XACML-based access control policy conflict detection method

An access control strategy and conflict detection technology, applied in other database retrieval, special data processing applications, creation/generation of source code, etc., can solve the problems of difficult and flexible modification, opacity of policy designers, etc., to achieve efficient and accurate policy control, implementation The effect of conflict detection

Pending Publication Date: 2022-01-21
NO 30 INST OF CHINA ELECTRONIC TECH GRP CORP
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Although the speed of conflict resolution is fast, the resolution pr

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • XACML-based access control policy conflict detection method
  • XACML-based access control policy conflict detection method
  • XACML-based access control policy conflict detection method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0039] The present invention will be further described below in conjunction with the accompanying drawings.

[0040] In order to solve the problems in the prior art, the present invention provides a method for detecting XACML policy rules. This method has a brand-new policy index structure, based on expression tree comparison, which can realize the conflict detection of complex policies and mark the cause of the conflict. Users can flexibly configure and resolve policy conflicts based on conflict marks to achieve efficient and accurate policy control.

[0041] The technical problems to be solved in the present invention are as follows:

[0042] (1) Establishment of expression trees and formal analysis of comparison rules;

[0043] (2) Conflict detection algorithm design.

[0044] Such as figure 1 As shown, the present invention proposes a method for detecting conflicts of access control policies based on XACML, including the following processes:

[0045] Step 1. Build a p...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides an XACML-based access control policy conflict detection method. The method comprises the following steps: 1, establishing a policy tree based on rules, policies and a policy set; 2, establishing an index structure according to the established strategy tree and the effect of the rule; 3, acquiring rules in the to-be-detected strategy, and comparing the rules with rules which are in different strategy trees and have opposite effects one by one; and 4, if the comparison result is that the rule pair has intersection, indicating that the rule pair conflicts, storing the rule pair in the queue to be output, repeating the steps 3-4 until all rules in the strategy to be detected are compared, and outputting all rule pairs in the queue to be output. According to the scheme provided by the invention, a brand new strategy index structure is adopted, conflict detection of complex strategies can be realized based on expression tree comparison, and reasons for conflict generation can be marked. A user can flexibly configure and eliminate strategy conflicts according to conflict marks, and efficient and accurate strategy management and control are achieved.

Description

technical field [0001] The invention relates to the field of access control, in particular to an XACML-based access control policy conflict detection method. Background technique [0002] Many of the challenges that arise during the development and maintenance of access control policies arise from the inability of policy administrators to properly translate high-level business requirements into low-level access control policies that can be implemented in access decisions. Several approaches to addressing this problem have been explored, including improving the policy language itself to provide a more direct expression of business needs. Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC) languages ​​are the representative results of this research series. But business rules are often flexible: exceptions are sometimes made, and onerous rules can be ignored or changed. Therefore, the process of selecting an access decision function according to busines...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F16/901G06F8/30
CPCG06F16/9027G06F8/30
Inventor 王雪赵越吴开均张皓
Owner NO 30 INST OF CHINA ELECTRONIC TECH GRP CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap