Using the abac model to control the access method of network service composition

A network service and control network technology, applied in the field of access control of network services based on attribute access control model ABAC, can solve the problems of fine-grained control of network service visitors, few types of object attributes, waste of network services, etc., to avoid the strategy The impact of search time, the effect of reducing the impact of policy search time, the effect of overcoming the waste of policy search time

Active Publication Date: 2020-02-21
XIDIAN UNIV
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The shortcomings of this method are: on the one hand, due to the huge policy library of the attribute-based access control model, the policy search time will increase; The access process is independent of each other and there is time delay in the access process of network services, so when this method is used to control the combined access of network services, it will cause waste of resources and time
The shortcomings of this method are: on the one hand, the context processor in WS-ABAC only obtains network service parameters as object attributes in the ABAC model, and there are too few types of object attributes to fine-grain the access of network service visitors. control
If the existing technology is used to control the access to the network service composition, when a service in the service composition refuses to provide services to the user because the subject attribute, object attribute or environment attribute does not meet the policy rules, the network service that has been applied for will be all wasted
This results in a huge waste of time and resources

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Using the abac model to control the access method of network service composition
  • Using the abac model to control the access method of network service composition
  • Using the abac model to control the access method of network service composition

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0035] Attached below figure 1 The present invention is further described.

[0036] Step 1, obtain the access rule table chain of the combination of network services to be accessed.

[0037] From the ABAC policy library of the attribute-based access control model, the subject attribute constraints and environment attribute constraints in the attribute constraint definitions of all network services in the network service composition to be accessed are extracted.

[0038] Attribute constraints are defined as follows:

[0039] D=

[0040]

[0041]

[0042] Among them, D represents the constraint condition, represents the attribute type, and represents {≤,≥,,=,! =A logical operator in the set, which can be added by users to define a logical operator, indicates the attribute value, F indicates the attribute constraint subform, x indicates the total number of constraints, and D p Indicates the p-th constraint condition, ∩ indicates and, T indicates attribute constraint,...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an access method for controlling network service compositions by means of an attribute-based access control (ABAC) model, and aims at achieving the purposes of preventing sensitive information in the network service composition from being leaked or being illegally accessed in the mode of saving more time and resources. The access method comprises the specific steps that 1,attribute constraints are extracted from a strategy library to achieve distributed storage of the attribute constraints; and 2, an access control mechanism is proposed, and the main body attribute constraint and the environment attribute constraint are calculated separately. According to the access method, the influence of irrelative strategies in the strategy library on the lookup time in the access control time is avoided, the resource waste problem generated in the network service composition calling process is solved, and the average calling time of the network service composition is greatly shortened.

Description

technical field [0001] The invention belongs to the technical field of computers, and further relates to an access method for controlling network services by using an improved attribute-based access control model ABAC (Attribute Based Access Control) in the technical field of computer network security. The invention can be used for access control on the process of accessing network service and network service combination to protect system sensitive information and prevent network service combination from being illegally accessed. Background technique [0002] A network service encapsulates a series of interrelated operations that jointly complete certain functions, and provides an interface through which network service visitors can access the network service. Web services provide services to visitors in this way. In the highly flexible, highly dynamic and cross-domain distributed environment of network services, it is easy to cause leakage of sensitive information and ille...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
Inventor 刘刚柳佳雨王义峰张润南纪少敏崔娟王荣
Owner XIDIAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products