电子政务系统中基于组织的访问控制模型研究
|
摘要
随着电子政务的推进和信息技术的飞速发展,网络范围不断扩大,政务信息系统正在由单一的、小规模的系统向大型、多应用、分布式、集群化的复杂系统发展,系统的复杂度越来越高。在这些系统的建设与集成过程中,授权管理很大程度上决定了资源的分配模式、业务的逻辑关系以及系统集成方式。因此,如何高效、严谨、实用地进行授权管理是信息系统建设与整合的关键,也是目前国内外研究的热点问题。
现有的安全认证与授权体系基本是从技术的角度看待安全问题,并给出相应的技术解决方案,缺乏从管理视角,采用以人为本、以组织为核心的思想理念,缺乏对业务系统特别是复杂政务业务的深入研究,授权过程复杂、管理困难、管理工作量大;又由于缺乏与业务系统分离的组织与授权管理系统的支持,因此无法实现不同组织、不同业务系统的安全认证和业务协同等。这些问题严重制约了我国电子政务发展的进程。
近些年来,基于角色的访问控制(RBAC)受到了广泛关注。在该模型中,基于操作定义相应的角色,权限被赋予角色,通过将角色赋给用户,使得用户具有了访问相关资源的权限。这种用户与权限之间的间接关联大大减少了用户权限的管理工作。但是,当系统的角色与权限数目非常大时,基于RBAC模型的系统的性能会显著降低,同时其管理复杂度会显著增加。产生上述问题的原因是由于RBAC模型对于含有大量角色与权限的系统不具有很好的适应性,而且RBAC模型只适用于针对单一组织机构的系统。如果将RBAC模型简单地应用到包含大量组织机构的系统中时,不同组织中的私有或局部变量会导致产生大量的角色与权限。
为解决复杂政务信息系统的组织与访问控制问题,本文提出了基于组织的四层访问控制模型(Organization Based 4 Level Access Control,OB4LAC)。该模型基于以人为本、以管理为主线、以组织为核心的基本思想,从组织、社会和管理视角研究复杂政务信息系统的访问控制与授权管理等问题;可有效解决RBAC模型的管理复杂度随系统角色、权限数目增加而显著增加等问题;能够更加高效和符合管理科学规范地进行授权管理,具有很好的管理、业务和技术相容性;能够把认证、授权、审计等信息安全技术与组织管理紧密融合,为政府机构多级、多部门、多系统之间的协同提供安全基础。
论文探讨了OB4LAC模型的表达能力,并通过论证任意OB4LAC模型可由某一RBAC模型进行模拟,以及任意RBAC模型可由某一OB4LAC模型进行模拟,表明OB4LAC模型与RBAC模型具有相同的表达能力。
提出了AOB4LAC模型,用于管理OB4LAC模型中用户、岗位、角色和权限之间的各种指派关系及岗位、角色的层次关系等。该模型包含5个子模型,即UROA子模型(用于管理用户到角色、岗位对的指派关系)、PRA子模型(用于管理权限到角色的指派关系)、RRA子模型(用于管理角色及角色层次关系)、OOA子模型(用于管理岗位及岗位层次关系)以及ROA子模型(用于管理角色及岗位之间的关联关系)。AOB4LAC模型很好地实现了基于OB4LAC模型系统的分布式访问控制与授权管理。给出了OB4LAC模型中基于业务应用系统的角色集合划分方法。AOB4LAC模型对于涉及多个组织机构的、基于OB4LAC模型的系统,具有很好的管理适应性。
提出了面向组织协作的OB4LAC~C(Cooperation Oriented OB4LAC)模型。通过给出基于OB4LAC~C的组织间安全协作模式,探讨了OB4LAC~C模型在组织间安全协作中的应用,解决了在组织安全协作过程中产生的诸如权限放大、角色名与权限名冲突、权限冲突等问题。
探讨了电子政务系统中基于组织的四层访问控制模型的系统实现,包括组织与访问控制系统的体系结构,组织与人员管理功能、资源与角色管理功能以及分布授权管理及鉴权功能的设计,并以一个实际的应用系统论证了基于组织的四层访问控制模型的科学性与可行性。
With the progression of e-government, the rapid development of information technology and the continued expansion of the network scope, the government affair information system develops from single and small scale system to large scale, multi-application, distributed, cluster, complex system, and the system complexity becomes higher and higher. In the process of these systematic construction and integration, the authority management largely determines resource assignment pattern, business logical relation and system integration style. Therefore, how to manage authority efficiently, rigorously and practically is the key of system construction and integration, and at present it also is very important issue at home and abroad.
Now the security certification and authority system approaches security problems from the standpoint of technology, gives out the corresponding technical solutions, be short of thoughts and ideas which focus on the people, centers in organization from the visual angle of management, be short of deeper research business system especially complex government system whose procedure is complex and management id difficult and management workload is large. The security certification and business collaboration can't be implement among the different organization and different business system, without the support of organization and authority management system which removed from business system. These problems above have restricted the development process of our country e-government.
During recent years the role-based access control (RBAC) have attracted considerable interests. In RBAC, roles are defined based on operation, permissions are associated with roles, and assigning roles to users makes user access related resources, this indirect association between users and permissions greatly simplifies user permission management. But when the number of roles and permissions is very great, the RBAC performance may degrade and its management becomes complex. The reason for causing above problems is that the RBAC does not adapt to the number of roles and permissions. Directly applying RBAC to applications involving a large number of organizations can result in a large number of roles and permissions due to local variations and privacy concerns.
To solve complex government information organization and access control problem, this paper proposes the model of Organization-Based 4 Level Access Control (OB4LAC). OB4LAC focuses on the people, bases on management, centers in organization, researches complex government information organization and access control problem from the visual angle of organization, society and management. It can solve the problem of management complexity in RBAC increasing tremendously with role and permission number increasing. It can manage authority effectively according with management science, with consistency of management, business and technology. It can combine information security techniques of certification, authority and audit with organization management, providing security basics for collaboration among multi-level, multi-department, multi-system government.
The expressive power of OB4LAC are discussed by showing that any given OB4LAC model can be modeled by a RBAC model and vice versa, it is proved that the expressive power of OB4LAC is equal to that of traditional RBAC.
