Dynamic risk access control method of cloud platform

Abstract

The invention provides a dynamic risk access control method of a cloud platform. The control method comprises steps of submitting an access request, implementing a rule matching strategy, carrying out an event deduction process, extracting a risk evaluation index, carrying out risk evaluation index weight distribution, calculating a risk value, calculating a threshold value, and making an access control decision. According to the dynamic risk access control method, an attribute based access control (ABAC) strategy is improved by using an event deduction mechanism with high expressivity and flexibility, thereby enhancing the dynamic and flexible properties during rule matching and thus realizing high adaptability to the complicated cloud environment; and a risk assessment index is constructed by using a system security state and historical behavior information of the user, a mathematic model for calculating a risk assessment index weight is put forward, and a corresponding weight is calculated based on a formula regression algorithm, so that the sensitivity to the access request by the risk value is improved. On the basis of observation of a simulated experiment, the rule is adjusted dynamically based on a change of an access request attribute; and the risk assessment index weights are distributed dynamically in real time and the sensitivity to the risk value by the access request is improved. The method has the good real-time and dynamic performances.

Description

technical field [0001] The invention belongs to the technical field of computer authority management and access control, and in particular relates to a dynamic risk access control method for a cloud platform. Background technique [0002] The traditional access control model in the cloud environment has problems such as the inability to dynamically match rules using static access control policies, the ineffective use of a large amount of historical user behavior information, and the inability to evaluate the current system security status. Researchers improve the traditional access control model by introducing risk factors to enhance the dynamics of the access control model. [0003] Cheng et al. believed that there were uncertain factors in the access control process, and introduced risk as an evaluation index into the access control model, and proposed a fuzzy multi-level security model. Ni et al. proposed a fuzzy BLP (Bell-LaPadula) model, applying fuzzy theory to access...

AI Technical Summary

Problems solved by technology

Chen et al. proposed a dynamic risk-based access control model (dynamic risk-based access control, DRAC), which uses the data flow method to quantify user historical behavior information and combines system security status to construct risk assessment indicators, but there is an attribute-based access control (attribute based access control) model. Access control, ABAC) strategy cannot dynamically match the rules and the problem that the weight of risk assessment indicators is fixed

[0005] Since most access control models use static ABAC policies and cannot adapt to the cloud environment, current research work at home and abroad mainly uses role access control to improve ABAC policies, but the scalability is poor and complex

For the problem of fixed risk assessment index weights, currently commonly used dynamic weight assignment methods such as normalization method, principal component analysis method and entropy value method all have problems of low accuracy or poor real-time performance.

Images