Data category attribute representation method and access control method

Abstract

The invention discloses a data category attribute representation method and an access control method. The method comprises the following steps of: 1) classifying data resources of each layer of a target information system according to a set classification theme x to obtain a data classification tree Tx or a classification forest consisting of a plurality of trees; 2) for a data resource xi in thesystem, querying a corresponding data classification tree Tx, obtaining a path from a Tx root node to a node Txi corresponding to the xi, and representing an attribute value of the xi corresponding tothe classification theme x by utilizing the path information; 3) setting an attribute value of each main body in each layer of the target information system according to an access control requirement, and determining an attribute range of each main body capable of processing data resources; and 4) when the subject accesses the object of the corresponding layer, determining whether the attribute value of the subject is matched with the attribute value of the object or not, and if the attribute value of the subject is matched with the attribute value of the object and meets the set access condition, allowing the subject to access the object, the object being the data resource of each layer of the target information system.

Description

technical field [0001] The invention relates to a method for expressing category attributes of data resources and objects and an access control method, belonging to the technical field of network and information security. Background technique [0002] Access control is the main security mechanism in the field of information security. Mandatory access control (MAC), role-based access control (RBAC), and attribute-based access control (ABAC) are currently widely used. Among them, MAC is mainly used in security operating systems. ABAC is mainly applicable to application systems. Access control models such as MAC and ABAC all regard the category attribute of data (object) as a key element of access control conditions, making the definition and management of data category attributes an important issue in data security management. In the network environment, it is more complicated to define and manage the category attributes of massive data resources and objects distributed in va...

AI Technical Summary

Problems solved by technology

In the network environment, it is more complicated to define and manage the category attributes of massive data resources and objects distributed in various systems and levels in the network

At present, the category attribute definition methods given to support the implementation of MAC and ABAC often only support the definition of category attributes for simple concepts. , it is necessary to carefully design a combination of highly complex rules, which is prone to errors; secondly, the existing category attribute definition methods are generally designed for the data resources and object conditions of the application layer and system layer, and lack the consis

Images