AOB4LAC is proposed, it is used to manage assignment relations among users, posts, roles, permissions and hierarchies between posts and roles. It has five sub-models, UROA (used to manage assignment relations from users to role, posts), PRA (used to manage assignment relations from permissions to role), RRA (used to manage hierarchies among roles), OOA (used to manage hierarchies among posts) and ROA (used to manage assignment relations between role and posts). The AOB4LAC model achieves distributed access control and authority management of the OB4LAC-based system. It discusses the roles segments method of business-based application system in OB4LAC. It has management adaptability for the multi-organization and OB4LAC-based systems.
A cooperation-oriented OB4LAC (OB4LAC~C) is presented. The usefulness of OB4LAC~C is demonstrated in secure collaboration via an OB4LAC~C based secure collaboration schema which avoids many problems resulted from role-mapping, role-translation, or role exporting.
The implementation of OB4LAC of e-government systems is discussed in respect of the architecture of organization and access control system, function design of organization and personnel management, resources and role management and distributed authorization management. Then the scientificity and feasibility of OB4LAC are proved by a practical application system.
现有的安全认证与授权体系基本是从技术的角度看待安全问题,并给出相应的技术解决方案,缺乏从管理视角,采用以人为本、以组织为核心的思想理念,缺乏对业务系统特别是复杂政务业务的深入研究,授权过程复杂、管理困难、管理工作量大;又由于缺乏与业务系统分离的组织与授权管理系统的支持,因此无法实现不同组织、不同业务系统的安全认证和业务协同等。这些问题严重制约了我国电子政务发展的进程。
近些年来,基于角色的访问控制(RBAC)受到了广泛关注。在该模型中,基于操作定义相应的角色,权限被赋予角色,通过将角色赋给用户,使得用户具有了访问相关资源的权限。这种用户与权限之间的间接关联大大减少了用户权限的管理工作。但是,当系统的角色与权限数目非常大时,基于RBAC模型的系统的性能会显著降低,同时其管理复杂度会显著增加。产生上述问题的原因是由于RBAC模型对于含有大量角色与权限的系统不具有很好的适应性,而且RBAC模型只适用于针对单一组织机构的系统。如果将RBAC模型简单地应用到包含大量组织机构的系统中时,不同组织中的私有或局部变量会导致产生大量的角色与权限。
为解决复杂政务信息系统的组织与访问控制问题,本文提出了基于组织的四层访问控制模型(Organization Based 4 Level Access Control,OB4LAC)。该模型基于以人为本、以管理为主线、以组织为核心的基本思想,从组织、社会和管理视角研究复杂政务信息系统的访问控制与授权管理等问题;可有效解决RBAC模型的管理复杂度随系统角色、权限数目增加而显著增加等问题;能够更加高效和符合管理科学规范地进行授权管理,具有很好的管理、业务和技术相容性;能够把认证、授权、审计等信息安全技术与组织管理紧密融合,为政府机构多级、多部门、多系统之间的协同提供安全基础。
论文探讨了OB4LAC模型的表达能力,并通过论证任意OB4LAC模型可由某一RBAC模型进行模拟,以及任意RBAC模型可由某一OB4LAC模型进行模拟,表明OB4LAC模型与RBAC模型具有相同的表达能力。
提出了AOB4LAC模型,用于管理OB4LAC模型中用户、岗位、角色和权限之间的各种指派关系及岗位、角色的层次关系等。该模型包含5个子模型,即UROA子模型(用于管理用户到角色、岗位对的指派关系)、PRA子模型(用于管理权限到角色的指派关系)、RRA子模型(用于管理角色及角色层次关系)、OOA子模型(用于管理岗位及岗位层次关系)以及ROA子模型(用于管理角色及岗位之间的关联关系)。AOB4LAC模型很好地实现了基于OB4LAC模型系统的分布式访问控制与授权管理。给出了OB4LAC模型中基于业务应用系统的角色集合划分方法。AOB4LAC模型对于涉及多个组织机构的、基于OB4LAC模型的系统,具有很好的管理适应性。
提出了面向组织协作的OB4LAC~C(Cooperation Oriented OB4LAC)模型。通过给出基于OB4LAC~C的组织间安全协作模式,探讨了OB4LAC~C模型在组织间安全协作中的应用,解决了在组织安全协作过程中产生的诸如权限放大、角色名与权限名冲突、权限冲突等问题。
探讨了电子政务系统中基于组织的四层访问控制模型的系统实现,包括组织与访问控制系统的体系结构,组织与人员管理功能、资源与角色管理功能以及分布授权管理及鉴权功能的设计,并以一个实际的应用系统论证了基于组织的四层访问控制模型的科学性与可行性。
With the progression of e-government, the rapid development of information technology and the continued expansion of the network scope, the government affair information system develops from single and small scale system to large scale, multi-application, distributed, cluster, complex system, and the system complexity becomes higher and higher. In the process of these systematic construction and integration, the authority management largely determines resource assignment pattern, business logical relation and system integration style. Therefore, how to manage authority efficiently, rigorously and practically is the key of system construction and integration, and at present it also is very important issue at home and abroad.
Now the security certification and authority system approaches security problems from the standpoint of technology, gives out the corresponding technical solutions, be short of thoughts and ideas which focus on the people, centers in organization from the visual angle of management, be short of deeper research business system especially complex government system whose procedure is complex and management id difficult and management workload is large. The security certification and business collaboration can't be implement among the different organization and different business system, without the support of organization and authority management system which removed from business system. These problems above have restricted the development process of our country e-government.
During recent years the role-based access control (RBAC) have attracted considerable interests. In RBAC, roles are defined based on operation, permissions are associated with roles, and assigning roles to users makes user access related resources, this indirect association between users and permissions greatly simplifies user permission management. But when the number of roles and permissions is very great, the RBAC performance may degrade and its management becomes complex. The reason for causing above problems is that the RBAC does not adapt to the number of roles and permissions. Directly applying RBAC to applications involving a large number of organizations can result in a large number of roles and permissions due to local variations and privacy concerns.
To solve complex government information organization and access control problem, this paper proposes the model of Organization-Based 4 Level Access Control (OB4LAC). OB4LAC focuses on the people, bases on management, centers in organization, researches complex government information organization and access control problem from the visual angle of organization, society and management. It can solve the problem of management complexity in RBAC increasing tremendously with role and permission number increasing. It can manage authority effectively according with management science, with consistency of management, business and technology. It can combine information security techniques of certification, authority and audit with organization management, providing security basics for collaboration among multi-level, multi-department, multi-system government.
