous computing environments. In: Proceedings of the 22nd International Conference on Distributed Computing Systems Workshops. Washington: IEEE Computer Society Press, 2002. 771~776
[157] Shand B, Dimmock N, Bacon J. Trust for transparent, ubiquitous collaboration. Wireless Networks, 2004, 10(6):711~721
[158] English C, Wagealla W, Nixon P, et al. Trusting collaboration in global computing systems . In : Proceedings of the 1st International Conference on Trust Management. Brighton: Springer-Verlag, 2003.136~149
[159] Falcone R, Castelfranchi C. Trust dynamics how trust is influenced by direct experiences and by trust itself. In: Proceedings of the Third International Joint Conference on Autonomous Agents and Multiagent Systems - Volume 2 (AAMAS'04). Washington: IEEE Computer Society Press, 2004.740~747
[160] English C, Wagealla W, Terzis S, et al. Trust dynamics for collaborative global computing. In: Proceedings of IEEE International Workshops on Enabling Technologies : Infrastructure for Collaborative Enterprises (WETICE-2003). Washington: IEEE Computer Society Press, 2003.283~294
[161] English C, Terzis S, Nixon P. Towards self-protecting ubiquitous systems: monitoring trust-based interactions. In: Proceedings of the System Support for Ubiquitous Computing Workshop (UbiComp) . Brighton : Springer-Verlag, 2004.50~54
[162]郭亚军,洪帆.普适计算的信任计算模型.计算机科学, 2005, 32 (10): 59~62
[163] Liu Z, Joy AW, Thompson RA. A dynamic trust model for mobile ad hoc networks. In: Proceedings of the 10th IEEE International Workshop on Future Trends of Distributed Computing Systems (FTDCS'04). Washington: IEEE Computer Society Press, 2004. 80~85
[164] Bryce C, Dimmock N, Krukow K, et al. Towards an evaluation methodology for computational trust systems. In: Proceedings of the Third Annual Conference on Trust Management. Brighton: Springer-Verlag, 2005.290~305
[165] Castro P, Chiu P, Kremenek T, et al. A probabilistic location service for wireless network environments. In: Proceedings of the International Conference on Ubiquitous Computing (Ubicomp). Berlin: Springer-Verlag, 2001. 18~24
[166] Jonsson M. Context shadow: an infrastructure for context aware computing. In: Proceedings of Artificial Intelligence in Mobile System (AIMS 2002), 2002
[167] Hong JI, Landay JA. An infrastructure approach to context-aware computing. Human-Computer Interaction, 2001, 16(2): 287-303
[168] Campbell R, Al-Muhtadi J, Naldurg P, et al. Towards security and privacy for pervasive computing. In: Proceedings of International Symposium on Software Security. Berlin: Springer-Verlag, 2002. 1~15
[169] Covington MJ, Long W, Srinivasan S, et al. Securing context-aware applications using environment roles. In: Proceedings of the sixth ACM symposium on Access control models and technologies. New York: ACM Press, 2001. 10~20
[170] Tripathi A, Ahmed T, Kulkarni D, et al, Context-Based Secure Resource Access in Pervasive Computing Environments. In: Proceedings of the 1st IEEE International Workshop on Pervasive Computing and Communications Security (IEEE PerSec'04). Washington: IEEE Computer Society Press, 2004. 159~163
[171] Bardram J, Kj?r RE, Pedersen M. Context-aware user authentication-supporting proximity-based login in pervasive computing. In: Dey A, McCarthy J, Schmidt A,eds . Proceedings of the 5th International Conference on Ubiquitous Computing. Brighton: Springer-Verlag, 2003. 107~123
[172]郭亚军,洪帆.普适计算的安全机制.计算机工程, 2006, 32(8):168~169
[2] Foster I,Kesselman C,Tuecke S The Anatomy of the Grid Enabling Sealable Virtual Organizations.International Journal of High Performance Computing Applications,2001,15(3):200~222
[3] Foster I,Kesselman C.Tuecke G.et a1.A Security Architecture for Computational Grids . In : ACM Conference on Computer and Communications Security Conference.1998.83~91
[4]都志辉,陈渝,刘鹏.网格计算[M].北京:清华大学出版社,2002.67~80
[5] Ranganathan K.Trustworthy pervasive computing: the hard security problems. In: Proceedings of the 2nd IEEE Conference on Pervasive Computing and Communications Workshops. Washington: IEEE Computer Society, 2004.117~121
[6] Weiser M. The computer for the twenty-first century. Scientific American, 1991, 265 (3): 94~104
[7] Thomas RK, Sandhu R. Models, protocols, and architectures for secure pervasive computing: challenges and research directions. In: Proceedings of the Second IEEE Annual Conference on Pervasive Computing and Communications Workshops. Washington: IEEE Computer Society, 2004.164~170
[8] E. Cohen, R. K. Thomas, and W. Winsborough et al. Models for coalition-based access control (CBAC). In: Proc. 7th ACM Symposium on Access Control Models and Technologies (SACMAT 2002). Monterey, CA, USA. 2002. New York, NY, USA: ACM Press, 2002. 97~106
[9]徐光祐,史元春,谢伟凯.普适计算.计算机学报, 2003, 26(9): 1042~1050
[10] E. Freudenthal, T. Pesin, and L. Port et al. dRBAC: Distributed role-based access control for dynamic coalition environments. Technical Report TR2001-819, New York University. 2001
[11] M.Y. Becker and P. Sewell. Cassandra: flexible trust management, applied to electronic health records. In: B. Werner ed. Proceedings of the 17th IEEE Computer Security Foundations Workshop (CSFW’04). Pacific Grove, CA, USA. 2004. Los Alamitos: IEEE CS Press, 2004. 139~154
[12] J. B. D. Joshi, A. Ghafoor, and W. Aref et al. Digital government security infrastructure design challenges, IEEE Computer, 2001, 34(2): 66~72
[13] I. Foster, C. Kesselman, J. M. Nick and S.Tuecke,“Grid Services for Distributed System Integration,”IEEE Computer, 2002, 35(6):37~46
[14] Overview of the Grid Security Infrastructure, http://www.globus.org/security/ overview.html
[15] Coen MH, Phillips B, Warshawsky N, et al. Meeting the computational needs of intelligent environments: the metaglue system. In: Nixon P, Lacey G, Dobson S eds. Proceedings of the 1st International Workshop on Managing Interactions in Smart Environments. Berlin: Springer-Verlag, 1999. 201~212
[16] Weiser M. Some computer science issues in ubiquitous computing. Communications of the ACM, 1993, 36(7):74~84
[17] Iachellov G, Abowd GD, Security requirements for environmental sensing technology. In: Proceedings of the 2nd Workshop on Ubicomp Security, Seattle, USA, 2003
[18] Lahlou S, Langheinrich M, R?cker C. Privacy and trust issues with invisible computers. Communications of the ACM, 2005, 48(3): 59~60
[19] Covington MJ, Fogla P, Zhan Z, et al. A context-aware security architecture for emerging applications. In: Proceedings of the 18th Annual Computer Security Applications Conference (ACSAC 2002) . Washington : IEEE Computer Society, 2002.249~260
[20] Creese S, Goldsmith M, Roscoe B, et al. Research directions for trust and security in human-centric computing. In: Proceedings of the First Workshop on Security and Privacy in Pervasive Computing. Vienna, Austria, 2004
[21] DoD, Trusted Computer System Evaluation Criteria (TCSEC), DoD 5200.28-STD
[22] Lampson, B. W.,“Dynamic Protection Structures,”AFIPS Conference Proceedings, 1969.27~38
[23] Ware, W. H., Security Controls for Computer Systems (U): Report of Defense Science Board Task Force on Computer Security, Santa Monica, CA: The RAND Corporation, February 1970
[24] Anderson, J. P., Computer Security Technology Planning Study Volume II, ESD-TR-73-51, Electronic Systems Division, Air Force Systems Command, Hanscom Field, Bedford, MA, 01730, October 1972
[25] B. W. Lampson. Protection. In: Proceedings of the 5th Princeton Symposium on Information Science and Systems. Princeton, New Jersey, USA. 1971. 437–443. Reprinted in ACM Operating Systems Review. 1974, 8(1):18~24
[26] G. S. Graham and P. J. Denning. Protection– principles and practice. In: Proceedings of the 1972 Spring Jt. Computer Conference. Atlantic City, N. J, USA. 1972. Montvale, N. J, USA: AFIPS Press. 1972. 417~429
[27] M. A. Harrison, W. L. Ruzzo, and J. D. Ullman. Protection in operating systems. Communications of the ACM, 1976, 19(8): 461~471
[28] Bell, D. E., and L. J. LaPadula, Secure Computer Systems: Mathematical Foundations and Model, Bedford, MA: The Mitre Corporation, 1973
[29] D. E. Bell and L. J. LaPadula. Secure computer systems: a mathematical model. Technical Report ESD-TR-278, Vol. II, Mitre Corp., Bedford, MA, 1973
[30] D. E. Bell and L. J. LaPadula. Secure computer systems: a refinement of the mathematical model. Technical Report ESD-TR-278, Vol. III, Mitre Corp., Bedford, MA, 1974
[31] D. E. Bell and L. J. LaPadula. Secure computer system: unified exposition and MULTICS interpretation. Technical Report ESD-TR-306, Mitre Corp, Bedford, MA, USA, 1976
[32] D. E. Bell and L. J. LaPadula, Secure Computer System: Unified Exposition and MULTICS Interpretation, MTR-2997 Rev. 1, Bedford, MA: The MITRE Corporation, March 1976
[33] Harrison, M., W. Ruzzo, and J. Ullman, Protection in Operating Systems, CACM 19, No. 8, August 1976.461~471
[34] D. D. Clark and D. R. Wilson. A comparison of commercial and military computer security policies. In: Proceedings of 1987 IEEE Symposium on Security and Privacy. Oakland. 1987. Los Alamitos: IEEE CS Press, 1987.184~194
[35] Nash, M., and K. Poland,“Some Conundrums Concerning Separation of Duty,”presented at the IEEE Symposium on Security and Privacy, Oakland, CA,1990
[36] Brewer, D. F. C., and M. J. Nash,“The Chinese Wall Security Policy,”Proceedings IEEE Computer Society Symposium on Research in Security and Privacy, April 1989. 215~228
[37] D. F. Ferraiolo and R. Kuhn. Role-based access control. In The 15th National Computer Security Conf , Baltimore , MD , 1992.406~413
[38] Ferraiolo, D., D. Gilbert, and N. Lynch,“An Examination of Federal and Commercial Access Control Policy Needs,”in Proceedings of the NIST-NSA National (USA) Computer Security Conference, 1993.107~116
[39] Ferraiolo, D., and D. R. Kuhn,“Role-Based Access Control,”in Proceedings of the NIST-NSA National (USA) Computer Security Conference, 1992. 554~563
[40] Ferraiolo, D. F., J. Cugini, and D. R. Kuhn,“Role-Based Access Control (RBAC): Features and Motivations,”in Proceedings of the 11th Annual Computer Security Application Conference, New Orleans, LA, December 11–15 1995.241~248
[41] Sandhu, R. S., et al.,“Role-Based Access Control: A Multidimensional View,”Proceedings of the 10th Annual Computer Security Applications Conference, December 1994.54~62
[42] G R. Sandhu, E. J. Conyne, and H. L. Feinstein et al. Role based access control models. IEEE Computer, 1996, 29(2): 38~47
[43] J. Ahn and R. Sandhu. Role-based authorizatio constraints specification. ACM Transactions on Information and System Security, 2000, 3(4): 207~226
[44] Bertino, E., E. Ferrari, and V. Atluri,“A Flexible Model for the Specification and Enforcement of Authorizations in Workflow Management Systems,”2nd ACM Workshop on Role-Based Access Control, November 1997
[45] Sandhu, R., D. Ferraiolo, and R. Kuhn,“The NIST Model for Role-Based Access Control: Towards a Unified Standard,”Proc. 5th ACM Workshop on Role-Based Access Control, July 26–27, 2000
[46] G. J. Ahn and R. Sandhu. Role-based authorizatio constraints specification. ACM Transactions on Information and System Security, 2000, 3(4): 207~226
[47]洪帆.何绪斌,徐智勇.基于角色的访问控制.小型微型计算机系统,2000,2(2):l98~200
[48] Security frameworks for open systems: Access control framework. Technical Report ISO/IEC 10181-3, ISO, 1996
[49] Messmer, E.,“Role-Based Access Control on a Roll,”Network World, July 30, 2001 at http://www.nwfusion.com/news/2001/0727burton.html
[50] Jonathan D. Moffett,“Control Principles and Role Hierarchies”, In Proceedings of the 3rd ACM Workshop on Role-Based Access Control. October 1998
[51] Jonathan D. Moffett and Emil C. Lupu,“The use of role hierarchies in access control”, In Proceedings of the 4th ACM
[52] S. Osborn, R. Sandhu, and Q. Munawer. Configuring role-based access control to enforce mandatory and discretionary access control policies. ACM Transactions on Information and System Security,2000, 3(2): 85~106
[53] R. Sandhu and Q. Muawer. How to do discretionary access conrol using roles. In: Proceedings of the 3th ACM Workshop on Role-based Access Control, Youman C and Jaeger T, Chairs. New York, NY, USA: ACM Press, 1998. 47~54
[54] Ravi Sandhu and Venkata Bhamidipati,“The URA97 model for role-based user-role assignment”, In Proceedings of IFIP WG 11.3 Workshop on Database Security, August 1997.147~152
[55] Ravi Sandhu and Venkata Bhamidipati,“The ARBAC97model for Role-based administration of Roles: PreliminaryDescription and Outline”, In Proceedings of second ACM Workshop on Role-Based Access Control. November 1997.117~125
[56] Ravi Sandhu and Venkata Bhamidipati,“Role-based administration of user-role assignment: The URA97 model and its Oracle implementation”, The Journal of Computer Security, 1999 ,7(2):44~56
[57] Ravi Sandhu and Qamar Munawer,“The ARBAC99 model for administration of roles”, In Proceedings of the Annual Computer Security Applications Conference. 1999.17~26
[58] Najam Perwaiz and Ian Sommerville,“Structured management of role-permission relationships”, In Proceedings of 6th ACM Symposium on Access Control Models and Technologies (SACMAT2001), May 2001. 75~86
[59] R. Sandhu, V. Bhaidipati, and Q. Munawer. The ARBAC97 model from role-based administration of roles. ACM Transactions of Information and System Security, 1999, 2(1): 105~135
[60] Oh, S., and R. Sandhu,“A Model for Role Administration Using Organization Structure,”Proc. of the 7th ACM Symposium on Access Control Models and Technologies, 2002. 155~162
[61] E. Barka and R. Sandhu. A Role-Based Delegation Model and Some Extensions. In: Proc. of 23rd National Information Systems Security Conference (NISSC 2000). Baltimore, Maryland, USA. 2000
[62] L. Zhang, G. J. Ahn, and B. T. Chu. A rule-based Framework for Role-Based Delegation. In: Proc. 6th ACM Symposium on Access Control Models and Technologies (SACMAT 2001). Chatilly, Virginia, USA. New York, NY USA: ACM Press. 2001.153~162
[63] X. Zhang, S. Oh, and R. Sandhu. PBDM: A flexible delegation model in RBAC. In: Proc. 8th ACM Symposium on Access Control Models and Technologies (SACMAT 2003). Como, Italy. New York, NY USA: ACM Press. 2003.149~157
[64] L. Zhang, G. J. Ahn, and B. T. Chu. A role-based delegation framework for healthcare information systems. In: Proc. 7th ACM Symposium on Access Control Models and Technologies (SACMAT 2002). Monterey, CA, USA. 2002. New York, NY, USA: ACM Press, 2002. 125~134
[65] James B.D. Joshi, Walid G. Aref, Arif Ghafoor, and Eugene H. Spafford,“Security models for web-based applications”, Communications of the ACM, 2001,44(2):74~83
[66] Ryutov, Tatyana and Neuman. The Set and Function Approach to Modeling Authorization in Distributed Systems. Proceedings of the Workshop on Mathematical Methods and Models and Architecture for Computer Networks Security, Clifford 2001.204~219
[67] Ryutov, Tatyana and Neuman. The Speciation and Enforcement of Advanced Security Policies. Proceedings of the Workshop on Policies for Distributed Systems and Networks, Clifford 2002.329~334
[68] M. Thompson, W. Johnston, S. Mudumbai, G. Hoo, K. Jackson, and A. Essiari,“Certificate-based Access Control for Widely Distributed Resources”, Proceedings of the Eighth Usenix Security Symposium, Aug. 1999.312~327
[69] E. Bertino, P. A. Bonatti and E. Ferrari. TRBAC: A temporal role-based access control model. ACM Transactions of Information and System Security, 2001, 4(3): 191~223
[70] J. Joshi, E. Bertino and U. Latif et al. A generalized temporal role-based access control model. IEEE Transactions of Knowledge and Data Engineering, 2005, 17(1): 4~23
[71] Park, J. S., and R. Sandhu,“RBAC on the Web by Smart Certificates,”Proc.ACM Workshop on Role-Based Access Control, New York: ACM Press. 1999.1~9
[72] Deinhart, K., et al.,“Method and System for Advanced Role-Based Access Control in Distributed and Centralized Computer Systems,”U.S. Patent 5,911,143, June 8, 1999.13~32
[73] Joshi, J. B. D., et al.,“Security Models for Web-Based Applications,”Communications of the ACM, 2001, 44(2): 38~44
[74] A. Kapadia, J. A. Muhtadi, and R. Campbell et al. IRBAC 2000: secure interoperability using dynamic role translation. Technical Report UIUCDCS-R-2000-2162, University of Illinois. Urbana, IL, USA. 2000
[75] J. A. Muhtadi, A. Kapadia, and R. Campbell et al. The A-IRBAC 2000 model: administrative interoperability role-based access control. Technical Report UIUCDCS-R-2000-2163, University of Illinois. Urbana, IL, USA. 2000
[76] C. E. Phillips, T. C. Ting, and S. A. Demurjian. Information sharing and security in dynamic coalitions. In: Proc. 7th ACM Symposium on Access Control Models and Technologies (SACMAT 2002). Monterey, CA, USA. 2002. New York, NY, USA: ACM Press, 2002. 87~96
[77] J. B. D. Joshi, R. Bhatti, and E. Bertino et al. Access-control language for multidomain environments. IEEE Internet Computing, 2004, 8(6): 40~50
[78] D. Shands, R. Yee, and J. Jacobs et al. Secure virtual enclaves: supporting coalition use of distributed system. In: Proceedings of Network and Distributed System Security Symposium (NDSS 2000). San Diego, CA, USA. 2000. Internet Society, 2000
[79] G.. Denker, J. Millen, and Y. Miyake. Cross-domain access control via PKI. In: B. Werner ed. Proceedings of the Third International Workshop on Policies for Distributed Systems and Networks (POLICY’02). Monterey, CA, USA. 2002. Los Alamitos: IEEE CS Press, 2002. 202~205
