Control design method for fine-grained mandatory access

Abstract

The invention discloses a control design method for fine-grained mandatory access. The control design method includes utilizing RBAC (role based access control) to design fine-grained access control strategies of system components, utilizing an analysis module to analyze the fine-grained access control strategies of all the system components, combining as an access control rule set covering the system access control strategies completely, and finally constructing hierarchical partial ordering structures of access rule subjects and objects reversely on the basis of the access control rule set. Thus, system mandatory access control strategies are designed. Compared with the prior art, the method has the advantages that design difficulty in realizing fine-grained access control in complex information systems is simplified, the hierarchical partial ordering structures of the access rule subjects and objects are constructed reversely by utilizing the access control rule set, and validity of fine-grained access control executed in real-time systems is guaranteed; in the process of utilizing the access control rule set to construct the hierarchical partial ordering structures of the access rule subjects and objects reversely to realize the system mandatory access control strategies, strategy conflicts in the design process of access control strategies can be found out.

Description

technical field [0001] The invention relates to the design of mandatory access control and fine-grained access control strategy in the field of information security access control, in particular to a fine-grained mandatory access control design method, which is applied to the fields of security management and security control of networks and information systems. Background technique [0002] In the current security management of information systems, commonly used access control methods are autonomous access control, mandatory access control, and role-based access control. [0003] Discretionary Access Control (DAC) is managed by the owner of the object on its own object, and the owner decides whether to grant the access right or part of the access right of his object to other subjects. This control method is autonomous of. Under discretionary access control, a user can independently choose which users can share his files. [0004] Mandatory Access Control (Mandatory Access...

AI Technical Summary

Problems solved by technology

[0008] In view of the deficiencies in the prior art, the present invention proposes a fine-grained mandatory access control design method for the access control security issues of high real-time complex information systems. The fine-grained mandatory access control design method in the present invention absorbs both RBAC is easy to implement fine-grained, suitable for the advantages of complex information systems, and also absorbs the advantages of high efficiency and security of MAC

Images