The expressive power of OB4LAC are discussed by showing that any given OB4LAC model can be modeled by a RBAC model and vice versa, it is proved that the expressive power of OB4LAC is equal to that of traditional RBAC.
AOB4LAC is proposed, it is used to manage assignment relations among users, posts, roles, permissions and hierarchies between posts and roles. It has five sub-models, UROA (used to manage assignment relations from users to role, posts), PRA (used to manage assignment relations from permissions to role), RRA (used to manage hierarchies among roles), OOA (used to manage hierarchies among posts) and ROA (used to manage assignment relations between role and posts). The AOB4LAC model achieves distributed access control and authority management of the OB4LAC-based system. It discusses the roles segments method of business-based application system in OB4LAC. It has management adaptability for the multi-organization and OB4LAC-based systems.
A cooperation-oriented OB4LAC (OB4LAC~C) is presented. The usefulness of OB4LAC~C is demonstrated in secure collaboration via an OB4LAC~C based secure collaboration schema which avoids many problems resulted from role-mapping, role-translation, or role exporting.
The implementation of OB4LAC of e-government systems is discussed in respect of the architecture of organization and access control system, function design of organization and personnel management, resources and role management and distributed authorization management. Then the scientificity and feasibility of OB4LAC are proved by a practical application system.
引文
[1]李桃,王浣尘.电子政务系统研究(1) 发展与研究现状.系统工程理论方法应用,2003,12(1):1-6.
[2]李宝玲.全球电子政务发展的现状、特点与未来.管理现代化,2005(3):62-64.
[3]陈波,王浣尘.电子政务建设与政府治理变革.国家行政学院学报,2002,4:23-25.
[4]张敏聪.电子政务与政府行政管理变革.决策借鉴,2002,25(4):54-56.
[5]申斌.推行电子政务革新行政方式.昆明大学学报(综合版),2002(2):33-36.
[6]李大珊.电子政务与政府管理变革.技术经济与管理研究,2003(2):101-102.
[7]寿志勤,靳鹏,杨皖苏,许君.中国电子政务发展综述.预测,2002,21(6):10-13.
[8]RTI International,The economic impact of role-based access control,March 2002,http://www.nist.gov/director/prog-ofc/report02-1.pdf.
[9]吴一民,王玲亚.扩展角色与权限的RBAC访问控制模型.计算机应用与软件,2008,25(3):192-194.
[10]王振江,刘强.基于RBAC的扩展访问控制模型.计算机工程与应用,2005,35:23-25.
[11]邢光林,洪帆.一个基于RBAC的工作流授权模型.小型微型计算机系统,2005,26(3):544-547.
[12]廖振松,金海,李赤松.分布式环境下基于属性证书的RBAC模型.华中科技大学学报(自然科学版),2006,34(2):64-66.
[13]Sandhu R,Ferraiolo D,Kuhn R.The NIST model for role-based access control:Towards a unified standard.National Institute of Standards and Technology,December 2000,http://csrc.nist.gov/rbac/sandhu-ferraiolo-kuhn-00.pdf.
[14]F.Cuppens,P.Balbiani,S.Benferhat,Y.Deswarte,A.Abou E1Kalam,R.Elbaida,A.Mige,C.Saurel,G.Trouessin.Organization based access control[C].Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks,2003:120-130.
[15]J.Crampton,G.Loizou.Administrative scope:a foundation for role-based administrative models[J].ACM Transactions on Information and System Security(TISSEC),2003,6:201-231.
[16]S.Du,and J.B.D.Joshi,Supporting Authorization Query and Inter-domain Role Mapping in Presence of Hybrid Role Hierarchy[C].The 11th ACM Symposium on Access Control Models and Technologies,USA,June 2006.
[17]廖俊国等.基于信任度的授权委托模型[J].计算机学报,2006,29(8):1265-1270
[18]李帆,郑纬民.基于角色与组织的访问控制模型[J]计算机工程与设计,2005,8(26):2136-2140
[19]孙波,赵庆松,孙玉芳.TRDM-具有时限的基于角色的转授权模型[J].计算机研究与发展,2004,41(7):1104-1109
[20]夏鲁宁,荆继武.一种基于层次命名空间的RBAC管理模型[J].计算机研究与发展2007,4(12):2020-2027
[21]Sandhu R.Role-Based Access Control Models[J].IEEE Computer,1996(2):38-47
[22]Sandhu R,Bhamidipati V,Munawer Q.The ARBAC97 Model for Role-Based Administration of Roles[J].ACM Transaction on Information and System,1999(2):105-135
[23]Nyanchama M,Osborn S.The role graph model and conflict of interest.ACM Transactions on Information and System Security,1999,2(1):3-33
[24]F.Cuppens and A.Mige,"Modeling contexts in the or-BAC model," in Proceedings of the 19th Applied Computer Security Associates Conference,2003:416-427.
[25]F.Cuppens and A.Mige,"Administration model for.or-BAC," in Workshop on Metadata for Security,International Federated Conference,2003:754-768.
[26]S.Oh,Master integrity principle for effective management of role hierarchy[J].Journal of Korea Information Processing Society,Vol.12-C,2005:981-988.
[27]SEJONG OH,CHANGWOO BYUN,SEOGPARK.An Organizational Structure-Based Administration Model for Decentralized Access Control[J].Journal of Information Science and Engineering,2006,22:1465-1483
[28]Beznosov K.Engineering Access Control for Distributed Enterprise Application:[dissertation].Miami,Florida:Florida International University,2000.
[29]Sandhu R S.Role hierarchies and constraints for lattice-based access control.Proc Fourth European Symposium on Research in Computer Security,Rome,Italy,1996:25-27.
[30]Schell R R.Security Kernels:A Methodical Design of System Security.In Technical Papers,USE Inc.Spring Conference,1979,3:245-250.
[31]Denning D E.Secure Information Flow in Computer Systems:[dissertation].Purdue Univ.,West Lafayette,Ind.,1975,5.
[32]Anderson J P.Computer Security Technology Planning Study.ESD-TR-73-51,vol.1,ESD/AFSC,Hanscom AFB,Bedford,Mass.,1972,10(NTIS AD-758206).
[33]Lampson B W.Protection.In 5~(th) Princton Symposium on Information Science and Systems,1971:437-443.Reprinted in ACM Operating Systems Review,1974,8(I):18-24.
[34]Graham G S,Denning P J.Protection-Principles and Practice.In AFIPS Spring joint Computer Conference,1972,40:417-429.
