Relation Based Access Control in Campus Social Network System
Zhao Dua, *, Yuguang Liub , Ye Wangca
Information Technology Center, Tsinghua University, 100084 Beijing, China b Beijing Educational Network and Information Center, 100875 Beijing, China c School of Automation, University of Science and Technology Beijing, 100083 Beijing, China
1. Introduction
As one of the most popular network applications, online social network system has gained huge adoption in the past few years. Campus social network system is a special type of social network system which focuses on providing information communication, knowledge sharing, and online collaboration services to campus users in colleges and universities. In this paper, we discuss the design of relation based access control in campus social network system which is decided by the collective efforts system designers, system administrators, and especially users of the system. Generally speaking, relation based access control in campus social network system is defined in terms of users can establish relationships; and they can also assign relation based permissions on information and resources when they release them. It consists of user-centered access control and group-centered access control which deal with access control of information and resources released in usersrsquo; personal space and groupsrsquo; shared space respectively. Once a campus social network system is put online, access control in it is actually decided by the collective intelligence of its users. Specifically, its built upon collective intelligence that is reflected through usersrsquo; identity, their social relationships and permissions that they set on their profile and created content. In a word, relation based access control in campus social network system adopts a collective intelligence model.
With the huge adoption that online social network systems have gained in the past few years, they are growing up to be one of the most popular Internet services and considered to be the representative of new generation Internet applications. The primary purpose of online social network systems is to connect users through network by providing online interaction, communication, and collaboration services to them. Although different online socialnetwork systems have different goals and usage patterns, the most common model of them is based on the android.
Campus social network system is a special type of social network system which targets campus users in colleges and universities. The focus of it is to provide information communication, knowledge sharing and especially online collaboration services to them [2]. At the same time, campus social network system also collects, keeps, and uses various kinds of personal and group relationships in the cyberspace of the colleges or universities. The sum of personal and group relationships forms a huge and sophisticated social network which is valuable assets both for individual campus users and for its belonging colleges or universities [3]. Access control to resources and services is an important topic for campus social network system as the same as it is for all computer systems. It is the mechanism by which services know whether to honor or deny requests. Different from access control in traditional computer systems which is determined by the joint efforts of system designers and administrators; access control in campus social network system and other Web 2.0 applications is determined by the collective efforts of system designers, system administrators, and especially users. Since the majority of users in campus social network system are equal, the focus of access control in the system is not to control the web pages or services that users can access, but to control the information and resources that users can access through web pages or services. In other words, users in campus social network system can access similar web pages or services, but they are probably to get largely different information and resources through these web pages or services.
Relation based access control in campus social network system is defined in terms of users can establish relationships; and they can also assign relation based permissions on information and resources when they release them. Once a campus social network system is put online, access control in it is actually decided by the collective intelligence of its users. Specifically, relation based access control in campus social network system is built upon their profile and created content. The core idea of it is the collective intelligence reflected by the elements we mentioned above. In a word, relation based campus social network system adopts a collective intelligence model.
Based on the above considerations, we propose the design of relation based access control in our campus social network system. It is defined in terms of two considerations: users can establish relationships; they can also assign relation based permissions on information and resources when they release them. It consists of two principal parts: user-centered access control and group-centered access control. The former part deals with access control of information released in usesrsquo; personal space.and the latter parts deals with access control of information released in -to-many mapping between users and permissions.
In the following sections, we begin by an introduction and comparison of access control for traditional computer systems and Web 2.0 applications. Then the relationship model of campus social network system and the design of relation based access control in the system are examined in detail. After that, we will make vivid scenario analysis of user-centered access control and group-centered access control to get deeper understanding of relation based access control. Finally, the conclusion of the paper is presented.
