An access control model is proposed based on the famous Bell-LaPadula (BLP) model.In the proposed model,hierarchical relationships among departments are built,a new concept named post is proposed,and assigning security tags to subjects and objects is greatly simplified.The interoperation among different departments is implemented through assigning multiple security tags to one post, and the more departments are closed on the organization tree,the more secret objects can be exchanged by the staff of the departments.The access control matrices of the department,post and staff are defined.By using the three access control matrices,a multi granularity and flexible discretionary access control policy is implemented.The outstanding merit of the BLP model is inherited,and the new model can guarantee that all the information flow is under control.Finally,our study shows that compared to the BLP model,the proposed model is more flexible.
With the rapid development of Web 2.0, more and more people are sharing their opinions about online products, so there is much product review data. However, it is difficult to compare products directly using ratings because many ratings are based on different scales or ratings are even missing. This paper addresses the following question: given textual reviews, how can we automatically determine the semantic orientations of reviewers and then rank different items? Due to the absence of ratings in many reviews, it is difficult to collect sufficient rating data for certain specific categories of products (e.g., movies), but it is easier to find rating data in another different but related category (e.g., books). We refer to this problem as transfer rating, and try to train a better ranking model for items in the interested category with the help of rating data from another related category. Specifically, we developed a ranking-oriented method called TRate for determining the semantic orientations and for ranking different items and formulated it in a regularized algorithm for rating knowledge transfer by bridging the two related categories via a shared latent semantic space. Tests on the Epinion dataset verified its effectiveness.
In this paper, we propose Term-based Semantic Peerto-Peer Networks (TSPN) to achieve semantic search. For each peer, TSPN builds a full text index of its documents. Through the analysis of resources, TSPN obtains series of terms, and distributes these terms into the network. Thus, TSPN can use query terms to locate appropriate peers to perform semantic search. Moreover, unlike the traditional structured P2P networks, TSPN uses the terms, not the peers, as the logical nodes of DHT. This can withstand the impact of network chum. The experimental results show that TSPN has better performance compared with the existing P2P semantic searching algorithms.
In order to formally reason and verify web services composition described by web services choreography specification WS-CDL,a typed formal model named typed Abstract WS-CDL(web services choreography description language)for WS-CDL specifications is proposed.In typed Abstract WS-CDL,the syntax of type and session,typing rules and operational semantics are formalized;the collaborations of web services are formally described by sessions;the operational semantics of a session can help to formally reason the execution of the choreography;the typing rules can help to formally check the data type consistency of exchanged information between web services and capture run-time errors due to type mismatches.Particularly,the concepts of type assumption set extension and type assumption set compatibility are proposed,and the merging algorithm of type assumption sets is defined so as to eliminate type assumption conflict.Based on the formal model,typed mapping rules for mapping web services choreography to orchestration is also defined.With the typed mapping rules,orchestration stubs and their type assumption sets can be generated from a given choreography; thus, web services composition can be verified at choreography and orchestration levels,respectively.The model is proved to have properties of type safety,and how the model can help to reason and verify web services composition is illustrated through a case study.
Quorum system is a preferable model to construct distributed access control architecture, but not all quorum system can satisfy the requirements of distributed access control architecture. Aiming at the dependable problem of authorization server in distributed system and combining the requirements of access control, a set of criterions to select and evaluate quorum system is presented. The scheme and algorithm of constructing an authorization server system based on Paths quorum system are designed, and the integrated sys- tem performance under some servers attacked is fully analyzed. Role-based access control on the Web implemented by this scheme is introduced. Analysis shows that with certain node failure probability, the scheme not only has high dependability but also can satisfy the special requirements of distributed access control such as real-time, parallelism, and consistency of security policy.