[35]Harrison M H,Ruzzo W L,Ullman J D.Protection in operating system.Communications of the ACM,1976,19(8):461-471.
[36]Lipton R J,Snyder L.A linear time algorithm for deciding subject security.Journal of the ACM,1977,24(3):455-464.
[37]Lockman A,Minsky N.Unidirectional transport of rights and take-grant control.IEEE Transactions on Software Engineering,1982,8(6):597-604.
[38]Bishop M.Theft of information in the take-grant protection model.In Proceeding of IEEE Computer Security Foundations Workshop,Franconia,NH,1988,6:194-218.
[39]Sandhu R S.The schematic protection model:Its definition and analysis for acyclic attenuating schemes.Journal of the ACM,1988,35(2):404-432.
[40]Ammann P E,Lipton R J,Sandhu R S.The expressive power of multi-parent creation in monotonic access control models.In Proceedings of IEEE Computer Security Foundations Workshop,Franconia,NH,1992,6:148-156.
[41]Ammann P E,Sandhu R S.The extended schematic protection model.The Journal of Computer Security,1992,1(3&4):335-384.
[42]Sandhu R S.Expressive power of the schematic protection model.The Journal of Computer Security,1992,1(1):59-98.
[43]Sandhu R S.The typed access matrix model.In Proceedings of IEEE Symposium on Research in Security and Privacy,Oakland,CA,1992,5:122-136.
[44]Ammann P E,Sandhu R S.Implementing transaction control expressions by checking for absence of access rights.In Proceedings of 8~(th) Annual Computer Security Application Conference,San Antonio,TX,1992,12:131-140.
[45]Sandhu R S,Suri G.Non-monotonic transformations of access rights.In Proceedings of IEEE Symposium on Research in Security and Privacy,Oakland,CA,1992,5:148-161.
[46]Sandhu R S,Ganta S.On testing for absence of rights in access control model.In Proceedings of IEEE Computer Security Foundations Workshop,Franconia,NH,1993,6:109-118.
[47]Munawer Q.Administrative models for role-based access control.A dissertation submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy at George Mason University,2000.
[48]Ferraiolo D F,Sandhu R S,Gavrila S,et al.Proposed NIST standard for role-based access control.ACM Transactions on Information and System Security,2001,4(3):224-274.
[49]陈旺,李中学,张茂军.角色访问控制和强制访问控制的统一模型研究.小型微型计算机系统,2008,29(3):422-427.
[50]Sandhu R S,Coyne E J,Feinstein H L,et al.Role-based access control models.IEEE Computer,1996,29(2):38-47.
[51]Osborn S,Sandhu R S,Munawer Q.Configuring role-based access to enforce mandatory and discretionary access control policies.ACM Transactions on Information and System Security,2000,3(2):85-106.
[52]Sandhu R S,Bhamidipati V,Munawer Q.Engineering authority and trust in Cyberspace:The OM-AM and RBAC way.Proceeding on 5th ACM Workshop on RBAC,2000,6:111-119.
[53]Sandhu R,Bhamidipati V,Munawer Q.The APBAC97 model for role-based administration of roles.ACM Transactions on Information and Systems Security,1999,2.
[54]Giuri L,Iglio P.Role templates for content-based access control.Proceedings of Second ACM Workshop on Role-Based Access Control,1997,11.
[55]Thomas R K.Team-based access control(TMAC):A primitive for applying role-based access controls in collaborative environments.Proceedings of the Second ACM workshop on Rolebased Access Control,Fairfax,VA,USA,1997.
[56]Perwaiz N,Sommerville I.Structured management of role-permission relationships.SACMAT' 01,Chantilly,Vriginia,USA,2001,5.
[57]Sandhu R,Park J S.Decentralized user-role assignment for Web-based intranets.Proceedings of the third ACM workshop on Rolebased access control,Fairfax,Virginia,United States,1998,10:I-12.
[58]Park J S,Costello K P,Neven T M,et al.A composite RBAC approach for large,complex organizations.SACMAT'04,Yorktown Heights,New York,USA,2004,6.
[59]李成锴,詹永照,茅兵.基于角色的CSCW系统访问控制模型.软件学报,2000,11(7):931-937.
[60]段海新,吴建平.计算机网络的一种实体安全体系结构.计算机学报,2001,24(8):853-859.
[61]乔颖,须德,戴国忠.一种基于角色访问控制(RBAC)的新模型及其实现机制.计算机研究与发展,1999,37(1):37-44.
[62]刘琼波,施军,尤晋元.分布式环境下的访问控制.计算机研究与发展,2001,38(6):735-740.
[63]李立新,陈伟民,黄尚廉.强制访问控制在基于角色的安全系统中的实现.软件学报,2000,11(10):1320-1324.
[64]尹建伟,陈刚,董金祥.一个通用PDM安全管理模型及实现.计算机辅助设计与图形学学报,2001,13(11):971-976.
[65]尹建伟.基于web架构智能分布式柔性工作流管理系统-WideFlow研究及实现,浙江大学博士论文,2001.
[66]查义国,徐小岩,张毓森.在Web上实现基于角色的访问控制.计算机研究与发展,2002,39(3):257-263.
[67]冷健.安全管理和安全策略研究与设计:(博士学位论文).长沙:湖南大学,2006.
[68]蔡准.网格计算系统中的安全体系研究:(博士学位论文).济南:山东大学,2006.
[69]张翼.信息和系统安全管理策略工程研究:(博士学位论文).上海:上海交通大学,2006.
[70]段素娟,洪帆,骆婷.多域应用安全互操作的授权模型.华中科技大学学报(自然科学版),2003,31(11):4-6.
[71]唐寅.基于授权的主动网络安全防护技术研究:(博士学位论文).成都:电子科技大学,2003.
[72]刘海峰.安全操作系统若干关键技术的研究:(博士学位论文).北京:中国科学院软件研究所,2002.
[73]余杰,李舟军,陈火旺.自由访问控制的安全性:研究综述.计算机科学,2007,34(8):275-277.
[74]Gal A,Atluri V.An authorization model for temporal data.Proceeding of the 7~(th) ACM Conference on Computer and Communication Cecurity,2000,144-153.
[75]Olivier M S,Van de Riet R P,Gudes E.Specifying application-level security in workflow systems.DEXA Workshop 1998:346-351.
[76]Thomas R K,Sandhu R S.Task-based authorization controls(TBAC):A family of models for active and enterprise-oriented authorization management.Proceeding of the IFIP WG11.3 Workshop on Database Security,Lake Tahoe,California,1997,8:11-13.