2. Access Control for Traditional Com
剩余内容已隐藏,支付完成后下载完整资料
校园网系统中基于关系的访问控制
1.介绍
作为最流行的网络应用之一,在线社交网络系统在过去几年得到了巨大的应用。校园社会网络系统是一种专门针对高校校园用户提供信息交流、知识共享和在线协作服务的社会网络系统。在本文中,我们讨论了基于关系的访问控制在校园社会网络系统的设计,这是由系统设计人员,系统管理员决定的,特别是这个系统的用户。一般来说,基于关系的访问控制在校园社会网络系统中定义的用户可以建立关系,他们也可以为信息和资源分配权限,在他们发布的时候。它包括以用户为中心的访问控制和以群体为中心的访问控制,分别处理用户个人空间和群体共享空间中信息和资源的访问控制。校园社会网络系统一旦上线,其访问控制实际上由用户的集体智能决定。具体来说,它是建立在集体智能,反映在用户设置在他们的配置文件和创建内容时的身份,他们的社会关系和权限,。总之,基于关系的访问控制在校园社会网络系统中采用了集体智能模型。
随着在线社交网络系统在过去几年中的巨大普及,他们正在成长成为最受欢迎的互联网服务之一,被认为是新一代互联网的代表应用.在线社交网络系统的主要目的是通过网络连接用户向他们提供在线互动、交流和协作服务。虽然不同的在线社交网络系统有不同的目标和使用模式,最常见的模型是基于Android。
校园社会网络系统是针对高校校园用户的一种特殊的社会网络系统大学。它的重点是提供信息交流,知识共享,尤其是在线对他们的合作服务[ 2 ]。同时,校园社会网络系统也在收集、保存和使用高校网络空间中的各种个人与群体关系。个人和群体的关系的总和形成了一个庞大而复杂的社会网络,这是宝贵的资产。个人校园用户及其归属院校(3)。访问控制资源和服务是校园社会网络系统与所有计算机系统一样,是一个重要的课题。它是服务知道是否尊重或拒绝请求的机制。与传统的访问控制不同,由系统设计者和管理员共同努力确定的计算机系统;访问控制。校园社会网络系统和其他Web 2应用程序是由系统的集体努力决定的。设计师,系统管理员,尤其是用户。由于广大用户在校园社交网络系统在系统中,访问控制的重点不是控制用户访问的网页或服务,但要控制的信息和资源,用户可以通过网页或服务访问。换句话说,校园社会网络系统中的用户可以访问类似的网页或服务,但他们可能获得很大通过这些网页或服务获得不同的信息和资源。
基于关系的访问控制在校园社会网络系统中依据用户可以建立关系定义,他们也可以在发布的时候分配基于关系的信息和资源的权限时。一旦校园社会网络系统被放在网上,访问控制实际上是由集体用户智能决定。具体地说,基于关系的访问控制在校园社会网络系统是建立在他们的配置文件和创建内容。核心它是我们上面提到的元素所反映出来的集体智慧。总之,基于关系校园社会网络系统采用集体智能模式。
基于上述考虑,我们提出了基于关系的访问控制在我们的校园社会的设计网络系统。它被定义在两个方面:用户可以建立关系,他们也可以分配基于关系的信息和资源发布时的权限。它由两个主要部分组成:以用户为中心的访问控制和组中心访问控制。前一部分涉及访问控制信息发布系统-多用户之间的映射和权限。在下面的章节中,我们将介绍和比较传统计算机的访问控制系统和Web 2应用程序。校园社会网络系统的关系模型及其设计基于关系的访问控制系统中详细检查。之后,我们将做出生动的情景分析以用户为中心的问控制和以组为中心的访问控制以加深对基于关系的访问控制的理解
2.传统计算机系统和Web 2应用程序的访问控制
资源和服务的访问控制是计算机系统的经典和重要课题。它是多个应用程序并且服务于多个用户,在20世纪70年代,有增强数据安全问题的意识。具体而言,访问控制是关于如何确保只有授权用户获得某些数据或资源[ 4 ]。一般来说,访问控制是服务的机制,知道是否尊重或拒绝请求。它通常包括四个问题:识别,认证,授权和访问决定[ 5 ]。
2.1。传统计算机系统的访问控制
在Web 2应用程序的出现和辉煌之前,计算机系统中的访问控制通常是由系统设计师和管理员共同努力确定。系统设计者决定计算机系统采用的访问模型;系统管理员负责访问规则的配置计算机系统。传统计算机系统的典型访问控制模型包括强制访问控制(MAC,或基于格的访问控制(LBAC))、自主访问控制(DAC),基于角色的访问控制(RBAC),基于属性的访问控制(ABAC),基于角色访问控制的分布式(DRBAC),和基于授权的访问控制(zbac)等,在这些模型中,MAC和DAC是两大经典[ 6,7 ]。在MAC和DAC之后引入了RBAC。它是最有名的和广泛使用的访问控制模型[ 4,6,7,8 ]。ABAC进行细粒度的访问控制的Web服务在服务水平和动态和分布式环境中的参数级别[ 9,10 ]。DRBAC结合RBAC的优点和信任管理系统创建一个系统,既提供行政方便和分散,可扩展高动态联盟环境中访问控制的实现[ 11 ]。ZBAC旨在解决跨域使用面向服务架构(SOA)的计算机系统中的访问控制问题[ 5,12 ]。这些模型的目的为不同应用场景下的访问控制问题提供解决方案。虽然他们有自己的优点和缺点,没有绝对最好的。此外,它们不一定是唯一的。其中一些可以结合起来,为实际的计算机系统实现更合适的访问控制。
2.2。Web 2应用程序的访问控制
与传统计算机系统的访问控制不同,Web 2应用中的访问控制是基于关系.它取决于系统设计师、系统管理员、尤其是用户的集体努力。系统设计者决定了Web 2应用程序在传统计算机中所采用的访问模型系统、系统管理员负责确认或设置用户识别的特定属性。这个配置细粒度访问规则的责任在很大程度上转移到用户身上。在大多数情况下,一旦Web 2应用程序放在网上,访问控制系统实际上是由所有用户的集体努力决定的。Web 2应用程序的大多数用户是平等的,在系统中的访问控制的重点是控制用户可以通过网页或服务访问的信息和资源。也就是说,虽然用户在Web 2应用程序可以访问类似的网页或服务,他们将通过这些网页或服务获得不同的信息和资源。基于关系的访问控制在Web 2应用程序是建立在反映并创建内容的集体智慧,。首先,由于Web 2应用程序针对个人用户,并提供各种形式的内容创建和关注,因为认为它是包含在所有其他访问控制模型中。其次,大多数Web 2应用程序允许用户与其他用户建立个人关系和成员关系的组,和访问控制在Web 2应用程序通常是建立在社会人际关系和成员关系的关系[ 13,14 ]。第三,用户有充分的权利决定谁可以访问他们的内容,因为他们是Web 2应用程序的内容所有者。他们被允许设置Web 2应用程序中创建内容的访问规则。访问规则可能是默认规则
3.校园网系统中基于关系的访问控制
作为一个典型的Web 2应用,基于关系的访问控制在校园社会网络系统采用他们设置自己的配置文件,并创建内容。由于用户的社会关系是关系基础访问控制模型,校园社会网络系统的关系模型是最重要的因素之一模型的。为此,本文首先介绍了校园社会网络的社会关系模型系统。之后,我们将详细分析基于关系的访问模型建立在社会关系模型。
3.1。校园社会网络系统关系模型
校园社会网络系统的关系模型由可划分的五类关系构成分为两类。第一类包含两种类型的用户之间的关系;第二类包含三种类型的用户和组之间的关系。这两类用户之间的关系是确认的朋友关系和单向确认的后续关系。校园用户社会网络系统可以进一步划分他们的朋友,并遵循用户到多个列表。值得注意的是,用户和组之间的关系可以被转换成一组之间的关系用户及本群组所有其他成员。一旦用户与组建立任何关系,他/她将在本群组范围内与本群组的所有人、管理层及所有现有及未来成员联系起来
如图1所示,用户和组之间有五个连接,用户和组之间有四个连接。用户A有一个朋友(用户B)和两个追随者(用户C和用户D);他也是两个用户的追随者(用户C)。和用户E)。P组有一个所有者(用户B),一个管理者(用户C)和两个成员(用户D和用户E)。
剩余内容已隐藏,支付完成后下载完整资料
资料编号:[27955],资料为PDF文档或Word文档,PDF文档可免费转换为Word
以上是毕业论文外文翻译,课题毕业论文、任务书、文献综述、开题报告、程序设计、图纸设计等资料可联系客服协助查找。
