Attribute-based fuzzy access control calculation method

An access control and access controller technology, applied in the field of network security, can solve the problems such as affecting the authorization speed, the precise matching model cannot be dynamically adjusted, etc., to achieve the effect of improving the completeness

Inactive Publication Date: 2014-05-14
706 INST SECOND RES INST OF CHINAAEROSPACE SCI & IND
View PDF0 Cites 20 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, in actual situations, the access requester, the context environment, and the accessed resource may each include multiple attributes, so the order of magnitude for policy matching will reach O(n3), and when there are many attribute values, it will affect Authorization speed
In addition, in actual operation, the attribute information is often changing dynamically, and the exact matching model cannot be adjusted dynamically

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Attribute-based fuzzy access control calculation method
  • Attribute-based fuzzy access control calculation method
  • Attribute-based fuzzy access control calculation method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0046] The preferred embodiments will be described in detail below in conjunction with the flow charts. It should be emphasized that the following descriptions are only illustrative, not intended to limit the scope of the present invention and its application.

[0047] Step 1: The policy execution module is responsible for parsing the user's access request, extracting the subject attributes, and sending the authorization request and subject attributes to the policy decision module. The policy enforcement module can be distributed in multiple locations in the entire network environment, and the request subject cannot bypass the policy enforcement module and directly access resources.

[0048] Step 2: The strategy decision module makes a fuzzy strategy decision, and the specific steps are as follows:

[0049] Step 1): Input information processing.

[0050] Since some access request information and policy information are not in numerical form, data format conversion is required....

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention belongs to the technical field of network security, particularly relates to an attribute-based fuzzy access control calculation method. The method adopts a two-stage weighting method to assign different weights to an object and attributes thereof, then performs comprehensive judgment based on a fuzzy judgment matrix and a weighted average model, calculates a degree of satisfaction of an access request to an authorization policy, and finally obtains an limits of authority policy set based on fuzzy inference rules. Based on different weights of information of three attributes of a main body, resource and environment, the attribute-based fuzzy access control calculation method performs fuzzy processing on a policy decision-making process of access control, obtains the fuzzy authorization policy set, can deal with the problem of access control authorization under the circumstance that access request information partially satisfies judgment conditions, and is of great significance to improving completeness of access control.

Description

technical field [0001] The invention belongs to the technical field of network security, in particular to an attribute-based fuzzy access control calculation method. Background technique [0002] Service-oriented architecture has received extensive attention because of its good reusability, compatibility, and low development complexity. In order to achieve more fine-grained resource information security protection, the system formulates a large number of access policies based on various attributes of resources. The ABAC (Attribute based Access Control) model directly formulates policy access rules related to user attributes and resource attributes, and users can judge access rights to resources according to their corresponding attribute values ​​and corresponding rules. However, in the existing ABAC model, policy decision is a process of precise matching, and precise matching is performed according to various attribute information such as subjects, resources, and environmen...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
Inventor 毛俐旻段翼真陈志浩王斌王晓程
Owner 706 INST SECOND RES INST OF CHINAAEROSPACE SCI & IND
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap