检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:朱志鹏 任志宇[1] 杜学绘[1] ZHU Zhipeng;REN Zhiyu;DU Xuehui(Information Engineering University,Zhengzhou 450001,China)
机构地区:[1]信息工程大学,河南郑州450001
出 处:《信息工程大学学报》2023年第2期190-196,共7页Journal of Information Engineering University
基 金:国家自然科学基金资助项目(61272041)。
摘 要:针对现有基于属性的访问控制(ABAC)策略生成方法无法兼顾精准配置与高效生成的问题,提出结合自底向上和自顶向下的访问控制策略生成方法。通过将策略生成问题归一到基于用户-权限关系生成ABAC策略问题,将自底向上方案的高效迁移和自顶向下方案的精准配置结合;在生成泛化规则的过程中引入加权结构复杂度和规则语义质量度量,提高泛化规则的结构质量和语义质量;在合并规则时采用时序优先的冲突消解策略,保留更加符合实际运行场景的策略。仿真实验结果表明,生成策略集与原有权限的平均压缩比达到13.27%,证明该方法能稳定且精准地生成覆盖所有权限的ABAC策略集,生成的策略集具有高效的泛化能力。For the problem that the existing attribute-based access control(ABAC)policy genera-tion scheme fails to combine precise configuration and efficient generation,an access control policy generation method combining bottom-up and top-down is proposed.By normalizing the problem of policy generation to the problem of generating ABAC policies based on the user-permission relation-ship,the bottom-up efficient migration is combined with the top-down precise configuration.In the process of generating rules,weighted structural complexity and rule semantic quality measures are introduced to improve the quality of rules.In the process of merging rules,the policy that is more in line with actual scenarios is preserved with the conflict resolution strategy of timing priority.Simula-tion experiments show that the average compression ratio between the generated policy and the origi-nal permission reaches 13.27%.It is proved that the method can stably and accurately generate ABAC policy sets covering all permissions,and the generated policy sets have efficient generalization ability.
分 类 号:TP309[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:3.141.164.124