[80] M. Blaze, J. Feigenbaum, and J. Lacy. Decentralized Trust Management. In Proc. of the 17th Symposium on Security and Privacy. Oakland, CA, USA. Los Alamitos: IEEE CS Press, 1996. 164~173
[81] S. Weeks. Understanding trust management systems. In: F. M. Titsworth ed. Proceedings of 2001 IEEE Symposium on Security and Privacy. Oakland, CA, USA. 2001. Loa Alamitos: IEEE CS Press, 2001. 94~105
[82] Chu Y, Feigenbaum J, LaMacchia B, et al. REFEREE: trust management for Web applications. World Wide Web Journal, 1997, 2(2):127~139
[83] Jim T. SD3: a trust management system with certified evaluation. In: Proceedings of the 2001 IEEE Symposium on Security and Privacy. Washington: IEEE Computer Society Press, 2001.106~115
[84] Yao WT. Fidelis: a policy-driven trust management framework. In: Proceedings of the 1st International Conference on Trust Management . Berlin : Springer-Verglag, 2003.301~317
[85] Kagal L, Cost S, Finin T, et al. A framework for distributed trust management. In: Proceedings of the Second Workshop on Norms and Institutions in MAS, Autonomous Agents, Montreal, Canada, 2001. 34~45
[86] Kagal L, Undercoffer J, Perich F, et al. A security architecture based on trust management for pervasive computing systems. In: Proceedings of Grace Hopper Celebration of Women in Computing, 2001
[87] A. Chander, D. Dean, and J. C. Mitchell. Reconstructing trust management. Journal of Computer Security, 2004, 12(1): 131~164
[88] Blaze M, Feigenbaum J, Ioannidis J, et al. The role of trust management in distributed system security. In: Vitek J, Jensen C, eds. Secure Internet Programming: Issues in Distributed and Mobile Object Systems, Berlin: Springer-Verlag, 1999.185~210
[89] M Blaze, J. Feigenbaum , and M. Strauss et al. Compliance-checking in the PolicyMaker trust management system. In: R. Hirschfeld ed. Proceedings of Second International Conference on Financial Cryptography. LNCS 1465. Anguila, British West Idies. 1998. Berlin Heidelberg: Springer-Verlag, 1998. 254~274
[90] Y. Huachu, J. Feigenbaum, and B. LaMacchia et al. REFEREE: Trust management for web applications. The World Wide Web Journal, 1997, 2(3): 127~139
[91] M Blaze, J. Feigenbaum , and A. D. Keromytis. KeyNote: trust management for public key infrastructures. In: B. Christinason, B. Crispo, and W. S. Harbison et aleds. Proceedings of the 6th Security Protocols International Workshop. LNCS 1550. Cambridge, UK. 1998. Berlin Heidelberg: Springer-Verlag, 1999. 59~63
[92] C. Ellison. The natural of a usable PKI. Computer Networks, 1999, 31(8): 823~830
[93] J. R. Howell. Naming and sharing resources acroos administrative boundaries. PhD thesis, Dartmouth College, 2000
[94] M Abadi. On SDSI’s linked local name spaces. Journal of Computer Security, 1998, 6(1):3~21
[95] J. Howell and D. Kotz. A formal semantics for SPKI. Technical Report TR 2000-363. Dartmouth College. Hanover, NH. 2000
[96] J. Halpern and R. Meyden. A logic for SDSI’s linked local name spaces. Journal of Computer Security, 2001, 9(1): 47~74
[97] J. Halpern and R. Meyden. A logic reconstruction of SPKI. Journal of Computer Security, 2003, 11(3/4): 581~613
[98] N. Li. Local names in SPKI/SDSI. In: Proceedings of the 13th IEEE Computer Security Foundations Workshop. Cambridge, UK. 2000. Los Alamitos: IEEE CS Press, July 2000. 2~15
[99] N. Li and Mitchell J.C. Understanding SPKI-SDSI using first-order logic. In: D. Martin ed. Proceedings of the 16th IEEE Computer Security Foundations Workshop (CSFW’03). Pacific Grove, CA, USA. 2003. Los Alamitos: IEEE CS Press, 1996. 89~103
[100] D. E. Clarke. SPKI/SDSI HTTP server / certificate chain discovery in SPKI/SDSI. Masters thesis, Massachusetts Institute of Technology. 2001
[101] Li NH, Mitchell JC. RT: a role based trust management framework. In: Werner B, ed. Proceedings of the Third DARPA Information Survivability Conference and Exposition. Washington: IEEE Computer Society Press, 2003.201~212
[102] N. Li and J. C. Mitchell. Datalog with constraints: a foundation for trust-management languages. In: V. Dahl and P. Wadler eds. Proceedings of the 15th International Symposium on Pratical Aspects of Declarative Languages (PADL 2003). LNCS 2562. New Orleans, LA, USA. 2003. Berlin Heidelberg: Springer-Verlag, 2003. 58~73
[103] N. Li, W. H. Winsborough, and J. C. Mitchell. Distributed credential chain discovery in trust management. Journal of Computer Security, 2003, 11(1): 35~86
