Two-level policy decision-based access control method and system

A technology for policy decision-making and access control, applied in the field of access control in information security, it can solve problems such as the generality of SAAM, and achieve the effect of ensuring generality

Active Publication Date: 2011-04-06
INST OF SOFTWARE - CHINESE ACAD OF SCI
View PDF6 Cites 13 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In the SAAM model, PEP does not base its decision-making on access control policies, so the decision-making logic is different from that of PDP. This re

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Two-level policy decision-based access control method and system
  • Two-level policy decision-based access control method and system
  • Two-level policy decision-based access control method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0052] Below by example the present invention is described in more detail.

[0053] like figure 2 As shown, it is assumed that the PEP and local PDP in the access control system are deployed on the resource server (that is, at first a PEP and local PDP will be deployed on each resource server, and the local PDP deployed together with the PEP is the first level), The central PDP is deployed on the policy decision server (that is, the central PDP is the second level), the resource server is physically separated from the policy decision server, and the resource server has a certain computing power; the resource server is physically separated from the policy decision server Yes, over a network connection. When the user is authenticated and initiates an access request to the protected resources stored on the resource server, the execution flow of the access control system based on two-level policy decisions is as follows:

[0054] 1. After the PEP intercepts the user's access re...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a two-level policy decision-based access control method and a two-level policy decision-based access control system, and belongs to the field of access control in information safety. In the method, a local policy decision point (PDP) is deployed at a policy enforcement point (PEP) end, and the local PDP makes a decision for an access request according to a local policy cache, and if the local PDP cannot determine that the decision is a deterministic decision, a central PDP finally finishes the decision according to a system policy library. The system comprises a policydecision server, an attribute publishing point and a plurality of resource servers, wherein a policy enforcement point (PEP) and a local policy decision point (PDP) are deployed on each resource server; and a central policy decision point (PDP) is deployed on the policy decision server. The invention has a good dynamically adjusted elastic system framework, fully utilizes the computing resources of the PEP end, lightens the burden of the central PDP, reduces the network transmission overhead and effectively improves the access control efficiency at extremely low policy update cost.

Description

technical field [0001] The invention belongs to the field of access control in information security, and particularly relates to an access control method and system based on two-level policy decision-making. Background technique [0002] As a security facility to protect resources from illegal access, the efficiency of access control system directly affects the efficiency of the entire system. Most of the current access control systems use the access control architecture in ISO / IEC 10181-3, that is, the policy enforcement point (Policy Enforcement Point, PEP) intercepts the access request initiated by the user, and then submits the access request to the policy decision point (PEP). Policy Decision Point, PDP) to make decisions, and finally the PEP executes the PDP decision. In practical applications, the PEP and the PDP are usually physically separated, so the communication channel between the PEP and the PDP needs to be protected. When the PEP side has a certain computing...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
Inventor 冯登国张立武王鹏翩
Owner INST OF SOFTWARE - CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap