Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Dynamic risk access control method of cloud platform

A dynamic risk and access control technology, applied in digital transmission systems, electrical components, transmission systems, etc., can solve problems such as poor scalability, inability to dynamically match rules, fixed risk assessment index weights, and inability to adapt ABAC strategies to cloud environments.

Active Publication Date: 2017-11-24
CIVIL AVIATION UNIV OF CHINA
View PDF1 Cites 20 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Chen et al. proposed a dynamic risk-based access control model (dynamic risk-based access control, DRAC), which uses the data flow method to quantify user historical behavior information and combines system security status to construct risk assessment indicators, but there is an attribute-based access control (attribute based access control) model. Access control, ABAC) strategy cannot dynamically match the rules and the problem that the weight of risk assessment indicators is fixed
[0005] Since most access control models use static ABAC policies and cannot adapt to the cloud environment, current research work at home and abroad mainly uses role access control to improve ABAC policies, but the scalability is poor and complex
For the problem of fixed risk assessment index weights, currently commonly used dynamic weight assignment methods such as normalization method, principal component analysis method and entropy value method all have problems of low accuracy or poor real-time performance.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Dynamic risk access control method of cloud platform
  • Dynamic risk access control method of cloud platform
  • Dynamic risk access control method of cloud platform

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0047] The cloud platform dynamic risk access control method provided by the present invention will be described in detail below in conjunction with the accompanying drawings and specific embodiments.

[0048] Such as figure 1 As shown, the cloud platform dynamic risk access control method provided by the present invention includes the following steps carried out in order:

[0049] Step 1) Submit access request phase: the user submits the current access request req i (i=1,2,...), the current access request req i Contains four attributes: subject, object, access activity and access context;

[0050] Step 2) Rule matching strategy stage: use attribute based access control (ABAC) strategy to formulate the corresponding rule base, and match the rules in the rule base with the above-mentioned current access request req one by one i Match, if the match is successful, record the rule that matches successfully as the current rule rule j (j=1,2,...); if the match is unsuccessful, t...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a dynamic risk access control method of a cloud platform. The control method comprises steps of submitting an access request, implementing a rule matching strategy, carrying out an event deduction process, extracting a risk evaluation index, carrying out risk evaluation index weight distribution, calculating a risk value, calculating a threshold value, and making an access control decision. According to the dynamic risk access control method, an attribute based access control (ABAC) strategy is improved by using an event deduction mechanism with high expressivity and flexibility, thereby enhancing the dynamic and flexible properties during rule matching and thus realizing high adaptability to the complicated cloud environment; and a risk assessment index is constructed by using a system security state and historical behavior information of the user, a mathematic model for calculating a risk assessment index weight is put forward, and a corresponding weight is calculated based on a formula regression algorithm, so that the sensitivity to the access request by the risk value is improved. On the basis of observation of a simulated experiment, the rule is adjusted dynamically based on a change of an access request attribute; and the risk assessment index weights are distributed dynamically in real time and the sensitivity to the risk value by the access request is improved. The method has the good real-time and dynamic performances.

Description

technical field [0001] The invention belongs to the technical field of computer authority management and access control, and in particular relates to a dynamic risk access control method for a cloud platform. Background technique [0002] The traditional access control model in the cloud environment has problems such as the inability to dynamically match rules using static access control policies, the ineffective use of a large amount of historical user behavior information, and the inability to evaluate the current system security status. Researchers improve the traditional access control model by introducing risk factors to enhance the dynamics of the access control model. [0003] Cheng et al. believed that there were uncertain factors in the access control process, and introduced risk as an evaluation index into the access control model, and proposed a fuzzy multi-level security model. Ni et al. proposed a fuzzy BLP (Bell-LaPadula) model, applying fuzzy theory to access...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/24H04L29/06
CPCH04L41/145H04L63/0263H04L63/10H04L63/1408H04L63/1433H04L63/20
Inventor 杨宏宇宁宇光谢丽霞
Owner CIVIL AVIATION UNIV OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com