[77]Wilikens M,Feriti S,Sanna A,et al.A context-related authorization and access control method based on RBAC.Seventh ACM Symposium on Access Control Models and Technologies,2002,117-124.
[78]Tidswell J E,Jaeger Z.Integrated constraints and inheritance in DTAC.Proceedings of the 5~(th) ACM Workshop on Role-based Access Control,2000.
[79]Atluri V,Chun S A,Mazzoleni P.A Chinese wall security model for decentralized workflow systems.Proceeding of 8~(th) ACM Conference on Computer and Communications Security,2001,48-57.
[80]滕猛.分布对象中间件安全关键技术研究:(博士学位论文).长沙:国防科技大学,2003.
[81]王怀伯.动态联盟中的信息安全关键技术及实现研究:(博士学位论文).上海:上海交通大学,1999.
[82]王永春,唐志平,唐乙秋.在分布式环境下基于P,BAC域间安全访问控制策略.湖南科技学院学报,2005,26(5):162-164.
[83]丁胜,王思鹏,王晓峰.动态安全模型中基于代理的访问控制.计算机工程,2008,34(8):193-195.
[84]张德银,刘连忠.多安全域下访问控制模型研究.计算机应用,2008,28(3):633-636.
[85]汪伦伟.安全操作系统中基于可信度的认证和访问控制技术研究:(博士学位论文).长沙:国防科技大学,2005.
[86]张亮.网格安全中信任关系以及访问控制的研究:(硕士学位论文).合肥:合肥工业大学,2007.
[87]陈怡,耿国华,李喆.动态访问控制技术的研究与应用.计算机技术与发展,2006,16(2):223-225.
[88]刘晓妮.多域访问控制模型研究研究:(硕士学位论文).济南:山东大学,2007.
[89]梁策,肖田元,张林筵.分布式服务共享的访问控制技术.计算机集成制造系统,2007,13(3):527-532.
[90]徐锋,吕建.Web安全中的信任管理研究与进展.软件学报,2002,13(11):2057-2064.
[91]陈波,王浣尘.电子政务系统经络模式.科技与管理,2002,3:124-126.
[92]黄如芬.电子政务建设中的有关技术问题探讨.漳州师范学院学报(自然科学版),2003,16(1):39-41.
[93]闵惜琳.发展电子政务系统工程.系统工程,2002,20(5):1-5.
[94]孙健,马均培,陈光伟.分布式信息共享平台框架体系和关键技术研究.计算机集成制造系统,2004,10(8):991-996.
[95]王一冰.政府办公自动化系统开发平台的设计与实现:(硕士学位论文).大连:大连理工大学,2005.
[96]张苏,李培峰,杨秀文等.面向Web应用集成的统一授权平台的设计与实现.计算机工程与设计,2006,27(8):1369-1371.
[97]张英朝,张维明,肖卫东等.基于网格技术的电子政务平台体系结构.计算机应用,2002,22(12):28-30.
[98]戚鲁.电子政务环境下政府组织管理研究与实践:(博士学位论文).南京:南京理工大学,2004.
[99]张辉.组织结构、行政权力与利益关系研究--县级行政决策的实证研究:(博士学位论文).上海:复旦大学,2005.
[100]赵国强.组织中权力及授权的资源配置理论.现代管理科学,2009,9:51-53.
[101]韩平.行政组织内部冲突的和谐管理:(硕士学位论文).苏州:苏州大学,2006.
[102]黄福玉.面向组织记忆的岗位知识管理系统研究:(博士学位论文).哈尔滨:哈尔滨工业大学,2007.
[103]Zhang,Haizheng,Lesser,Victor.Forming and searching content-based hierarchical agent clusters in distributed information retrieval systems.Web Intelligence and Agent Systems,v 4,n 4,p 353-370,2006
[104]刘家真.电子文件管理理论与实践.北京:科学出版社,2003.
[105]拉塞尔·M·休登.无缝隙政府:公共部门再造指南.北京:中国人民大学出版社,2002.
[106]B·盖伊·彼得斯.政府未来的治理模式.北京:中国人民大学出版社,2001.
[107]Kushtina,Emma,Zaikin,Oleg,R6zewski,Przemysaw,Maachowski,Bartomiej.Cost estimation algorithm and decision-making model for curriculum modification in educational organization.European Journal of Operational Research,v 197,n 2,p 752-763,September 1,2009
[108]Price,Colin,Roxburgh,Charles,Turnbull,David.Strategizing and Organizing for Performance and Health.Long Range Planning,v 39,n 6,p 649-662,December 2006.
[109]姚国章.电子政务基础用与应用.北京:北京大学出版社,2003.
[110]Gavrila S,Barkley J.Formal specification for RBAC user/role and role/role relationship management.Proceedings of 3~(nd) ACM Workshop on Role-Based Access Control,Fairfax,VA,1998,10.
[111]Nyanchama M,Osborn S.The role graph model and conflict of interest.ACM Transactions on Information and System Security,1999,2(1):3-33.
[112]Crampton J,Loizou G.Administrative scope:A foundation for role-based administrative models.ACM Transactions on Information and System Security,2003,6(2):201-231.
[113] Oh S, Sandhu R, Zhang X. An effective role administration model using organization structure. ACM Transactions on Information and System Security, 2006, 9(2):113-137.
[114] Bhatti R, Joshi J, Bertino E, et al. Role administration: X-GTRBAC admin: a decentralized administration model for enterprise wide access control. Proceedings of the 9~(th) ACM symposium on Access control models and technologies, 2004.
[115] Gong L, Qian X. Computational issues in secure interoperation. IEEE Transactions on Software and Engineering, 1996,22(1):43-52.
[116] Kapadia A, AI-Muhtdai J, Campbell R, et al. IRBAC 2000: Secure interoperability using dynamic role translation. In Technical Report: UIUCDCSR- 2000-2162, 2000.
[117] Joshi J,Bhatti R, Bertino E, et al. Access control language for multi-domain environments. IEEE Internet Computing, 2004,11-12:40-50.
[118] Piromruen S , Joshi J. An RBAC framework for time constrained secure interoperation in multi-domain environments. In Proceedings of 10~(th) IEEE International Workshop on Object-Oriented Real-Time Dependable Systems(WORDS' 05), 2005:36-48.
[119] Shafiq B, Joshi J, Bertino E, et al. Secure interoperation in a multi-domain environment employing RBAC policies. IEEE Transactions on Knowledge and Date Engineering, 2005,17(11):1557-1577.
[120] Tolone W, Ann G J, Pai T, et al. Access control in collaborative systems. ACM Computing Surveys, 2005, 37(1):29-41.
[121] Li Q, Zhang X, Qing S, et al. Supporting ad-hoc collaboration with group-based RBAC model. CollaborateCom-2006, Atlanta, Georgia, USA, 2006,11.
[122] Balfanz D, Durfee G, Smetters D K, et al. In search of usable security: five lessons from the field. Security & Privacy Magazine. 2004,5(2):19-24.
[2]李宝玲.全球电子政务发展的现状、特点与未来.管理现代化,2005(3):62-64.
[3]陈波,王浣尘.电子政务建设与政府治理变革.国家行政学院学报,2002,4:23-25.
[4]张敏聪.电子政务与政府行政管理变革.决策借鉴,2002,25(4):54-56.
[5]申斌.推行电子政务革新行政方式.昆明大学学报(综合版),2002(2):33-36.
[6]李大珊.电子政务与政府管理变革.技术经济与管理研究,2003(2):101-102.
[7]寿志勤,靳鹏,杨皖苏,许君.中国电子政务发展综述.预测,2002,21(6):10-13.
[8]RTI International,The economic impact of role-based access control,March 2002,http://www.nist.gov/director/prog-ofc/report02-1.pdf.
[9]吴一民,王玲亚.扩展角色与权限的RBAC访问控制模型.计算机应用与软件,2008,25(3):192-194.
[10]王振江,刘强.基于RBAC的扩展访问控制模型.计算机工程与应用,2005,35:23-25.
[11]邢光林,洪帆.一个基于RBAC的工作流授权模型.小型微型计算机系统,2005,26(3):544-547.
[12]廖振松,金海,李赤松.分布式环境下基于属性证书的RBAC模型.华中科技大学学报(自然科学版),2006,34(2):64-66.
[13]Sandhu R,Ferraiolo D,Kuhn R.The NIST model for role-based access control:Towards a unified standard.National Institute of Standards and Technology,December 2000,http://csrc.nist.gov/rbac/sandhu-ferraiolo-kuhn-00.pdf.
[14]F.Cuppens,P.Balbiani,S.Benferhat,Y.Deswarte,A.Abou E1Kalam,R.Elbaida,A.Mige,C.Saurel,G.Trouessin.Organization based access control[C].Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks,2003:120-130.
[15]J.Crampton,G.Loizou.Administrative scope:a foundation for role-based administrative models[J].ACM Transactions on Information and System Security(TISSEC),2003,6:201-231.
[16]S.Du,and J.B.D.Joshi,Supporting Authorization Query and Inter-domain Role Mapping in Presence of Hybrid Role Hierarchy[C].The 11th ACM Symposium on Access Control Models and Technologies,USA,June 2006.
[17]廖俊国等.基于信任度的授权委托模型[J].计算机学报,2006,29(8):1265-1270
[18]李帆,郑纬民.基于角色与组织的访问控制模型[J]计算机工程与设计,2005,8(26):2136-2140
[19]孙波,赵庆松,孙玉芳.TRDM-具有时限的基于角色的转授权模型[J].计算机研究与发展,2004,41(7):1104-1109
[20]夏鲁宁,荆继武.一种基于层次命名空间的RBAC管理模型[J].计算机研究与发展2007,4(12):2020-2027
[21]Sandhu R.Role-Based Access Control Models[J].IEEE Computer,1996(2):38-47
[22]Sandhu R,Bhamidipati V,Munawer Q.The ARBAC97 Model for Role-Based Administration of Roles[J].ACM Transaction on Information and System,1999(2):105-135
[23]Nyanchama M,Osborn S.The role graph model and conflict of interest.ACM Transactions on Information and System Security,1999,2(1):3-33
[24]F.Cuppens and A.Mige,"Modeling contexts in the or-BAC model," in Proceedings of the 19th Applied Computer Security Associates Conference,2003:416-427.
[25]F.Cuppens and A.Mige,"Administration model for.or-BAC," in Workshop on Metadata for Security,International Federated Conference,2003:754-768.
[26]S.Oh,Master integrity principle for effective management of role hierarchy[J].Journal of Korea Information Processing Society,Vol.12-C,2005:981-988.
[27]SEJONG OH,CHANGWOO BYUN,SEOGPARK.An Organizational Structure-Based Administration Model for Decentralized Access Control[J].Journal of Information Science and Engineering,2006,22:1465-1483
[28]Beznosov K.Engineering Access Control for Distributed Enterprise Application:[dissertation].Miami,Florida:Florida International University,2000.
[29]Sandhu R S.Role hierarchies and constraints for lattice-based access control.Proc Fourth European Symposium on Research in Computer Security,Rome,Italy,1996:25-27.
[30]Schell R R.Security Kernels:A Methodical Design of System Security.In Technical Papers,USE Inc.Spring Conference,1979,3:245-250.
[31]Denning D E.Secure Information Flow in Computer Systems:[dissertation].Purdue Univ.,West Lafayette,Ind.,1975,5.
[32]Anderson J P.Computer Security Technology Planning Study.ESD-TR-73-51,vol.1,ESD/AFSC,Hanscom AFB,Bedford,Mass.,1972,10(NTIS AD-758206).
[33]Lampson B W.Protection.In 5~(th) Princton Symposium on Information Science and Systems,1971:437-443.Reprinted in ACM Operating Systems Review,1974,8(I):18-24.
[34]Graham G S,Denning P J.Protection-Principles and Practice.In AFIPS Spring joint Computer Conference,1972,40:417-429.
[35]Harrison M H,Ruzzo W L,Ullman J D.Protection in operating system.Communications of the ACM,1976,19(8):461-471.
[36]Lipton R J,Snyder L.A linear time algorithm for deciding subject security.Journal of the ACM,1977,24(3):455-464.
[37]Lockman A,Minsky N.Unidirectional transport of rights and take-grant control.IEEE Transactions on Software Engineering,1982,8(6):597-604.
[38]Bishop M.Theft of information in the take-grant protection model.In Proceeding of IEEE Computer Security Foundations Workshop,Franconia,NH,1988,6:194-218.
[39]Sandhu R S.The schematic protection model:Its definition and analysis for acyclic attenuating schemes.Journal of the ACM,1988,35(2):404-432.
