Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A Cross-Security Domain Data Access Control Method Based on Role Mapping

A technology of data access control and role mapping, applied in electrical components, transmission systems, etc., can solve problems such as affecting the degree of data sharing, affecting the degree of resource sharing, and inability to function normally, and achieve the effect of avoiding typical violations of security constraints.

Inactive Publication Date: 2016-02-24
中国人民解放军63928部队
View PDF2 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Therefore, in an environment with a large scale and dynamic changes in the security domain, this method will fall into the dilemma of calculating security conflicts at any time, and cannot function normally.
[0008] (2) Affect the degree of data sharing
In order to eliminate the problem of violating security constraints, the current automation method will remove some cross-domain role mapping relationships, which will cause some security domains to fail to exchange information according to the previous sharing mode, thus affecting the degree of resource sharing.
[0009] To sum up, at present, the main solution to the violation of security constraints caused by cross-domain role mapping is to ensure the overall security of global role mapping by detecting global security conflicts and appropriately deleting some role mapping relationships. The disadvantage is that it cannot adapt to an environment with a large scale and dynamic changes in the security domain, and at the same time it will affect the degree of data sharing

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A Cross-Security Domain Data Access Control Method Based on Role Mapping
  • A Cross-Security Domain Data Access Control Method Based on Role Mapping
  • A Cross-Security Domain Data Access Control Method Based on Role Mapping

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0036] The present invention will be further described below in conjunction with accompanying drawing.

[0037] Such as figure 1 , a method for controlling data access across security domains based on role mapping, the method comprising the following steps:

[0038] (1) Receive and monitor the request message of role mapping, and analyze the role mapping path;

[0039] (2) Judging whether it is safe to establish a mapping with the role of the current domain, and at the same time discover and solve the role decay inheritance;

[0040](3) Forward the request message based on the domain mapping table and the historical path table, discover the target domain and establish a safe role mapping path with it.

[0041] Described step (1) comprises the following steps:

[0042] (1-1) Monitor the request message of the source domain user, and judge the message type;

[0043] (1-2) After the data access request is monitored, the path analysis function Extract including the variable re...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a data access controlling method a crossing safety area based on role mapping and belongs to the technical field of computer information processing. The method includes the following steps that request information mapped by a role is received and monitored. The role mapping way is analyzed. Whether the establishment of the mapping with the present domain is safe or not is judged. The role declining inheritance is found and solved at the same time. The request information based on a domain mapping table and a history routing table is transmitted. A target domain is found. A safe role mapping way is set up with the target domain. The fact that the cross-domain role mapping safety is evaluated, the role mapping request is monitored and analyzed, the safe way is judged and selected and the information is transmitted based on the domain mapping table and the history routing table is adopted, thus the problem of typically violating security constraint possibly triggered in the process of the cross-domain role mapping is effectively avoided. The data access controlling method crossing safety area based on the role mapping is suitable for the environment with large scale and dynamic changing of the safety domain.

Description

technical field [0001] The invention belongs to the technical field of computer information processing, and in particular relates to a method for controlling data access across security domains based on role mapping. Background technique [0002] At present, there are not many researches in China and abroad on data access control across security domains. The main work focuses on role-based access control RBAC (Role-BasedAccessControl) model extension-cross-domain data access control based on role mapping The focus of the research is how to solve the violation of security constraints such as role conflicts caused in the process of cross-domain role mapping. [0003] The role-based inter-domain access control model IRBAC (InteroperableRole-BasedAccessControl) is the prototype of the concept of cross-domain data access control. This model establishes role mapping through the conversion relationship of roles to achieve interoperability between two domains. In addition, XRBAC, a...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
Inventor 汪晓庆谷天阳郑彦兴房友园宗建建佟金荣
Owner 中国人民解放军63928部队
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products