Fra Il Timore E La Speme-Zoltan Pesko, Fra Il Timore E La SpemeMP3下载,歌词下载 - 虾米音乐
Loading...
Fra Il Timore E La Speme
@微博好友，送歌给Ta！
Sorry，此歌曲暂无歌词。
喜欢Fra Il Timore E La Speme的人们也喜欢...
您需要登录后才可以留言，请用虾米帐号
听Fra Il Timore E La的人也听
关注虾米：& 总统特工队
总统特工队 End Game (2006)
导演：郑继宗
类别：剧情/动作/惊悚
地区：德国 / 美国 / 加拿大
语言：英语
主演：小古巴·戈丁/詹姆斯·伍兹/安吉·哈蒙
上映日期：2006
作者：J.C. Pollock/郑继宗
中文名：总统特工队
外文名：End Game
又名：完结游戏 / 末日游戏
你可能也喜欢的电影
下载地址 (33)
在线观看 (2)
相关列表 (5)
相关图片 (5)
美国总统在出席一所大学举行的国家荣誉奖的颁奖仪式的途中遭遇枪杀……作为专门负责保护美国重要领导人安全的王牌特工，艾力克斯为自己的失职感到深深的自责，以致于终日用酒精来麻醉自己；一位负责报道此案的女记者凯特意外地发现了寻找真凶线索，然而，似乎总有人在监视她的行踪，每一个为她提供线索的人都离奇的死亡。无奈之下，她只好寻求艾力克斯的帮助；可是他们见面的当天就遭到神秘人的袭击，几乎丧命。艾力克斯也因此坚定了查清事实真相的决心，于是，他和凯特开始了一段充满艰难险阻的历程，最终揭开了刺杀总统事件背后的罪恶阴谋……
没找到优质结果？
试试点普通搜索一下Advanced Features for Enterprise-Wide Role-Based Access Control86-第2页
上亿文档资料，等你来发现
Advanced Features for Enterprise-Wide Role-Based Access Control86-2
StaticSeparationofDutyRo；??；d??????????；??zd；??d；PermissionUserUserRolePe；inTS；Permission；inTS；EnterpriseLevelPropagati；Figure5.EnterpriseRBACMo；agatedtotheadministeredt；Asalreadym
StaticSeparationofDutyRoleHierarchy??d????????????zd??dPermissionUserUserRolePermissionAccountinTSPermissioninTSEnterpriseLevelPropagationTargetSystemsFigure5.EnterpriseRBACModel(ERBAC)agatedtotheadministeredtargetsystems(TS).TheEnter-priseUserde?nitionleadstothecreationofuseraccounts(userIDs)inthetargetsystem.Apermissioncanbeanyau-thorisation(calledanoperationincoreRBAC)toaresourceinoneoftheunderlyingtargetsystems.TheassignmentofapermissiontoanEnterpriseRoledoesnotnecessarilyleadtoanyupdateinthetargetsystem.Thepermissionsoftherolearepropagatedandtheuser’saccountsreceivetheas-sociatedpermissionsintherespectiveTSonlywhenaroleisassignedtotheuser.Thesamehappens,ofcourse,whenpermissionsareaddedtoorremovedfromroles.Asalreadymentioned,apermissioncanbeanyentityinthetargetsystem,suchasagroup,aroleoranauthorisation.Letustakeadeeperlookattheconceptofgroups:Therehasbeensomediscussionaboutthedifferencesbetweenthenotionofrolesandgroups(e.g.in[11]).Groupscanbeseenmoreasgroupingmechanismsforusers(seee.g.[8])orasgroupsofpermissions.Inourcontext,agroupissimplyatargetsystementitywhichbundlespermissionsinthetargetsystem.FromtheERBACviewpoint,agroupisthereforeatypeofpermissionthatcanbeassignedtoEnterpriseRoles.InadditiontothecoreRBACfeatures,ageneralrolehierarchyissupported.EnterpriseRolescanbeassignedtootherrolesinadirectedacyclicgraph.Childrolesin-heritallpermissionsfromtheirparentroles(includingallpermissionsthattheserolesinherit).Auserassignedtoachildrolethusreceivesallpermissionsassignedtothisrole,plusallpermissionswhichtheroleinheritsfromitsances-tors.Rolehierarchiesalloweasystructuringofrolesandreduceredundancy.Thisleadstoasmallernumberofrolestobede?nedinanenterpriseandlessadministrativeeffort.However,experiencehasshownthattheroletreeshouldnotbetoodeep,asitcanotherwisebecomeverydif?culttomaintain.Arolehierarchywithamaximumofthreetofourlevelsisrecommended.TheRBACstandarddraftalsode?nesconstraints.StaticSeparationofDutyisimplementedinERBACbyrulesde?ningconstraintsbetweenroles.Theserulesareevalu-6atedwhenassigninguserstorolesandrolestoroles,thuspreventingauserfromreceivingillegalcombinationsofroles,eveninthepresenceofarolehierarchy.AsanERBACsystemdoesnotcontroltheactualses-sionsofauser,itcannotdirectlyenforceDynamicSepara-tionofDuty.Instead,itmustrelyonsuchmechanismsinthetargetsystems.AcommonwaytoenforcedynamicSoDistousedifferentaccountsfordifferenttasks.InERBAC,wecansimplyde?nedifferentusersforthesetasks.Thus,byde?ningstaticSeparationofDutyconstraintsinERBAC,dynamicSeparationofDutycanbeenforcedintheunder-lyingsystems.IfthetargetsystemitselfsupportsdynamicSoD,thisfeaturecanbecontrolleddirectlybyERBAC.Inadditiontotherolemodel,theRBACstandardalsode?nesadministrativeandreviewfunctions.Ourimple-mentationofERBACinSAMJupiteralsooffersacompletesetofadministrativecommandsforallsupportedfunctions.Acompletelistofallsupportedcommands,however,goesbeyondthescopeofthispaper.ThereviewfunctionsarebasedontheERBACrepositoryandarerealisedusingaWeb-basedreportingengine.ThesymmetricnatureoftherepositoryallowsforacomprehensivesetoflistsincludingbasicandadvancedlistsforallERBAClevels.Someexam-plesforadvancedreportsare:?Listallpermissionsofauser(includingthoseinheritedfromalldirectlyorindirectlyconnectedroles).?Listalluserstowhicharoleisconnecteddirectlyorindirectlyviatherolehierarchy.?Listalluserswithaspeci?cpermission.4EnhancedERBACERBACasde?nedintheprevioussectionprovidesagoodbasisforuserandsecurityadministration.However,ourexperienceduringdeploymentofroleswithSAMatseveralcustomersitesshowedthatthesoleusageofthisUserAccountinTS1AccountinTS2UserTS1TS2RoleGenericPermissionPermission(SET1)PermissioninTS1EnterpriseLevelPropagationTargetSystem1PermissioninTS2TargetSystem2Figure6.ERBACwithGenericRolesmodelwouldhaveledtoalargenumberofrolesandthustoahighadministrationeffort.Therearebasicallytworea-sonsforthis:multiplefactorsde?ningrolesandtheneedfor?ne-grainedcontrolofapplicationsecurity.Theaccessrightsapersonreceivesarenormallybasedonanumberoffactors.Thesemaybeorganisationalunit,job,locationorothers.Asthecombinationofthesefactorsde?nestherights,onecannotsimplybuildseparaterolehi-erarchiesbasedonorganisation,jobetc.Instead,arolemustbede?nedforeveryvalidcombinationofthesefactors.Theresultingrolestructurewouldobviouslybeverycomplexanddif?culttomaintain1.Intypicalbusinessapplications,?ne-grained,restrictionstoaccessrightsoftenapply.Forexample,differentloanmanagersmaybeallowedtoapproveloansuptodiffer-entamounts.UsingthedescribedERBACmodel,oneloanmanagerrolemustbede?nedforeverydifferentmaximumapprovalamount.Thiswouldagainleadtomanysimilarrolesdifferingonlyinasingleconstraint.Thesolutionfortheseproblemsistoparametriseroles.WehavethereforeenhancedourERBACmodelwithat-tributesandrules.Attributescanbeassignedtothefol-lowingentities:?users,?roles,?userassignments,?permissionassignments,situationiscomparabletomultipleinheritanceinobject-orientedprogramming.ExtensiveuseofCespeciallymultipleCinheritanceleadstounmaintainablesoftwaresystems.1The?role-to-roleassignments.Theseattributesmayspecifyconstraintsorothervaluesrel-evantforaccesscontroldecisions.Rulesspecifywhathap-penswhenattributesarechangedorassignmentsaregivenorremoved.Inthefollowingsections,wedescribehowenhancedERBACcandramaticallyreducethenumberofroles,thusgreatlyfacilitatingroleadministration.Allfeaturesaremo-tivatedbyreal-lifesituationsthatwehaveencountereddur-ingroledeploymentinlargeorganisations.4.1UserAttributesTheuserinourERBACmodelcontainsarichsetofstan-dardandcompany-speci?cattributes.Theseattributesareusedforanumberofimportantfunctions:?Asetofattributessuchasname,title,telephonenum-berdescribestheuser.Furthermore,theycanalsobepropagatedtoatargetsystemwhenanaccountiscre-atedfortheuser.?Severalattributesdescribetheuser’sorganisationalunit,jobfunction(s)andsoon.Theseattributespro-videthebasisforautomationofuseradministrationastheynormallyde?netherolesauserwillreceive.Asdescribedinsection2,thisdataisoftenextractedfromahumanresourcessystem.Iftheseattributeschange,therolesauserreceivesorlosesarecom-putedusingrulesandautomaticallyassignedordeas-signed.Ofcourse,automationcanconsiderablyreduceadministrationcostsandisthereforethemaingoalofmanycompanieswhenimplementinganenterprise-wideuseradministrationtool.Somecompanieshave7UserUserCostAccount=4267AccountinRACFRolePermissionJokerPermissionRuleGroupACCT4267inRACFEnterpriseLevelPropagationTargetSystemFigure7.ERBACwithJoker:Examplesucceededinautomatingmorethan90-95%oftheiruseradministrationtasks.Asanexample,table1showssome?guresforrole-basedadministrationinaEuropeanbank.12000changesofuserassignmentstorolesperweek(fullyautomated)600changesofpermissionassignmentstorolesperweek(manually)→95%automationofadministrationTable1.FiguresforRole-BasedAdministra-tioninaBank?Afurtherpossibilityistouseuserattributesforspec-ifyinguser-speci?cinformationwhichcanbeusedasconstraintsforrolesandpermissionsorforotherad-ministrationtasks.Thefollowingsectionsgointomoredetailonthis.Theuserthenreceivesthesepermissionsonlyinthespeci-?edtargetsystems.Figure6illustratesthisfeature.Agenericpermissionde-?nedinatargetsystemsetSET1isassignedtoarole.ThetargetsystemsetSET1maycontain?vetargetsystemswithsimilarpermissionstructures(TS1...TS5).Whenassign-ingourroletoauser,wespecifythetargetsystemsTS1andTS2fromthisset.Theuserthenreceivesthepermissionsde?nedintheroleforthesetwosystems.4.3JokerPermissionsInformationfromseveralstructuresisoftenneededtode?nearole.Acommonexampleisthatauser’saccessrightsdependonlocationandjobfunction[6].Ifwetriedtobuildaroletreeincludingbothfactors,thetreestructurewouldbecomequitecomplex.Italsowouldcontainalargenumberofroles,asoneroleisneededforeveryvalidcom-binationoflocationandjobfunction.Wehaveestablishedasuccessfulalternativeapproachthatavoidsincreasingcomplexity.Onlyonestructureisusedasabasisfortherolegraph,whiletheotherisim-plementedviaparametersoftheseroles.Asanexample,wecantakethejobfunctionforbuildingtherolegraphandde?nethelocationasanattributeoftheuser/rolerelation-ship.Thisfeatureisimplementedbyassigningso-calledjokerpermissionsinsteadofexplicitpermissionstoarole.Whenassignedtoauser,theactualpermissioniscomputedusingtheattributesoftheuserand/oruser-roleconnectiononthebasisofrules.Thepermissionisthengrantedtotheuser.Therulesuseattributesoftheuser(e.g.organisationalunit,location,jobfunction)tocomputetheactualpermission.Anamingconventionforthepermissionsisaprerequisiteforthismethod.Figure7showsanexamplefortheusageofjokers.Inabank,allusersreceiveamembershiptoaRACFgrouponthemainframeaccordingtotheircostaccounts,whichare84.2GenericRolesForseveraltypesofsystemsCsuchasWindowsNTandUNIXCmanyorganisationshaveanumberoflocallydis-tributedinstallations.Auserisde?nedinoneormoreofthesesystemsaccordingtolocation(orsomeotherat-tribute).Usersworkingatmorethanonelocationmaybede?nedinseveralsystems.Typically,thegroupandpermis-sionstructuresofthesesystemsarede?nedquitesimilarly.Topreventbuildingseparaterolestructuresforallofthesesystems,weaddedtheconceptofroleswithgenericpermissionstoERBAC.Normalrolesarecollectionsofper-missionsde?nedinspeci?ctargetsystems.Genericrolesallowtheassignmentofgenericpermissionsde?nedforasetoftargetsystems.Whensucharoleisassignedtoauser,oneormoretargetsystemsfromthissetarespeci?ed.Max.loanUseramount=Maximum=1Mio.Euro￡PermissionAccountinTSinTSConstraint:Maximumamount￡￡￡PermissionRolePermissionEnterpriseLevelPropagationTargetSystemFigure8.Exampleforuser-speci?cconstraintrepresentedbyfourdigitnumbers.Forthispurpose,groupsinRACFarede?nedwithnamesconsistingofthestring“ACCT”followedbytheaccountnumber.Aroleisnowde?nedcontainingaJokerGroup.Whenauserisassignedtothisrole,aruleistriggeredthatcomputesthenameofthegroupbyconcatenatingthe?xedstring”ACCT”withthecostaccountoftheuser(takenfromtheuserattributes)andassignstheuserinRACFtothisgroup.Thismecha-nismisquitepowerful,asitusesinformationabouttheuserandthepermissionstructuretoautomatetheadministrationprocess.theseparametersarecomputedandpropagatedtotheun-derlyingsystem.Figure8showsasimpleexampleofuser-speci?ccon-straints.Abankingapplicationhasde?nedtheconstraint“Maximumamount”fortheassignmentofapermissiontoapprovealoan.Aloanmanagerroleisnowbuiltthatin-cludesthisconstrainedpermissionbutdoesnotde?neanexplicitamountfortheconstraint.Auserhasanattribute“Maximumloanamount”ofonemillionEuro,whichde-?nesthelimit.Whenthisuserisconnectedtotheroleandthepermissionispropagatedtothetargetsystem,thecon-straintis?lledwiththevaluefromtheuserattribute.4.4User-Speci?cConstraints5ConclusionUser-speci?cconstraintsconstituteafurtheraspectoftenoccurringCespeciallyinbusinessapplications.Peopledo-ingprincipallythesamejobmayhavedifferentrestrictions.Someexamplesinclude:?Abanktellermayonlyworkwithaspeci?csetofcus-tomeraccounts.?Aloanmanagermaygrantloansuptoaspeci?camount.Itwouldbepossibletobuildseparateloanmanagerrolesforeverydifferentmaximumamountorseparatebanktellerrolesforeveryrangeofcustomeraccounts.Obviously,thisisnotagoodsolutionasitwouldleadtoalargenumberofsimilarroles.InERBACwehaveenhancedthepermissionassignmentwithadditionalparameters.Theunderlyingapplicationse-curitysystemalreadyhasparametersforitsauthorisationsinordertochecktheconstraints.Thesesystem-speci?cpa-rametersarenowmappedtopermissionassignments.Fur-thermore,rulesarede?nedtodeterminehowtheseparam-etersare?lled.Thiscanbeanythingfrom?llingthepa-rameterwithanattributefromtheuserrecordtocomplexcomputations.WhenauserisassignedtoaroleinERBAC,9Role-BasedAccessControlisaneffectivemechanismforsimplifyingtheadministrationofusersandaccessrightsincomplexITinfrastructures.Tosupportenterprise-widesecuritymanagement,wehaveintroducedEnterpriseRolesandtheEnterpriseRole-BasedAccessControlModel(ER-BAC).ERBAChasbeenimplementedinthecommercialsecurityadministrationtoolSAMandhasprovensuccess-fulinmanyprojectsinlargeorganisations.WehavealsoshownthatenhancingERBACwithparametersreducesthenumberofrolesdramatically,therebyminimisingadminis-trationandrolemaintenancecosts.FutureworkwillbedonetoimprovetheERBACmodelanditsvaliditywillbeprovenindeploymentatfurthercus-tomersites.Inparticular,wemustcopewiththechallengesderivingfromthegrowingdistributionofITsystemsovertheinternet.Asecondimportantareaisroleengineering,asthede-ploymentandmaintenanceofrolesrequiresathoroughpro-cess.Wehavealreadyde?nedarolelife-cyclein[6].Therole-?ndingprocessinparticularwillbefurtherinvesti-gated.Sofar,twoapproacheshavebeenconsidered.Ononehand,atop-downapproachstartswiththebusinessstruc-turesandprocessesandre?nesthemtoobtainroles(seealso[9]).Thebottom-upapproach,ontheotherhand,takestheexistingpermissionsandappliesdataminingtechniquesto?ndclustersofpermissionswhichrepresentroles.Itwillbeinterestingtocombinebothapproaches.[14]R.WittyandW.Malik.EnterpriseUserAdministrationMagicQuadrantFY01,ResearchNote.GartnerGroup,Jan-uary2001.References[1]R.Awischus.Role-BasedAccessControlwiththeSecurityAdministrationManager(SAM).InProceedingsoftheSec-ondACMWorkshoponRole-BasedAccessControl,Fairfax,Virginia,USA,pages61C68,November1997.[2]A.Beu,A.Kern,andJ.Schwagereit.“DasUserInterfaceistwundersch¨on...”.DerbenutzerzentrierteGestaltungsprozessnachISO13407inderPraxis.JavaMagazin,pages28C35,May2002.[3]B.BiddleandE.Thomas,editors.RoleTheory:ConceptsandResearch.RobertE.KriegerPublishing,NewYork,1979.[4]D.F.FerraioloandD.R.Kuhn.Role-BasedAccessControl.In15thNCSCNationalComputerSecurityConference,Bal-timore,1992.[5]D.F.Ferraiolo,R.Sandhu,S.Gavrila,D.R.Kuhn,andR.Chandramouli.ProposedNISTStandardforRole-BasedAccessControl.ACMTransactionsonInformationandSys-temSecurity(TISSEC),4(3):224C274,August2001.[6]A.Kern,M.Kuhlmann,A.Schaad,andJ.Moffett.Obser-vationsontheRoleLife-CycleintheContextofEnterpriseSecurityManagement.InProceedingsofthe7thACMSym-posiumonAccessControlModelsandTechnologies(SAC-MAT2002),Monterey,California,USA,pages43C51,June2002.[7]A.Kern,M.Kuhlmann,andR.Wick.EinVorgehensmodellf¨urEnterpriseSecurityManagement.InProceedingsoftheWorkingConferenceonITSecurityinElectronicBusinessProcesses,St.Leon-Rot,Germany,September2002.[8]S.OsbornandY.Guo.ModellingUsersinRole-BasedAc-cessControl.InProceedingsoftheFifthACMWorkshoponRole-BasedAccessControl,Berlin,Germany,pages31C37,July2000.[9]H.R¨ockle,G.Schimpf,andR.Weidinger.Process-OrientedApproachforRoleFindingtoImplementRole-BasedSecu-rityAdministrationinaLargeIndustrialOrganization.InProceedingsoftheFifthACMWorkshoponRole-BasedAc-cessControl,Berlin,Germany,pages103C110,July2000.[10]FormoreinformationaboutSAMJupiter,seeourproducthomepage:http://www..[11]R.Sandhu.RolesVersusGroups.InProceedingsoftheFirstACMWorkshoponRole-BasedAccessControl,Gaithers-burg,Maryland,USA,pagesIC25CIC26,December1995.[12]R.Sandhu,E.Coyne,H.Feinstein,andC.Youman.Role-BasedAccessControlModels.IEEEComputer,29(2):38C47,February1996.[13]D.Thomsen,R.O’Brien,andC.Payne.NapoleonNet-workApplicationPolicyEnforcement.InProceedingsoftheFourthACMWorkshoponRole-BasedAccessControl,Fairfax,Virginia,USA,pages145C152,October1999.10包含各类专业文献、幼儿教育、小学教育、文学作品欣赏、行业资料、Advanced Features for Enterprise-Wide Role-Based Access Control86等内容。　
　It induces an atmosphere for collusion. C. it ...role-based access control offers companies in ...D. It enforces an enterprise-wide security ... 　6. Access Control a. Role Based Access is setup here b. In our OpenLDAP we have 7 Provider Groups setup. There is one group for each of the ... 　Guidelines for Enterprise Internal Control N0. 11...The preliminary design shall utilise advanced and ...The accounting/finance department shall, based on ... 　campus-wide deployments, the Aruba 6000 features ...role-based access control for wired, wireless and...In today's dynamic, distributed enterprise, users... 　(Gentoo)Rule Set Based Access Control(Gentoo)Rule...? ? Key features Free Open Source (GPL) Linux...For each role, compatibility to all types and ... 　2.Evaluate the role played by the major types ...wireless networks and for wireless Internet access....providing an enterprise-wide view of customers. These... 　control system has a very important role in many...OPC (OLEforProcessContro1) is based on COM (...automation applications and enterprise management applicati... 　control is based on cost control of construction project for the center, ...Cost Management is a comprehensive enterprise-wide and full management of the... 　role-based access control routing protocol ...(UDP) idle time set for any HTTP traffic that...wide range of network attacks .When verifying ...找游戏，上快猴 ！
搜索热词：
||||||||||||||||||
|||||||||||||
《极品飞车19》最新汽车曝光：[详细]
《F1 2015》最新游戏截图 7月1[详细]
《侠盗飞车5》核弹末日Mod展示：继《[详细]
《无尽轮回（Ad Infinitum）》最新游[详细]
最新单机游戏
单机游戏排行榜
类型:81797人在玩
类型:3174人在玩
类型:3273422人在玩
角色扮演排行榜
射击游戏排行榜
动作游戏排行榜
休闲益智排行榜
体育竞技排行榜
赛车竞速排行榜
策略战棋排行榜
即时战略排行榜
恋爱育成排行榜
单机游戏工具
最新热门攻略
友情链接LINK
CopyRight&2008年-2015年 < 快猴网 All Rights Reserved
备案编号:粤ICP备号-1