Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Access control determination engine optimization system and method based on big data

An access control and big data technology, applied in the field of access control of information security, can solve the problems of low actual performance index, large system resource overhead, and long delay in response to access requests.

Inactive Publication Date: 2014-07-02
INST OF INFORMATION ENG CHINESE ACAD OF SCI
View PDF2 Cites 11 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, emerging businesses such as distributed resource sharing, Web services, and inter-domain collaboration need to formulate a large number of XACML policy entries for fine-grained access control of resources. However, with the increase in policy size and policy semantic complexity, the efficiency of policy evaluation has become a constraint. Critical Bottleneck for System Availability
Although the XACML specification provides an access control implementation framework, it does not provide related optimization processing methods such as policy analysis, rule matching, and decision response, which largely leads to the XACML policy evaluation engine's ability to process policy information retrieval, multiple The actual performance indicators for policy matching and other issues are relatively low, specifically manifested in large system resource overhead, long delay in response to access requests, and many remote communication interactions, so it cannot meet the high business throughput of commercial applications
Existing related work mainly focuses on policy modeling, verification, analysis, and testing. Although there are a few works to optimize the efficiency of decision engines (such as: XEngine, Enterprise XACML, etc.), these solutions may have many limitations, Or the optimization effect is not obvious enough in the big data environment, so a good solution cannot be given

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Access control determination engine optimization system and method based on big data
  • Access control determination engine optimization system and method based on big data
  • Access control determination engine optimization system and method based on big data

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0057] Such as figure 1 As shown, the present invention is made up of server end and client end, and wherein server end comprises four parts: 1. original access control judgment engine and infrastructure thereof, including: access control judgment evaluation engine module, policy enforcement point, policy library module , Attribute authority module; ② Preprocessing framework: attribute preprocessing module, first-stage clustering module, second-stage clustering module; ③ Real-time service framework: registration center, mapping relationship module, set operation optimization module; ④ Background operation and maintenance Framework: new entity registration module, attribute change maintenance module, policy change maintenance module.

[0058] Among them: ①The original access control system and its infrastructure, here uses Sun’s XACML system as the basic access control engine; ②③④ Parts are developed using Java JDK1.6.0_10-rc2.

[0059] In order to better understand the techni...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

An access control determination engine optimization system based on big data is composed of a client terminal and a server terminal. The server terminal is used for conducting decision evaluation, authorization and execution on a request sent by the client terminal. The access control determination engine optimization system comprises an original access control determination engine, an infrastructure portion of the original access control determination engine, a preprocessing frame, a real-time service frame and a background operation and maintenance frame, wherein the original access control determination engine and the infrastructure portion of the original access control determination engine comprise an access control determination evaluation engine module, a strategy execution point, an attribute authority module and a strategy library module, the preprocessing frame is used for processing required before deployment of the access control determination engine, and comprises an attribute preprocessing module, a first-stage clustering module and a second-stage clustering module, the real-time service frame is used for processing a real-time request generated when the server terminal runs, and comprises a registration center module, a mapping relation module and a set operation optimization module, and the background operation and maintenance frame comprises a recent entity registration module, an attribute change and maintenance module, a strategy change and maintenance module and a preparation strategy set module. The access control determination engine optimization system has the advantages of being efficient and high in availability, safety and universality.

Description

technical field [0001] The invention belongs to the field of access control of information security, and in particular relates to an access control judgment engine optimization system and method based on big data. Background technique [0002] With the increasing openness of the modern Internet environment, the enhancement of regional interconnection, and the diversification and complexity of transaction processing, human society has gradually entered the era of big data. A notable feature of the big data era is the massive number of users, massive resources, and increasingly complex interaction relationships. Security has naturally become one of the primary issues. As an important technical means in the field of information security, the performance of all aspects of access control technology is also facing more and more challenges in the big data environment - the prominent performances are: ①The requirements for security and reliability are becoming more and more High, m...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F17/30H04L29/06
CPCG06F16/285G06F16/288H04L69/12
Inventor 王雅哲刘桐
Owner INST OF INFORMATION ENG CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com