Role based access control is one of the widely used access control models.There are investigations in the literature that use knowledge representation mechanisms such as formal concept analysis(FCA),description logics...Role based access control is one of the widely used access control models.There are investigations in the literature that use knowledge representation mechanisms such as formal concept analysis(FCA),description logics,and Ontology for representing access control mechanism.However,while using FCA,investigations reported in the literature so far work on the logic that transforms the three dimensional access control matrix into dyadic formal contexts.This transformation is mainly to derive the formal concepts,lattice structure and implications to represent role hierarchy and constraints of RBAC.In this work,we propose a methodology that models RBAC using triadic FCA without transforming the triadic access control matrix into dyadic formal contexts.Our discussion is on two lines of inquiry.We present how triadic FCA can provide a suitable representation of RBAC policy and we demonstrate how this representation follows role hierarchy and constraints of RBAC on sample healthcare network available in the literature.展开更多
Role mining and setup affect the usage of role-based access control(RBAC).Traditionally,user's role and permission assigning are manipulated by security administrator of system.However,the cost is expensive and th...Role mining and setup affect the usage of role-based access control(RBAC).Traditionally,user's role and permission assigning are manipulated by security administrator of system.However,the cost is expensive and the operating process is complex.A new role analyzing method was proposed by generating mappings and using them to provide recommendation for systems.The relation among sets of permissions,roles and users was explored by generating mappings,and the relation between sets of users and attributes was analyzed by means of the concept lattice model,generating a critical mapping between the attribute and permission sets,and making the meaning of the role natural and operational.Thus,a role is determined by permission set and user's attributes.The generated mappings were used to automatically assign permissions and roles to new users.Experimental results show that the proposed algorithm is effective and efficient.展开更多
Abstract: Two-tier heterogeneous networks (HetNets), where the current cellular networks, i.e., macrocells, are overlapped with a large number of randomly distributed femtocells, can potentially bring significant b...Abstract: Two-tier heterogeneous networks (HetNets), where the current cellular networks, i.e., macrocells, are overlapped with a large number of randomly distributed femtocells, can potentially bring significant benefits to spectral utilization and system capacity. The interference management and access control for open and closed femtocells in two-tier HetNets were focused. The contributions consist of two parts. Firstly, in order to reduce the uplink interference caused by MUEs (macrocell user equipments) at closed femtocells, an incentive mechanism to implement interference mitigation was proposed. It encourages femtoeells that work with closed-subscriber-group (CSG) to allow the interfering MUEs access in but only via uplink, which can reduce the interference significantly and also benefit the marco-tier. The interference issue was then studied in open-subscriber-group (OSG) femtocells from the perspective of handover and mobility prediction. Inbound handover provides an alternative solution for open femtocells when interference turns up, while this accompanies with PCI (physical cell identity) confusion during inbound handover. To reduce the PCI confusion, a dynamic PCI allocation scheme was proposed, by which the high handin femtocells have the dedicated PCI while the others share the reuse PCIs. A Markov chain based mobility prediction algorithm was designed to decide whether the femtoeell status is with high handover requests. Numerical analysis reveals that the UL interference is managed well for the CSG femtocell and the PCI confusion issue is mitigated greatly in OSG femtocell compared to the conventional approaches.展开更多
A novel distributed cognitive radio multichannel medium access protocol without common control channel was proposed.The protocol divided a transmission interval into two parts for exchanging control information and da...A novel distributed cognitive radio multichannel medium access protocol without common control channel was proposed.The protocol divided a transmission interval into two parts for exchanging control information and data,respectively.In addition to evaluating system saturation throughput of the proposed protocol,a three-dimensional multi channel Markov chain model to describe the sate of the cognitive users (CUs) in dynamic spectrum access was presented.The proposed analysis was applied to the packet transmission schemes employed by the basic,RTS/CTS access mechanism adopted in the normal IEEE 802.11.Analyzing the advantage of the two methods,a hybrid access mechanism was proposed to improve the system throughput.The simulation results show that the experiment results are close to the value computed by the model (less than 5%),and the proposed protocol significantly improves the performance of the system throughput by borrowing the licensed spectrum.By analyzing the dependence of throughput on system parameters,hybrid mechanism dynamically selecting access mechanism can maintain high throughput.展开更多
This paper addresses the problem of fault detection(FD) for networked systems with access constraints and packet dropouts.Two independent Markov chains are used to describe the sequences of channels which are availa...This paper addresses the problem of fault detection(FD) for networked systems with access constraints and packet dropouts.Two independent Markov chains are used to describe the sequences of channels which are available for communication at an instant and the packet dropout process,respectively.Performance indexes H∞ and H_ are introduced to describe the robustness of residual against external disturbances and sensitivity of residual to faults,respectively.By using a mode-dependent fault detection filter(FDF) as residual generator,the addressed FD problem is converted into an auxiliary filter design problem with the above index constraints.A sufficient condition for the existence of the FDF is derived in terms of certain linear matrix inequalities(LMIs).When these LMIs are feasible,the explicit expression of the desired FDF can also be characterized.A numerical example is exploited to show the usefulness of the proposed results.展开更多
The trustworthiness analysis and evaluation are the bases of the trust chain transfer. In this paper the formal method of trustworthiness analysis of a system based on the noninterfer- ence (NI) theory of the inform...The trustworthiness analysis and evaluation are the bases of the trust chain transfer. In this paper the formal method of trustworthiness analysis of a system based on the noninterfer- ence (NI) theory of the information flow is studied. Firstly, existing methods cannot analyze the impact of the system states on the trustworthiness of software during the process of trust chain trans- fer. To solve this problem, the impact of the system state on trust- worthiness of software is investigated, the run-time mutual interfer- ence behavior of software entitles is described and an interference model of the access control automaton of a system is established. Secondly, based on the intransitive noninterference (INI) theory, a formal analytic method of trustworthiness for trust chain transfer is proposed, providing a theoretical basis for the analysis of dynamic trustworthiness of software during the trust chain transfer process. Thirdly, a prototype system with dynamic trustworthiness on a plat- form with dual core architecture is constructed and a verification algorithm of the system trustworthiness is provided. Finally, the monitor hypothesis is extended to the dynamic monitor hypothe- sis, a theorem of static judgment rule of system trustworthiness is provided, which is useful to prove dynamic trustworthiness of a system at the beginning of system construction. Compared with previous work in this field, this research proposes not only a formal analytic method for the determination of system trustworthiness, but also a modeling method and an analysis algorithm that are feasible for practical implementation.展开更多
基金the financial support from Department of Science and Technology,Government of India under the grant:SR/CSRI/118/2014
文摘Role based access control is one of the widely used access control models.There are investigations in the literature that use knowledge representation mechanisms such as formal concept analysis(FCA),description logics,and Ontology for representing access control mechanism.However,while using FCA,investigations reported in the literature so far work on the logic that transforms the three dimensional access control matrix into dyadic formal contexts.This transformation is mainly to derive the formal concepts,lattice structure and implications to represent role hierarchy and constraints of RBAC.In this work,we propose a methodology that models RBAC using triadic FCA without transforming the triadic access control matrix into dyadic formal contexts.Our discussion is on two lines of inquiry.We present how triadic FCA can provide a suitable representation of RBAC policy and we demonstrate how this representation follows role hierarchy and constraints of RBAC on sample healthcare network available in the literature.
基金Project(61003140) supported by the National Natural Science Foundation of ChinaProject(013/2010/A) supported by Macao Science and Technology Development FundProject(10YJC630236) supported by Social Science Foundation for the Youth Scholars of Ministry of Education of China
文摘Role mining and setup affect the usage of role-based access control(RBAC).Traditionally,user's role and permission assigning are manipulated by security administrator of system.However,the cost is expensive and the operating process is complex.A new role analyzing method was proposed by generating mappings and using them to provide recommendation for systems.The relation among sets of permissions,roles and users was explored by generating mappings,and the relation between sets of users and attributes was analyzed by means of the concept lattice model,generating a critical mapping between the attribute and permission sets,and making the meaning of the role natural and operational.Thus,a role is determined by permission set and user's attributes.The generated mappings were used to automatically assign permissions and roles to new users.Experimental results show that the proposed algorithm is effective and efficient.
