计算机工程与科学2025,Vol.47Issue(12):2169-2180,12.DOI:10.3969/j.issn.1007-130X.2025.12.009
融合聚类和结构优化的属性访问控制策略评估
Evaluation of attribute access control policy integrating clustering and structural optimization
摘要
Abstract
To accelerate the response speed for user requests to access resources,this paper proposes an evaluation method for attribute-based access control policies that integrates clustering and structural optimization.Firstly,a rule distance weight matrix is constructed to calculate the actual distances be-tween non-numeric rule data points.Secondly,large-scale policy sets are processed using the CKmeans(canopy k-means)two-stage clustering method,dividing it into several small-scale policy clusters to re-duce the scope of policy matching.Finally,based on a rule structure optimization and integration ap-proach,the number of rule entries within clusters is compressed,minimizing the number of comparisons between access requests and cluster rules,and a hash cache table is introduced to expedite access for re-peated requests.The effectiveness of the proposed method is validated using multiple XACML(extensi-ble access control markup language)access control policies from real-world systems.Experimental re-sults demonstrate that,compared to existing evaluation engines such as Sun's XACML and Xengine,as well as four types of machine learning methods,the proposed method significantly reduces time over-head across three policy sets—LMS,VMS,and ASMS—with a maximum reduction of approximately three orders of magnitude,greatly enhancing policy evaluation efficiency.关键词
授权访问控制/策略评估/双阶段聚类/规则结构优化/哈希缓存Key words
authorized access control/policy evaluation/two-stage clustering/rule structural optimi-zation/hash caching分类
信息技术与安全科学引用本文复制引用
XIA Tong,YUAN Lingyun,XIE Tianyu..融合聚类和结构优化的属性访问控制策略评估[J].计算机工程与科学,2025,47(12):2169-2180,12.基金项目
国家自然科学基金(62262073) (62262073)
云南省应用基础研究计划(202101AT070098) (202101AT070098)
云南省"万人计划"青年拔尖人才项目(YNWR-QNBJ-2019-237) (YNWR-QNBJ-2019-237)
云南省重大科技专项(202202AE090011) (202202AE090011)
