Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Construction method for access control policy and system thereof

A technology of access control strategy and construction method, which is applied in the field of access control strategy construction and its system, which can solve the problems of lack of structure in language, complex policy rules, and inability to provide semantic analysis, so as to facilitate unified writing and management, and improve readability Sexuality, easy to understand the effect of using

Inactive Publication Date: 2010-07-14
苏州国华科技有限公司
View PDF0 Cites 26 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] The newly developed policy language includes Selinux reference policy language and Ponder, etc. Although it is a policy language for new requirements, there are certain deficiencies: (1) The reference policy language developed by Selinux supports multiple security models, such as DTE and RBAC, However, the language lacks structure, and each policy rule needs to be clearly declared and written, which makes its policy rules very complex and huge, which is not easy for users to understand and use; (2) Although Selinux uses the m4 macro compiler to write external interfaces, it tries to simplify However, because the m4 macro compiler cannot provide semantic analysis (such as type checking), the robustness of the language is reduced and the probability of policy conflicts is increased; (3) Ponder is a declarative, structural policy language
However, Ponder only provides support for autonomous access control, and cannot fully describe other security models such as MAC and RBAC.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Construction method for access control policy and system thereof
  • Construction method for access control policy and system thereof
  • Construction method for access control policy and system thereof

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0023] Based on the study of existing access control technologies and security models, such as BLP, DTE and RBAC models, this embodiment comprehensively analyzes the security principles of these models, extracts their common and unique security features, and analyzes the model Realize the abstraction and summary, and refine the design requirements of the general access control strategy.

[0024] The access control policy is the realization basis of the security model, the specific description of the abstract security model, and the actual description object of the access control policy language. Generally speaking, access control policies mainly have three basic elements: policy subjects, policy objects and policy rules. These elements correspond to the system security field and can be divided into three basic concepts of system subject, system object and security rules. The system subject can be a policy subject or a policy object, which means a system object that can active...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a method for constructing an access control policy and a system thereof which are applied to field of the safe operation system, in particular to a policy compiler for realizing the method for constructing the access control policy. Based on the analysis and the research on the classical safety model, the invention provides the method which has common and special safety rules and is used for constructing the universal access control policy, and provides the policy compiler which can realize the functions of syntax check, semantic analysis and the like, comprises a retargetable back end and is applicable to the multiple operating system environments by setting the method as the design objective of the language of the policy compiler in the system, adopting the object-oriented design concept and determining the lexical and syntax standard methods of the language. The invention has the prominent advantage that a method of the universary description on policy elements and safety rules is used to support multiple security models.

Description

technical field [0001] The invention relates to a method for constructing an access control policy of a security model and a system thereof. Background technique [0002] At present, some research institutions at home and abroad have developed and designed some policy description languages, the traditional ones are ASL and PDL. ASL is a logic-based policy language, which has strong computing power, allows reasoning, and can better solve the problems of consistency check and conflict resolution of security policies, but they only target a certain access control model, and because of the use of predicate logic To describe the strategy, resulting in poor language readability, not easy to understand and write. PDL is an event-based policy language. The basic format of PDL is event-conditions-action, which means that the occurrence of an event will trigger the execution of an action if the conditions are met. It is mainly used in policy-based network management and does not su...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/56
Inventor 周学海李曦许宏琪杨峰李星舒龙昊
Owner 苏州国华科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com