Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Data category attribute representation method and access control method

A data category and data classification technology, applied in character and pattern recognition, instruments, computer parts, etc., can solve the problems of complex definition and management of massive data resources and object category attributes, lack, lack of expression ability, etc., to achieve simplicity and flexibility The effect of data access control granularity, strong expression ability, consistent understanding and matching processing

Pending Publication Date: 2020-08-21
INST OF INFORMATION ENG CAS
View PDF7 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In the network environment, it is more complicated to define and manage the category attributes of massive data resources and objects distributed in various systems and levels in the network
At present, the category attribute definition methods given to support the implementation of MAC and ABAC often only support the definition of category attributes for simple concepts. , it is necessary to carefully design a combination of highly complex rules, which is prone to errors; secondly, the existing category attribute definition methods are generally designed for the data resources and object conditions of the application layer and system layer, and lack the consistency of the network layer, system layer, and application layer. The comprehensible definition method of category attributes leads to the fact that when data is mapped, converted or transferred between various systems in the network environment and between the application layer, system layer, and network layer within the system, the category attributes of data objects at each layer are difficult to be identified by other layers. Understand and use the access control mechanism, it is difficult to cooperate with related applications, operating systems, network devices, security systems, etc. in the network to manage and control the data throughout the life cycle

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Data category attribute representation method and access control method
  • Data category attribute representation method and access control method
  • Data category attribute representation method and access control method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0020] Preferred embodiments of the present invention will be described below in conjunction with the accompanying drawings. It should be understood that the embodiments described here are only used to illustrate and explain the present invention, and are not intended to limit the present invention.

[0021] The category attribute representation method and access control method proposed in this paper are as follows: figure 1 shown.

[0022] 1. Data classification tree

[0023] In order to implement access control, data resources and object attributes are classified hierarchically, and a data classification tree or forest is constructed. According to actual needs, the level of the data classification tree can be one or more levels. figure 2 For a certain network system, resource classification design is carried out from the perspective of system security management, and two parallel multi-level classification trees are formed, which we call data classification forest. Accor...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a data category attribute representation method and an access control method. The method comprises the following steps of: 1) classifying data resources of each layer of a target information system according to a set classification theme x to obtain a data classification tree Tx or a classification forest consisting of a plurality of trees; 2) for a data resource xi in thesystem, querying a corresponding data classification tree Tx, obtaining a path from a Tx root node to a node Txi corresponding to the xi, and representing an attribute value of the xi corresponding tothe classification theme x by utilizing the path information; 3) setting an attribute value of each main body in each layer of the target information system according to an access control requirement, and determining an attribute range of each main body capable of processing data resources; and 4) when the subject accesses the object of the corresponding layer, determining whether the attribute value of the subject is matched with the attribute value of the object or not, and if the attribute value of the subject is matched with the attribute value of the object and meets the set access condition, allowing the subject to access the object, the object being the data resource of each layer of the target information system.

Description

technical field [0001] The invention relates to a method for expressing category attributes of data resources and objects and an access control method, belonging to the technical field of network and information security. Background technique [0002] Access control is the main security mechanism in the field of information security. Mandatory access control (MAC), role-based access control (RBAC), and attribute-based access control (ABAC) are currently widely used. Among them, MAC is mainly used in security operating systems. ABAC is mainly applicable to application systems. Access control models such as MAC and ABAC all regard the category attribute of data (object) as a key element of access control conditions, making the definition and management of data category attributes an important issue in data security management. In the network environment, it is more complicated to define and manage the category attributes of massive data resources and objects distributed in va...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06K9/62
CPCG06F18/24323
Inventor 于海波刘坤颖
Owner INST OF INFORMATION ENG CAS
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com