基金Project(2012AA01A301-01)supported by the National High-Tech Research and Development Plan of ChinaProjects(61301148,61272061)supported by the National Natural Science Foundation of China+3 种基金Projects(20120161120019,2013016111002)supported by the Research Fund for the Doctoral Program of Higher Education of ChinaProjects(14JJ7023,10JJ5069)supported by the Natural Science Foundation of Hunan Province,ChinaProject(ISN12-05)supported by State Key Laboratory of Integrated Services Networks Open Foundation,ChinaProject(531107040276)supported by the Fundamental Research Funds for the Central Universities,China
文摘Abstract: Two-tier heterogeneous networks (HetNets), where the current cellular networks, i.e., macrocells, are overlapped with a large number of randomly distributed femtocells, can potentially bring significant benefits to spectral utilization and system capacity. The interference management and access control for open and closed femtocells in two-tier HetNets were focused. The contributions consist of two parts. Firstly, in order to reduce the uplink interference caused by MUEs (macrocell user equipments) at closed femtocells, an incentive mechanism to implement interference mitigation was proposed. It encourages femtoeells that work with closed-subscriber-group (CSG) to allow the interfering MUEs access in but only via uplink, which can reduce the interference significantly and also benefit the marco-tier. The interference issue was then studied in open-subscriber-group (OSG) femtocells from the perspective of handover and mobility prediction. Inbound handover provides an alternative solution for open femtocells when interference turns up, while this accompanies with PCI (physical cell identity) confusion during inbound handover. To reduce the PCI confusion, a dynamic PCI allocation scheme was proposed, by which the high handin femtocells have the dedicated PCI while the others share the reuse PCIs. A Markov chain based mobility prediction algorithm was designed to decide whether the femtoeell status is with high handover requests. Numerical analysis reveals that the UL interference is managed well for the CSG femtocell and the PCI confusion issue is mitigated greatly in OSG femtocell compared to the conventional approaches.
基金Project(61071104) supported by the National Natural Science Foundation of China
文摘A novel distributed cognitive radio multichannel medium access protocol without common control channel was proposed.The protocol divided a transmission interval into two parts for exchanging control information and data,respectively.In addition to evaluating system saturation throughput of the proposed protocol,a three-dimensional multi channel Markov chain model to describe the sate of the cognitive users (CUs) in dynamic spectrum access was presented.The proposed analysis was applied to the packet transmission schemes employed by the basic,RTS/CTS access mechanism adopted in the normal IEEE 802.11.Analyzing the advantage of the two methods,a hybrid access mechanism was proposed to improve the system throughput.The simulation results show that the experiment results are close to the value computed by the model (less than 5%),and the proposed protocol significantly improves the performance of the system throughput by borrowing the licensed spectrum.By analyzing the dependence of throughput on system parameters,hybrid mechanism dynamically selecting access mechanism can maintain high throughput.
基金supported by the National Natural Science Foundation of China (6057408860874053)
文摘This paper addresses the problem of fault detection(FD) for networked systems with access constraints and packet dropouts.Two independent Markov chains are used to describe the sequences of channels which are available for communication at an instant and the packet dropout process,respectively.Performance indexes H∞ and H_ are introduced to describe the robustness of residual against external disturbances and sensitivity of residual to faults,respectively.By using a mode-dependent fault detection filter(FDF) as residual generator,the addressed FD problem is converted into an auxiliary filter design problem with the above index constraints.A sufficient condition for the existence of the FDF is derived in terms of certain linear matrix inequalities(LMIs).When these LMIs are feasible,the explicit expression of the desired FDF can also be characterized.A numerical example is exploited to show the usefulness of the proposed results.
基金supported by the Natural Science Foundation of Jiangsu Province(BK2012237)
文摘The trustworthiness analysis and evaluation are the bases of the trust chain transfer. In this paper the formal method of trustworthiness analysis of a system based on the noninterfer- ence (NI) theory of the information flow is studied. Firstly, existing methods cannot analyze the impact of the system states on the trustworthiness of software during the process of trust chain trans- fer. To solve this problem, the impact of the system state on trust- worthiness of software is investigated, the run-time mutual interfer- ence behavior of software entitles is described and an interference model of the access control automaton of a system is established. Secondly, based on the intransitive noninterference (INI) theory, a formal analytic method of trustworthiness for trust chain transfer is proposed, providing a theoretical basis for the analysis of dynamic trustworthiness of software during the trust chain transfer process. Thirdly, a prototype system with dynamic trustworthiness on a plat- form with dual core architecture is constructed and a verification algorithm of the system trustworthiness is provided. Finally, the monitor hypothesis is extended to the dynamic monitor hypothe- sis, a theorem of static judgment rule of system trustworthiness is provided, which is useful to prove dynamic trustworthiness of a system at the beginning of system construction. Compared with previous work in this field, this research proposes not only a formal analytic method for the determination of system trustworthiness, but also a modeling method and an analysis algorithm that are feasible for practical implementation.
