Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Multi-domain RBAC (Role-Based Access Control) model-based access control policy composition method

A technology of access control strategy and composition method, which is applied in the field of strategy composition, can solve the problems of reduced practicality due to the complexity of the method, no support for activation strategy composition, and a large number of new roles and role hierarchical relationships, so as to avoid inheritance ring conflicts and permission separation conflicts , good performance and wide application prospects

Inactive Publication Date: 2013-03-06
SHANGHAI JIAO TONG UNIV
View PDF2 Cites 14 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, it only supports permission inheritance hierarchy, does not support strategy synthesis at the activation role level, and will introduce a large number of new roles and complex role hierarchy relationships, and its exponential method complexity reduces practicability

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Multi-domain RBAC (Role-Based Access Control) model-based access control policy composition method
  • Multi-domain RBAC (Role-Based Access Control) model-based access control policy composition method
  • Multi-domain RBAC (Role-Based Access Control) model-based access control policy composition method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0042] The present invention will be described in detail below in conjunction with specific embodiments. The following examples will help those skilled in the art to further understand the present invention, but do not limit the present invention in any form. It should be noted that those skilled in the art can make several modifications and improvements without departing from the concept of the present invention. These all belong to the protection scope of the present invention.

[0043] Step 1: The main purpose of this step is to merge the RBAC policies in a domain into a role tree, that is, there is a highest-level role as the root role that inherits all other roles. For the case where there is only one highest-level role in the domain, this step can be skipped. If there are multiple high-level roles in the domain, a new role can be created and inherit all high-level roles at the same time, as the root of the role tree.

[0044] Such as figure 1 As shown, character tree...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

A multi-domain RBAC model-based access control policy composition method includes the following steps: tree merge is carried out in a single domain, indirect permission sets of roles, i.e. A inherited permission set and I inherited permission set, are then calculated, finally, the permission sets of the inter-domain rolles are recursively compared, the roles to be divided are determined, inter-domain role mapping is established, and a global access policy is generated. The multi-domain RBAC model-based access control policy composition method inputs the RBAC policies of multiple domains to be composed as a method, establishes inter-domain role mapping sets according to the role permission assignment relations, the role hierarchies and the inter-role SOD (Separation of Duties) constraints in the original domains, and generates and outputs a global access control policy.

Description

technical field [0001] The invention relates to a method for synthesizing policies in the field of network access control, in particular, a method for synthesizing policies for role-based access control (RBAC) between multiple domains. Background technique [0002] With the development of the Internet and society, collaborative work among various domains has become more and more important, and more and more resources need to be shared among different domains. Meet the access control policy for inter-domain resource sharing. Role-based access control (RBAC) has flexible features such as role hierarchy, least privilege, and privilege separation. It is suitable for application in a multi-domain environment and formulates global security policies that meet the needs of inter-domain security interoperability. At present, the principle of RBAC policy synthesis is mainly inter-domain role mapping, and its methods include two types: permission-based and non-privilege-based. Non-au...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
Inventor 潘理訾小超周鑫张清源
Owner SHANGHAI JIAO TONG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com