System and method for detecting access control strategy collision in collaborative environment

Abstract

The invention discloses a system and a method for detecting access control strategy collisions in a collaborative environment. Firstly the problem of semantic isomerism of access control strategy used by each region in the collaborative environment among mutually-operated regions based on role mapping is solved, and on the basis, the problem of the access control strategy collisions in the collaborative environment is solved; therefore, the system and the method are particularly suitable for use in a collaborative environment with semantic isomerism. The technology adopts an improved strategy integration algorithm based on semantic integration and a strategy collision detection algorithm based on subgraph isomorphism as main algorithms. The main activities of the detection technology for the access control strategy collision in the collaborative environment comprise strategy pre-processing, multi-region strategy integration and strategy collision detection activity. The invention can detect the access control strategy collisions caused by mutual operation among regions by role mapping, so as to avoid the safety problems of unauthorized access and the like.

Description

technical field [0001] The invention relates to an access control policy conflict detection system and method in a collaborative environment, belonging to the field of computer network security. Background technique [0002] In most practical collaborative environments, neither developers nor managers want to completely abandon the existing authority management and access control systems, but hope to maintain a balance between the openness of authorization and the cost of system transformation. Inter-domain interoperability based on role mapping can effectively avoid the maintenance cost caused by modifying a large number of access control policies, enhance the convenience of cooperation between cross-domain organizations in the form of resource sharing, and reduce the heterogeneity of authorization systems and users in cross-domain environments. The management risk brought by the surge, so inter-domain interoperability based on role mapping has gradually become a representa...

AI Technical Summary

Problems solved by technology

[0003] However, on the one hand, with the increase of information and data access requirements, people pay more and more attention to the security and privacy of data. Therefore, in the inter-domain interoperability and collaboration environment based on role mapping, the access control policies formulated by each domain administrator Especially important, if there is a problem, it will directly lead to unauthorized access to autonomous domain resources

On the other hand, different autonomous domains may use different semantics to describe their access control policies, and the roles that are currently interoperable and mapped between autonomous domains may still have more authorizations for the roles than th

Images