Limits...
An action-based fine-grained access control mechanism for structured documents and its application.

Su M, Li F, Tang Z, Yu Y, Zhou B - ScientificWorldJournal (2014)

Bottom Line: Finally, we give the implementation of our mechanism and make the comparisons between the existing methods and our mechanism.The result shows that our mechanism could provide the better solution of fine-grained access control for structured documents in complicated networks.Moreover, it is more flexible and practical.

View Article: PubMed Central - PubMed

Affiliation: State Key Laboratory of Integrated Services Network, Xidian University, Xi'an 710071, China.

ABSTRACT
This paper presents an action-based fine-grained access control mechanism for structured documents. Firstly, we define a describing model for structured documents and analyze the application scenarios. The describing model could support the permission management on chapters, pages, sections, words, and pictures of structured documents. Secondly, based on the action-based access control (ABAC) model, we propose a fine-grained control protocol for structured documents by introducing temporal state and environmental state. The protocol covering different stages from document creation, to permission specification and usage control are given by using the Z-notation. Finally, we give the implementation of our mechanism and make the comparisons between the existing methods and our mechanism. The result shows that our mechanism could provide the better solution of fine-grained access control for structured documents in complicated networks. Moreover, it is more flexible and practical.

Show MeSH
Framework for implementation.
© Copyright Policy - open-access
Related In: Results  -  Collection


getmorefigures.php?uid=PMC4127212&req=5

fig5: Framework for implementation.

Mentions: Our system is under Windows based on C/S model, and the framework for implementation is shown in Figure 5. The server side consisted of the content server and policy server and the client side includes user interface and creator interface. The server side consists of user's requirement analysis module, verification module, action obtaining module, permission assignment module, and the other universal modules like cryptography and data transforming modules. The user's requirement analysis module could analyze the data packages form the users and divide them into the data stream for document creating, policy creating, or data accessing. The verification module will verify the integrity and the random number by calling the cryptography module. The action obtaining module will get the user's role, temporal state, and environmental state together to generate the action. The user's role is obtained according to sid. The temporal state from the time server and the environmental state includes the network, physical location, platform, or the software. In our system, we take the network and software for experiment, and we will improve the other factors in the future. The network information is obtained from the user's data packages and the software information is initialized at the beginning. The client will send the Hash of the client software to server when accessing the resource. The permission assignment module makes the decision according to the policy data base. The format of this data base is (sid, oid, at, ts, es, perDes.xml). Besides, the common modules like data based managing and storing will not be described here.


An action-based fine-grained access control mechanism for structured documents and its application.

Su M, Li F, Tang Z, Yu Y, Zhou B - ScientificWorldJournal (2014)

Framework for implementation.
© Copyright Policy - open-access
Related In: Results  -  Collection

Show All Figures
getmorefigures.php?uid=PMC4127212&req=5

fig5: Framework for implementation.
Mentions: Our system is under Windows based on C/S model, and the framework for implementation is shown in Figure 5. The server side consisted of the content server and policy server and the client side includes user interface and creator interface. The server side consists of user's requirement analysis module, verification module, action obtaining module, permission assignment module, and the other universal modules like cryptography and data transforming modules. The user's requirement analysis module could analyze the data packages form the users and divide them into the data stream for document creating, policy creating, or data accessing. The verification module will verify the integrity and the random number by calling the cryptography module. The action obtaining module will get the user's role, temporal state, and environmental state together to generate the action. The user's role is obtained according to sid. The temporal state from the time server and the environmental state includes the network, physical location, platform, or the software. In our system, we take the network and software for experiment, and we will improve the other factors in the future. The network information is obtained from the user's data packages and the software information is initialized at the beginning. The client will send the Hash of the client software to server when accessing the resource. The permission assignment module makes the decision according to the policy data base. The format of this data base is (sid, oid, at, ts, es, perDes.xml). Besides, the common modules like data based managing and storing will not be described here.

Bottom Line: Finally, we give the implementation of our mechanism and make the comparisons between the existing methods and our mechanism.The result shows that our mechanism could provide the better solution of fine-grained access control for structured documents in complicated networks.Moreover, it is more flexible and practical.

View Article: PubMed Central - PubMed

Affiliation: State Key Laboratory of Integrated Services Network, Xidian University, Xi'an 710071, China.

ABSTRACT
This paper presents an action-based fine-grained access control mechanism for structured documents. Firstly, we define a describing model for structured documents and analyze the application scenarios. The describing model could support the permission management on chapters, pages, sections, words, and pictures of structured documents. Secondly, based on the action-based access control (ABAC) model, we propose a fine-grained control protocol for structured documents by introducing temporal state and environmental state. The protocol covering different stages from document creation, to permission specification and usage control are given by using the Z-notation. Finally, we give the implementation of our mechanism and make the comparisons between the existing methods and our mechanism. The result shows that our mechanism could provide the better solution of fine-grained access control for structured documents in complicated networks. Moreover, it is more flexible and practical.

Show MeSH