Method and device for generating access controlling policy

An access control policy and access control technology, applied in the field of network applications, can solve problems such as difficulty in defining users and prone to errors, and achieve the effects of facilitating understanding and operation, ensuring accuracy, and reducing burden

An access control policy and access control technology, applied in the field of network applications, can solve problems such as difficulty in defining users and prone to errors, and achieve the effects of facilitating understanding and operation, ensuring accuracy, and reducing burden

CN101771683AInactive Publication Date: 2010-07-07BEIHANG UNIV
0 Cites 24 Cited by

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for generating access controlling policy
  • Method and device for generating access controlling policy
  • Method and device for generating access controlling policy

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0029] figure 1 It is a flow chart of Embodiment 1 of the access control policy generation method of the present invention, as shown in figure 1 As shown, the method includes:

[0030] Step 101, generate an ABAC policy expression according to the ABAC policy information input by the user through the pre-established ABAC policy view template;

[0031] Step 102: Convert the ABAC policy expression into an XACML-based ABAC policy conforming to the XACML template according to the preset mapping rule between the ABAC policy view template and the XACML template.

[0032] In the technical solution of this embodiment, an ABAC policy expression is generated according to the input ABAC policy information, and then the ABAC policy expression is automatically converted into an XACML-based ABAC policy through the set mapping rules. In this process, the user only needs to pass through the ABAC policy view Templates input some simple ABAC policy information, no need to manually wr...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses method and device for generating an access controlling policy. The method comprises the following steps of: generating an ABAC policy expression according to ABAC policy information input by a user through a pre-established attribute-based access control (ABAC) policy view template; and converting the ABAC policy expression into an ABAC policy which is based on XACML and conforms to the XACML template according to mapping rules of the preset ABAC policy view template and an extensible access control markup language (XACML) template. In the invention, the user only needs to input some simple ABAC policy information through the ABAC policy view template and does not need to write a complicated ABAC policy based on XACML in a manual mode, therefore, the problem that the user difficultly defines the ABAC policy based on XACML is solved, the problem that errors are made in the process of writing the complicated ABAC policy based on XACML in a manual mode by the useris avoided, and the accuracy of the ABAC policy based on XACML is ensured.

Description

technical field [0001] The invention relates to access control technology, in particular to a method and device for generating an access control policy, belonging to the field of network applications. Background technique [0002] In order to ensure that the network has sufficient security, the International Organization for Standardization ISO defines five security service functions in its network security system design standard (ISO7498-2), including: identity authentication service, access control service, data confidentiality service, Data integrity services and non-repudiation services. Among them, the access control service is a defense measure against unauthorized use of resources, which is used to prevent users from accessing various resources without authorization, so that the computer system can be used within the legal scope. Access control can effectively prevent illegal users from accessing system resources, and legal users from illegally accessing system resou...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
07 Jul 2010
Publication
CN101771683A
IPC
H04L29/06; H04L12/56; G06F17/30
Inventors
ιƒŽζ³’; ε€ͺζ–‡ε©·