Access method for controlling network service composition by means of ABAC model

Abstract

The invention discloses an access method for controlling network service compositions by means of an attribute-based access control (ABAC) model, and aims at achieving the purposes of preventing sensitive information in the network service composition from being leaked or being illegally accessed in the mode of saving more time and resources. The access method comprises the specific steps that 1,attribute constraints are extracted from a strategy library to achieve distributed storage of the attribute constraints; and 2, an access control mechanism is proposed, and the main body attribute constraint and the environment attribute constraint are calculated separately. According to the access method, the influence of irrelative strategies in the strategy library on the lookup time in the access control time is avoided, the resource waste problem generated in the network service composition calling process is solved, and the average calling time of the network service composition is greatly shortened.

Description

technical field [0001] The invention belongs to the technical field of computers, and further relates to an access method for controlling network services by using an improved attribute-based access control model ABAC (Attribute Based Access Control) in the technical field of computer network security. The invention can be used for access control on the process of accessing network service and network service combination to protect system sensitive information and prevent network service combination from being illegally accessed. Background technique [0002] A network service encapsulates a series of interrelated operations that jointly complete certain functions, and provides an interface through which network service visitors can access the network service. Web services provide services to visitors in this way. In the highly flexible, highly dynamic and cross-domain distributed environment of network services, it is easy to cause leakage of sensitive information and ille...

AI Technical Summary

Problems solved by technology

The shortcomings of this method are: on the one hand, due to the huge policy library of the attribute-based access control model, the policy search time will increase; The access process is independent of each other and there is time delay in the access process of network services, so when this method is used to control the combined access of network services, it will cause waste of resources and time

The shortcomings of this method are: on the one hand, the context processor in WS-ABAC only obtains network service parameters as object attributes in the ABAC model, and there are too few types of object attributes to fine-grain the access of network service visitors. control

If the existing technology is used to control the access to the network service composition, when a service in the service composition refuses to provide services to the user because the subject attribute, object attribute or environment attribute does not meet the policy rules, the network service that has been applied for will be all wasted

This results in a huge waste of time and resources

Images