[104] Yu T, Winslett M. A unified scheme for resource protection in automated trust negotiation. In: Proceedings of the 2003 IEEE Symposium on Security and Privacy. Washington: IEEE Computer Society Press, 2003. 110~122
[105] Seamons KE, Winslett M, Yu T. Limiting the disclosure of access control policies during automated trust negotiation. In: Proceedings of the Network and Distributed System Security Symposium. Internet Society Press, 2001
[106] Yu T, Winslett M, Seamons KE. Interoperable strategies in automated trust negotiation. In: Proceedings of the 8th ACM Conference on Computer and Communications Security. New York: ACM Press, 2001.146~155
[107] K. E. Seamons, M. Winslett, and T, Yu. Trust negotiation in dynamic coalitions. In: B. Werner ed. Proceedings of the 2003 DARPA Information Survivablility Conference and Exposition (DISCEX’03). Washington, DC, USA. 2003. Los Alamitos: IEEE CS Press, 2003, 2(2): 240~245
[108] Seamons KE, Winslett M, Yu T, et al. Protecting privacy during on-line trust negotiation. In: Dingledine R, Syverson PF, eds. Proceedings of the 2nd Workshop on Privacy Enhancing Technologies. Brighton: Springer-Verlag, 2002.129~143
[109] J. Linn and M. Nystrom. Attribute certification: an enabling technology for delegation and role-based controls in distributed environments In: Proc. 1999 ACM Workshop on Role Based Access Control (RBAC’99). Fairfax, VA, USA. 1999. New York, NY, USA: ACM Press. 1999. 121~130
[110] D. W. Chatwick and A. Otenko. The PERMIS X.509 role based privilege management infrastructure. In: Proc. 7th ACM Symposium on Access Control Models and Technologies (SACMAT 2002). Monterey, CA, USA. 2002. New York, NY, USA: ACM Press. 2002. 135~140
[111] ITU-T. Draft revised ITU-T Recommendation X.509.ISO/IEC 9594-8: Information Technology– Open Systems Interconnection– The Directory: Public-Key and Attribute Certificate Frameworks, 2000. ftp://ftp.bull.com/pub/OSIdirectory/4thEditionTexts/X.509_4thEditionDra%ftV2.pdf
[112] Iannella, Renato 2002. Open Digital Rights Language V1.1. Online, Available: http://odrl.net
[113] Jajodia, S, Kudo, M., and Subrahmanian, V.S. 2001. Provisional Authorizations. E-Commerce Security and Privacy Anup Gosh (Ed.) Kluwer Academic Press, 2001
[114] Kaplan, Marc 1996. IBM Cryptolopes, Superdistribution and Digital Right Management. On-line, Available:http://www.research.ibm.com/people/k/Kaplan
[115] ACM Transactions on Information and System Security, 2002,9(2):35~44
[116] B. LaMacchia. Key Challenges in DRM: An Industry Perspective. Proc. 2nd ACM DRM Workshop (in conjunction with ACM CCS Conference) November.2002
[117] MIT 2001. Ten emerging technologies that will change the world. MIT Technology Review (Jan/Feb). P3P 2002. The Platform for Privacy Preferences 1.0 (P3P1.0) Speciation. Online, Available:http://www.w3.org/P3P/
[118] J.Park, R.Sandhu. Towards usage control models: beyond traditional access control. Proceedings of 7th ACM symposium on Access control models and technologies, ACM Press. 2002. 57~64
[119] R. Sandhu and J. Park, Usage control: A vision for next generation access control. In Proceedings of The 2nd International Workshop on Mathematical Methods, Models and Architectures for Computer Networks Security, 2003. 17~31
[120] J.Park, R.Sandhu. The UCONABC Usage Control Model. ACM Transactions on Information and Systems Security, 2004,7(1):128~174
[121]洪帆,崔永泉,付才等.多域安全互操作的可管理使用控制模型研究.计算机科学, 2006,33(3):38 ~47
[122] X.Zhang, J.Park, R.Sandhu, et al., A Logical Specification for Usage Control,SACMAT'04, June 2004, Yorktown Heights, New York, USA,2004.1~10
[123] Jaehong Park and Ravi Sandhu,“Originator Control in Usage Control.”Proc. 3rd IEEE International Workshop on Policies for Distributed Systems and Networks, Monterey, California, June 5-7, 2002. 60~66
[124] Jaehong Park, Ravi Sandhu and James Schifalacqua,“Security Architectures for Controlled Digital Information Dissemination.”Proc. 16th Annual Computer Security Applications Conference, New Orleans, Louisiana, December 11-15, 2000. 224~233
[125] I. Foster, C. Kesselman, J. M. Nick and S.Tuecke,“Grid Services for Distributed System Integration,”IEEE Computer, 2002, 35(6):37~46
[126] Foster, C. Kesselman, Globus: A Metacomputin Infrastructure Toolkit, Intl J. Supercomputer Applications, 1997,11(2):115~128
[127] I. Foster, C. Kesselman, G. Tsudik, S. Tuecke, A Security Architecture for Computational Grids, Proc. 5th ACM Conference on Computer and Communications Security Conference, 1998. 83~92
[128] R. Butler, D. Engert, I. Foster, C. Kesselman, S. Tuecke, J. Volmer, V. Welch, A National-Scale Authentication infrastructure, IEEE Computer, 2000,33(12):60~66
[129] Foster, C. Kesselman, S. Tuecke, The Anatomy of the Grid, Intl. J. Supercomputer Applications, 2001,15(3):43~56
[130] N. Nagaratnam, P. Janson, J. Dayka, et al., Tuecke : The Security Architecture for Open Grid Services , 2002
[131] Overview of the Grid Security Infrastructure, http://www.globus.org/security/ overview.html
[132] L. Pearlman, V. Welch, I. Foster, C. Kesselman, and S. Tuecke,“A Community Authorization Service for Group Collaboration”, Proceedings of the IEEE 3rd International Workshop on Policies for Distributed Systems and Networks, 2002. 139~143
[133] D. Chadwick, A. Otenko,“The Permis X.509 Role Based Privilege Management Infrastructure”, Proceedings of SACMAT Conference, ACM Press, 2002. 135~140
[134] K. Keahey, V. Welch, S. Lang, B. Liu, and S. Meder,“Fine-Grain Authorization Policies in the GRID: Design and Implementation”, Proceedings of the 1st International Workshop on Middleware for Grid Computing, 2003.14~18
[135] L. Ramakrishnan, et al.,“An Authorization Framework for a Grid Based Component Architecture”,Proc. of the 3rd International Workshop on Grid Computing, 2002
[136] G. Zhang and M. Parashar. Dynamic context-aware access control for grid applications. In IEEE Computer Society Press, editor, 4th International Workshop on Grid Computing (Grid2003), Phoenix, AZ, USA, 2003.101~108
[137] G. Zhang and M. Parashar. Context-aware dynamic access control for pervasive computing. In 2004 Communication Networks and Distributed Systems Modeling and Simulation Conference (CNDS'04), San Diego, California, USA, January 2004
[138] CUI Yongquan, HONG Fan, FU Cai. Context-aware Usage_based Grid Authorization Framework. Wuhan University Journal of Natural Sciences, 2006,11(6):1736~1740
[139] H Yao, H Hu, B Huang, R Li. Dynamic Role and Context-Based Access Control for Grid Applications[C]. Proceedings of the Sixth International Conference on Parallel and Distributed Computing, Applications and Technologies (PDCAT'05). 2005.404~406
[140] F Martinelli,P Mori,A Vaccarelli. Towards Continuous Usage Control on Grid Computational Services[C]. Proceedings of the Joint International Conference on Autonomic and Autonomous Systems and International Conference on Networking and Services (ICAS/ICNS), 2005. 82~89
[141] W Qiang, H Jin, X Shi. RB-GACA: A RBAC Based Grid Access Control Architecture [J]. International Journal of Grid and Utility Computing (IJGUC), 2005, 1(1): 61~70
[142] Guanying Bu, Zhiwei Xu. Access Control in Semantic Grid [J]. Future Generation Computer Systems,2004,11 (2): 113~122
[143] Coen MH, Phillips B, Warshawsky N, et al. Meeting the computational needs of intelligent environments: the metaglue system. In: Nixon P, Lacey G, Dobson S eds. Proceedings of the 1st International Workshop on Managing Interactions in Smart Environments. Berlin: Springer-Verlag, 1999. 201~212
[144] Weiser M. Some computer science issues in ubiquitous computing. Communications of the ACM, 1993, 36(7):74~84
[145] Coen MH, Phillips B, Warshawsky N, et al. Meeting the computational needs of intelligent environments: the metaglue system. In: Nixon P, Lacey G, Dobson S eds. Proceedings of the 1st International Workshop on Managing Interactions in Smart Environments. Berlin: Springer-Verlag, 1999. 201~212
[146] Salz P. The disappearing computer. Time Europe, 2000, 155(8): 1~8
[147] Johanson B , Fox A , Winograd T . The interactive workspaces project: experiences with ubiquitous computing rooms. IEEE Pervasive Computing, 2002, 1 (2): 67~75
[148] Endeavour Project. http:// endeavour.cs.berkeley.edu
[149] DreamSpace Project. http://www.research.ibm.com/natural/dreamspace
[150] Brumitt B, Meyers B, KrummJ, et al. EasyLiving: technologies for intelligent environments. In: Proceedings of the 2nd International Symposium on Handheld and Ubiquitous Computing. Berlin: Springer Verlag, 2000. 12~27
[151] Xie WK, Shi YC, Xu GY. Smart classroom-an intelligent environment for tele-education. In: Proceedings of the 2nd IEEE Pacific-Rim Conference on Multimedia. Berlin: Springer Verlag, 2001. 662~668
[152] Abowd GD, Mynatt ED, Charting past, present and future research in ubiquitous computing. ACM Transactions on Human-Computer Interaction, 2000, 7(1): 29~58
[153] English C, Terzis S, Nixon P. Towards self-protecting ubiquitous systems: monitoring trust-based interactions. In: Proceedings of the System Support for Ubiquitous Computing Workshop (UbiComp). Brighton: Springer-Verlag, 2004. 50~54
[154] Rangan P. An axiomatic basis of trust in distributed systems. In: Proceedings of the 1988 IEEE Computer Society Symposium on Security and Privacy. Washington: IEEE Computer Society Press, 1988.204~211
[155] Kagal L, Finin T, Joshi A. Trust-based security in pervasive computing environments. IEEE Computer, 2001, 34(12):154~157
[156] Al-Muhtadi J, Ranganathan A, Campbell R, et al. A flexible, privacy-preserving authentication framework for ubiquitous computing environments. In: Proceedings of the 22nd International Conference on Distributed Computing Systems Workshops. Washington: IEEE Computer Society Press, 2002. 771~776
[157] Shand B, Dimmock N, Bacon J. Trust for transparent, ubiquitous collaboration. Wireless Networks, 2004, 10(6):711~721
[158] English C, Wagealla W, Nixon P, et al. Trusting collaboration in global computing systems . In : Proceedings of the 1st International Conference on Trust Management. Brighton: Springer-Verlag, 2003.136~149
[159] Falcone R, Castelfranchi C. Trust dynamics how trust is influenced by direct experiences and by trust itself. In: Proceedings of the Third International Joint Conference on Autonomous Agents and Multiagent Systems - Volume 2 (AAMAS'04). Washington: IEEE Computer Society Press, 2004.740~747
[160] English C, Wagealla W, Terzis S, et al. Trust dynamics for collaborative global computing. In: Proceedings of IEEE International Workshops on Enabling Technologies : Infrastructure for Collaborative Enterprises (WETICE-2003). Washington: IEEE Computer Society Press, 2003.283~294
[161] English C, Terzis S, Nixon P. Towards self-protecting ubiquitous systems: monitoring trust-based interactions. In: Proceedings of the System Support for Ubiquitous Computing Workshop (UbiComp) . Brighton : Springer-Verlag, 2004.50~54
[162]郭亚军,洪帆.普适计算的信任计算模型.计算机科学, 2005, 32 (10): 59~62
[163] Liu Z, Joy AW, Thompson RA. A dynamic trust model for mobile ad hoc networks. In: Proceedings of the 10th IEEE International Workshop on Future Trends of Distributed Computing Systems (FTDCS'04). Washington: IEEE Computer Society Press, 2004. 80~85
[164] Bryce C, Dimmock N, Krukow K, et al. Towards an evaluation methodology for computational trust systems. In: Proceedings of the Third Annual Conference on Trust Management. Brighton: Springer-Verlag, 2005.290~305
[165] Castro P, Chiu P, Kremenek T, et al. A probabilistic location service for wireless network environments. In: Proceedings of the International Conference on Ubiquitous Computing (Ubicomp). Berlin: Springer-Verlag, 2001. 18~24
[166] Jonsson M. Context shadow: an infrastructure for context aware computing. In: Proceedings of Artificial Intelligence in Mobile System (AIMS 2002), 2002
[167] Hong JI, Landay JA. An infrastructure approach to context-aware computing. Human-Computer Interaction, 2001, 16(2): 287-303
[168] Campbell R, Al-Muhtadi J, Naldurg P, et al. Towards security and privacy for pervasive computing. In: Proceedings of International Symposium on Software Security. Berlin: Springer-Verlag, 2002. 1~15
[169] Covington MJ, Long W, Srinivasan S, et al. Securing context-aware applications using environment roles. In: Proceedings of the sixth ACM symposium on Access control models and technologies. New York: ACM Press, 2001. 10~20
[170] Tripathi A, Ahmed T, Kulkarni D, et al, Context-Based Secure Resource Access in Pervasive Computing Environments. In: Proceedings of the 1st IEEE International Workshop on Pervasive Computing and Communications Security (IEEE PerSec'04). Washington: IEEE Computer Society Press, 2004. 159~163
[171] Bardram J, Kj?r RE, Pedersen M. Context-aware user authentication-supporting proximity-based login in pervasive computing. In: Dey A, McCarthy J, Schmidt A,eds . Proceedings of the 5th International Conference on Ubiquitous Computing. Brighton: Springer-Verlag, 2003. 107~123
[172]郭亚军,洪帆.普适计算的安全机制.计算机工程, 2006, 32(8):168~169