[40]Ammann P E,Lipton R J,Sandhu R S.The expressive power of multi-parent creation in monotonic access control models.In Proceedings of IEEE Computer Security Foundations Workshop,Franconia,NH,1992,6:148-156.
[41]Ammann P E,Sandhu R S.The extended schematic protection model.The Journal of Computer Security,1992,1(3&4):335-384.
[42]Sandhu R S.Expressive power of the schematic protection model.The Journal of Computer Security,1992,1(1):59-98.
[43]Sandhu R S.The typed access matrix model.In Proceedings of IEEE Symposium on Research in Security and Privacy,Oakland,CA,1992,5:122-136.
[44]Ammann P E,Sandhu R S.Implementing transaction control expressions by checking for absence of access rights.In Proceedings of 8~(th) Annual Computer Security Application Conference,San Antonio,TX,1992,12:131-140.
[45]Sandhu R S,Suri G.Non-monotonic transformations of access rights.In Proceedings of IEEE Symposium on Research in Security and Privacy,Oakland,CA,1992,5:148-161.
[46]Sandhu R S,Ganta S.On testing for absence of rights in access control model.In Proceedings of IEEE Computer Security Foundations Workshop,Franconia,NH,1993,6:109-118.
[47]Munawer Q.Administrative models for role-based access control.A dissertation submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy at George Mason University,2000.
[48]Ferraiolo D F,Sandhu R S,Gavrila S,et al.Proposed NIST standard for role-based access control.ACM Transactions on Information and System Security,2001,4(3):224-274.
[49]陈旺,李中学,张茂军.角色访问控制和强制访问控制的统一模型研究.小型微型计算机系统,2008,29(3):422-427.
[50]Sandhu R S,Coyne E J,Feinstein H L,et al.Role-based access control models.IEEE Computer,1996,29(2):38-47.
[51]Osborn S,Sandhu R S,Munawer Q.Configuring role-based access to enforce mandatory and discretionary access control policies.ACM Transactions on Information and System Security,2000,3(2):85-106.
[52]Sandhu R S,Bhamidipati V,Munawer Q.Engineering authority and trust in Cyberspace:The OM-AM and RBAC way.Proceeding on 5th ACM Workshop on RBAC,2000,6:111-119.
[53]Sandhu R,Bhamidipati V,Munawer Q.The APBAC97 model for role-based administration of roles.ACM Transactions on Information and Systems Security,1999,2.
[54]Giuri L,Iglio P.Role templates for content-based access control.Proceedings of Second ACM Workshop on Role-Based Access Control,1997,11.
[55]Thomas R K.Team-based access control(TMAC):A primitive for applying role-based access controls in collaborative environments.Proceedings of the Second ACM workshop on Rolebased Access Control,Fairfax,VA,USA,1997.
[56]Perwaiz N,Sommerville I.Structured management of role-permission relationships.SACMAT' 01,Chantilly,Vriginia,USA,2001,5.
[57]Sandhu R,Park J S.Decentralized user-role assignment for Web-based intranets.Proceedings of the third ACM workshop on Rolebased access control,Fairfax,Virginia,United States,1998,10:I-12.
[58]Park J S,Costello K P,Neven T M,et al.A composite RBAC approach for large,complex organizations.SACMAT'04,Yorktown Heights,New York,USA,2004,6.
[59]李成锴,詹永照,茅兵.基于角色的CSCW系统访问控制模型.软件学报,2000,11(7):931-937.
[60]段海新,吴建平.计算机网络的一种实体安全体系结构.计算机学报,2001,24(8):853-859.
[61]乔颖,须德,戴国忠.一种基于角色访问控制(RBAC)的新模型及其实现机制.计算机研究与发展,1999,37(1):37-44.
[62]刘琼波,施军,尤晋元.分布式环境下的访问控制.计算机研究与发展,2001,38(6):735-740.
[63]李立新,陈伟民,黄尚廉.强制访问控制在基于角色的安全系统中的实现.软件学报,2000,11(10):1320-1324.
[64]尹建伟,陈刚,董金祥.一个通用PDM安全管理模型及实现.计算机辅助设计与图形学学报,2001,13(11):971-976.
[65]尹建伟.基于web架构智能分布式柔性工作流管理系统-WideFlow研究及实现,浙江大学博士论文,2001.
[66]查义国,徐小岩,张毓森.在Web上实现基于角色的访问控制.计算机研究与发展,2002,39(3):257-263.
[67]冷健.安全管理和安全策略研究与设计:(博士学位论文).长沙:湖南大学,2006.
[68]蔡准.网格计算系统中的安全体系研究:(博士学位论文).济南:山东大学,2006.
[69]张翼.信息和系统安全管理策略工程研究:(博士学位论文).上海:上海交通大学,2006.
[70]段素娟,洪帆,骆婷.多域应用安全互操作的授权模型.华中科技大学学报(自然科学版),2003,31(11):4-6.
[71]唐寅.基于授权的主动网络安全防护技术研究:(博士学位论文).成都:电子科技大学,2003.
[72]刘海峰.安全操作系统若干关键技术的研究:(博士学位论文).北京:中国科学院软件研究所,2002.
[73]余杰,李舟军,陈火旺.自由访问控制的安全性:研究综述.计算机科学,2007,34(8):275-277.
[74]Gal A,Atluri V.An authorization model for temporal data.Proceeding of the 7~(th) ACM Conference on Computer and Communication Cecurity,2000,144-153.
[75]Olivier M S,Van de Riet R P,Gudes E.Specifying application-level security in workflow systems.DEXA Workshop 1998:346-351.
[76]Thomas R K,Sandhu R S.Task-based authorization controls(TBAC):A family of models for active and enterprise-oriented authorization management.Proceeding of the IFIP WG11.3 Workshop on Database Security,Lake Tahoe,California,1997,8:11-13.
[77]Wilikens M,Feriti S,Sanna A,et al.A context-related authorization and access control method based on RBAC.Seventh ACM Symposium on Access Control Models and Technologies,2002,117-124.
[78]Tidswell J E,Jaeger Z.Integrated constraints and inheritance in DTAC.Proceedings of the 5~(th) ACM Workshop on Role-based Access Control,2000.
[79]Atluri V,Chun S A,Mazzoleni P.A Chinese wall security model for decentralized workflow systems.Proceeding of 8~(th) ACM Conference on Computer and Communications Security,2001,48-57.
[80]滕猛.分布对象中间件安全关键技术研究:(博士学位论文).长沙:国防科技大学,2003.
[81]王怀伯.动态联盟中的信息安全关键技术及实现研究:(博士学位论文).上海:上海交通大学,1999.
[82]王永春,唐志平,唐乙秋.在分布式环境下基于P,BAC域间安全访问控制策略.湖南科技学院学报,2005,26(5):162-164.
[83]丁胜,王思鹏,王晓峰.动态安全模型中基于代理的访问控制.计算机工程,2008,34(8):193-195.
[84]张德银,刘连忠.多安全域下访问控制模型研究.计算机应用,2008,28(3):633-636.
[85]汪伦伟.安全操作系统中基于可信度的认证和访问控制技术研究:(博士学位论文).长沙:国防科技大学,2005.
[86]张亮.网格安全中信任关系以及访问控制的研究:(硕士学位论文).合肥:合肥工业大学,2007.
[87]陈怡,耿国华,李喆.动态访问控制技术的研究与应用.计算机技术与发展,2006,16(2):223-225.
[88]刘晓妮.多域访问控制模型研究研究:(硕士学位论文).济南:山东大学,2007.
[89]梁策,肖田元,张林筵.分布式服务共享的访问控制技术.计算机集成制造系统,2007,13(3):527-532.
[90]徐锋,吕建.Web安全中的信任管理研究与进展.软件学报,2002,13(11):2057-2064.
[91]陈波,王浣尘.电子政务系统经络模式.科技与管理,2002,3:124-126.
[92]黄如芬.电子政务建设中的有关技术问题探讨.漳州师范学院学报(自然科学版),2003,16(1):39-41.
[93]闵惜琳.发展电子政务系统工程.系统工程,2002,20(5):1-5.
[94]孙健,马均培,陈光伟.分布式信息共享平台框架体系和关键技术研究.计算机集成制造系统,2004,10(8):991-996.
[95]王一冰.政府办公自动化系统开发平台的设计与实现:(硕士学位论文).大连:大连理工大学,2005.
[96]张苏,李培峰,杨秀文等.面向Web应用集成的统一授权平台的设计与实现.计算机工程与设计,2006,27(8):1369-1371.
[97]张英朝,张维明,肖卫东等.基于网格技术的电子政务平台体系结构.计算机应用,2002,22(12):28-30.
[98]戚鲁.电子政务环境下政府组织管理研究与实践:(博士学位论文).南京:南京理工大学,2004.
[99]张辉.组织结构、行政权力与利益关系研究--县级行政决策的实证研究:(博士学位论文).上海:复旦大学,2005.
[100]赵国强.组织中权力及授权的资源配置理论.现代管理科学,2009,9:51-53.
[101]韩平.行政组织内部冲突的和谐管理:(硕士学位论文).苏州:苏州大学,2006.
[102]黄福玉.面向组织记忆的岗位知识管理系统研究:(博士学位论文).哈尔滨:哈尔滨工业大学,2007.
[103]Zhang,Haizheng,Lesser,Victor.Forming and searching content-based hierarchical agent clusters in distributed information retrieval systems.Web Intelligence and Agent Systems,v 4,n 4,p 353-370,2006
[104]刘家真.电子文件管理理论与实践.北京:科学出版社,2003.
[105]拉塞尔·M·休登.无缝隙政府:公共部门再造指南.北京:中国人民大学出版社,2002.
[106]B·盖伊·彼得斯.政府未来的治理模式.北京:中国人民大学出版社,2001.
[107]Kushtina,Emma,Zaikin,Oleg,R6zewski,Przemysaw,Maachowski,Bartomiej.Cost estimation algorithm and decision-making model for curriculum modification in educational organization.European Journal of Operational Research,v 197,n 2,p 752-763,September 1,2009
[108]Price,Colin,Roxburgh,Charles,Turnbull,David.Strategizing and Organizing for Performance and Health.Long Range Planning,v 39,n 6,p 649-662,December 2006.
[109]姚国章.电子政务基础用与应用.北京:北京大学出版社,2003.
[110]Gavrila S,Barkley J.Formal specification for RBAC user/role and role/role relationship management.Proceedings of 3~(nd) ACM Workshop on Role-Based Access Control,Fairfax,VA,1998,10.
[111]Nyanchama M,Osborn S.The role graph model and conflict of interest.ACM Transactions on Information and System Security,1999,2(1):3-33.
[112]Crampton J,Loizou G.Administrative scope:A foundation for role-based administrative models.ACM Transactions on Information and System Security,2003,6(2):201-231.
[113] Oh S, Sandhu R, Zhang X. An effective role administration model using organization structure. ACM Transactions on Information and System Security, 2006, 9(2):113-137.
[114] Bhatti R, Joshi J, Bertino E, et al. Role administration: X-GTRBAC admin: a decentralized administration model for enterprise wide access control. Proceedings of the 9~(th) ACM symposium on Access control models and technologies, 2004.
[115] Gong L, Qian X. Computational issues in secure interoperation. IEEE Transactions on Software and Engineering, 1996,22(1):43-52.
[116] Kapadia A, AI-Muhtdai J, Campbell R, et al. IRBAC 2000: Secure interoperability using dynamic role translation. In Technical Report: UIUCDCSR- 2000-2162, 2000.
[117] Joshi J,Bhatti R, Bertino E, et al. Access control language for multi-domain environments. IEEE Internet Computing, 2004,11-12:40-50.
[118] Piromruen S , Joshi J. An RBAC framework for time constrained secure interoperation in multi-domain environments. In Proceedings of 10~(th) IEEE International Workshop on Object-Oriented Real-Time Dependable Systems(WORDS' 05), 2005:36-48.
[119] Shafiq B, Joshi J, Bertino E, et al. Secure interoperation in a multi-domain environment employing RBAC policies. IEEE Transactions on Knowledge and Date Engineering, 2005,17(11):1557-1577.
[120] Tolone W, Ann G J, Pai T, et al. Access control in collaborative systems. ACM Computing Surveys, 2005, 37(1):29-41.
[121] Li Q, Zhang X, Qing S, et al. Supporting ad-hoc collaboration with group-based RBAC model. CollaborateCom-2006, Atlanta, Georgia, USA, 2006,11.
[122] Balfanz D, Durfee G, Smetters D K, et al. In search of usable security: five lessons from the field. Security & Privacy Magazine. 2004,5(2):19-24.