网络与信息安全学报2024,Vol.10Issue(1):58-78,21.DOI:10.11959/j.issn.2096-109x.2024003
基于场景感知的访问控制模型
Scenario-aware access control model
摘要
Abstract
Dynamic access control model is the theoretical basis for constructing a dynamic access control system for big data.However,most existing access control models can only fulfill dynamic access control in a single scenario and are unable to adapt to access control in multiple types of dynamic scenarios.These scenarios include changes in the contextual environment of big data,changes in entity relationships,and changes in the state of objects.To address these issues,an analysis was conducted based on the research of existing access control models and the dynamic factors of big data.Subsequently,scenario-aware access control(SAAC)model was proposed,which was based on dynamic factor conversion and scenario unified modeling.All types of dynamic factors were converted into basic elements such as attributes and relationships.Then,scene information was incorporated to model the various types of constituent elements in a unified manner.A big data dynamic access control model was constructed based on scene information to support multi-type dynamic factors and extended dynamic factors.The working framework of the SAAC model was designed,and the SAAC rule learning algorithm and SAAC rule execution algorithm were proposed corresponding to the workflow of the framework.This enabled the automatic learning of access control rules and dynamic access control decision-making.The security of the proposed model was analyzed and verified by introducing the non-transitive non-interference theory.To validate the effectiveness of the access control policy mining method of the proposed model,experimental comparisons were conducted between the SAAC model and baseline models such as ABAC-L,PBAC-X,DTRM,and FB-CAAC using four datasets.The experimental results demonstrate that the SAAC model and its strategy mining method outperforms the baseline models in terms of metrics such as area under the curve AUC,monotonicity,and steepness of the ROC curve.This verification confirms that the proposed model can support multiple types of dynamic factors and dynamic factor extensions,and that the combined effect of the access control rules obtained from its mining algorithm is relatively high.关键词
大数据/访问控制/动态因素/场景/无干扰理论Key words
big data/access control/dynamic factors/scenarios/non-interference theory分类
信息技术与安全科学引用本文复制引用
单棣斌,杜学绘,王文娟,王娜,刘敖迪..基于场景感知的访问控制模型[J].网络与信息安全学报,2024,10(1):58-78,21.基金项目
国家自然科学基金(62102449) (62102449)
国家重点研发计划(2018YFB0803603,2016YFB0501904) (2018YFB0803603,2016YFB0501904)
河南省重点研发与推广专项(222102210069)The National Natural Science Foundation of China(62102449),The National Key R&D Program of Chi-na(2018YFB0803603,2016YFB0501904),The Key Research and Development and Promotion Program of Henan Prov-ince(222102210069) (222102210069)
