授权访问

• In a network environment , it is an important and focal question of information security that how the data and resources of the system can be protected from unauthorized accesses , malicious intrusions and misuses . lt has been the focus of research
  在网络环境中，如何使系统资源和数据能够授权访问，免遭恶意入侵和破坏，是当前信息安全的重大问题，日益成为人们关注的焦点。
• Mahjong network single sign on ( sso ) is mechanism whereby a single action of user authentication and authorization can permit a user to access all branch web site where he has access permission , without the need to enter multiple passwords
  单一登录技术是一种认证和授权机制，它允许注册用户只需要在任一成员网站上登录一次，而后授权访问其他连接的分支网站，无需再进行登录。
• Based on the research of request / response model of http protocol , session tracking and processing technology is used to implement access only to authorized users , and policy of resource access control and form - based authentication are combined to implement the security manager module in the system
  系统通过对http请求响应模刑的研究，采用会话跟踪和处理来实现授权访问，并采用资源访问控制和基于表单的认证相结合的方式实现系统管理模块的安全性。
• With the development of internet , large numbers of vulnerabilities are discovered continually . hackers often exploit the vulnerabilities in computer software or configuration to implement unauthorized access , privilege escalation and dos attack . and all these badly compromise the system security
  在internet高速发展的今天,大量的弱点信息不断地出现,黑客经常利用计算机软件或配置上存在的弱点,进行无授权访问、特权提升、 dos攻击等,严重地危害了系统安全。
• It is composed of two aspects : first , it uses the java sandbox to control the access of host resource , thus it can prevent the host resource from being accessed by agents without authority ; second , it adopts a authentication based mobile agent transfer protocol to control the transfer of agents in order to refuse the transfer request of invalid agent . thus , it can guarantee that the agent running in the host is valid , in other words , it avoids performing the illegal agent in the host . further more , it can be sure that the agent status data have n ' t been tampered or replaced in the course of transfer
  该方案主要包括两个方面内容：一、利用java2沙箱控制主机资源的存取，防止主机资源被移动代理非授权访问；二、采用一种基于证书的移动代理迁移协议，对移动代理的迁移过程进行控制，拒绝不合法移动代理迁移至主机的请求，确保主机上运行的移动代理具有合法身份，并且确保移动代理迁移状态数据在迁移过程中不被篡改或替换。
• Given in this paper , through analyzing the framework of j2ee , there are three applications of xml in j2ee , such as data description and exchange , data present and message - oriented distributed computing . in the face project , we use xml and j2ee to implement the exchange of xml document and relation database . in addition , this paper proposes us a fine - grained access control algorithm for xml documents , which may protect the resource of xml documents
  本文详细地介绍了xml技术和j2ee技术，叙述了xml在j2ee中的三种应用：数据描述和交换、数据显示及面向消息的分布计算，并在实际的face项目中应用xml技术和j2ee技术，实现xml文档和关系数据库之间的相互转换；另外，对xml文档进行了细粒度的访问控制，提出了一种授权访问控制算法，实现了将源xml文档转变为符合一定安全需求的目标xml文档。
• Since the most common transport protocol for web services is http , which is also the protocol that most of the internet infrastructure is built around handling , managing , load - balancing , and allowing access to applications through http is often much less troublesome than allowing access through other protocols
  由于web服务最常用的传输协议是http （大多数internet基础结构也是以http协议为基础构建的） ，所以通过http对应用程序进行操作、管理、负载均衡和授权访问比通过其他协议要少一些麻烦。
• Only after the user is validated and authorized can the content stored in a cache ( including that deployed from the core node to an edge node and stream media content buffered like real , windows mms , etc . ) be provided directly from the cache at the edge node with the access time , number of accesses and data volume obtained recorded
  授权访问在cache上缓存了的内容(包括由核心部署到边缘节点上的内容以及流媒体缓存内容如real 、 windowsmms等) ，只有在用户通过认证、授权的基础上，才能直接从边缘节点的cache上获得服务，并且有访问时间、访问次数、获取的数据量等等的访问记录。
• Neural network has higher performance to dos and probing attacks than to r2l and u2r attacks . however , according to the theory of information gain , c4 . 5 can accurately detect the r2l and u2r by extracting the rules from the content features . what is more , the model can also be updated by the c4 . 5 rules mined from the dataset after the event ( intrusion )
  采用bp网络对入侵数据包进行检测时，其对拒绝服务( dos )和探测( probing )类的攻击有较好的检测率，但对远程到本地( r2l )以及对超级用户( u2r )非授权访问类攻击的检测率较低。