计算机科学 ›› 2019, Vol. 46 ›› Issue (2): 109-114.doi: 10.11896/j.issn.1002-137X.2019.02.017

• 信息安全 • 上一篇    下一篇

一种基于特征提取的访问控制方法

黄美蓉, 欧博, 何思源   

  1. 湖南大学信息科学与工程学院 长沙410082
  • 收稿日期:2018-01-19 出版日期:2019-02-25 发布日期:2019-02-25
  • 通讯作者: 欧 博(1985-),男,博士,讲师,主要研究方向为信息隐藏、多媒体内容安全,E-mail:oubo@hnu.edu.cn
  • 作者简介:黄美蓉(1991-),女,硕士生,主要研究方向为云环境下的访问控制;何思源(1989-),男,硕士,主要研究方向为信息安全
  • 基金资助:
    本文受国家自然科学基金-青年项目(61502160)资助。

Access Control Method Based on Feature Extraction

HUANG Mei-rong, OU Bo, HE Si-yuan   

  1. College of Computer Science and Electronic Engineering,Hunan University,Changsha 410082,China
  • Received:2018-01-19 Online:2019-02-25 Published:2019-02-25

摘要: 当前,细粒度的授权控制是访问控制中的研究热点,它能够在单一固定的环境下合理地调整访问策略以满足工作流安全。然而,一旦其迁移到新场景,遭遇访问策略未设定的授权,它就可能难以给出正确判断,只能依靠人工审查来确认是否授权,但人工审查授权耗时耗力,在大数据环境下成本过高。因此,引入一种基于过去经验学习的自动化判别机制势在必行。文中尝试给出一种针对基于角色的多级访问控制模型的自动化审查方法,通过采样已有的正确和错误授权的时间、空间等特征来刻画出该访问控制的一般化特征表达,从而使得已有的访问控制模型在迁移环境下面对新情况依然能够给出正确判断,降低人工审查的工作量。实验表明,该分析机制对用户的访问请求有较高的正确评判率。

关键词: 多级授权管理, 访问控制, 数据分析, 特征

Abstract: Recently,fine-grained authorization control has become a hot topic in access control research field,and it can adjust access strategy reasonably in a single fixed environment,so as to meet the safety of workflow.However,it may be difficult to give a correct judgement and only rely on manual checking to confirm whether it is authorized when it is migrated to the new scenario and encounters authorization that is not set by access policy.Manual checking is time-consuming,and it costs too much in big data environments.Therefore,it is imperative to introduce an automatic discrimination mechanism based on past experiences.This paper attempted to give an automatic discrimination method for role-based multilevel access control model,and described the general expression of the access control by sampling the correct and incorrect authorization time and space.This allows the existing access control model to make the righ judgements under the new environments,thus reducing the workload of manual review.The experimental results show that the analysis mechanism has a higher correct judge rate for user access requests.

Key words: Access control, Data analysis, Feature, Multi-level authorization management

中图分类号: 

  • TP309
[1]WANG Y D,YANG J H,XU C,et al.Survey on access control technologies for cloud computing[J].Journal of Software,2015,26(5):1129-1150.(in Chinese)
王于丁,杨家海,徐聪,等.云计算访问控制技术研究综述[J].软件学报,2015,26(5):1129-1150.
[2]LI H,ZHANG M,FENG D G,et al.Research on access control of big data[J].Chinese Journal of Computers,2017,40(1):72-91.(in Chinese)
李昊,张敏,冯登国,等.大数据访问控制研究[J].计算机学报,2017,40(1):72-91.
[3]UZUN E,ATLURI V,SURAL S,et al.Analyzing temporal role based access control models[C]∥Proceedings of the 17th ACM symposium on Access Control Models and Technologies.ACM,2012:177-186.
[4]RANISE S,TRUONG A,ARMANDO A.Scalable and precise automated analysis of administrative temporal role-based access control[C]∥Proceedings of the 19th ACM Symposium on Access Control Models and Technologies.ACM,2014:103-114.
[5]BERTINO E,CATANIA B,DAMIANI M L,et al.GEO- RBAC:A spatially aware RBAC[C]∥Proceedings of the 10th ACM Symposium on Access Control Models and Technologies.New York:ACM Press, 2005:29-37.
[6]ANDROULAKI E,SORIENTE C,MALISA L,et al.Enforcing location and time-based access control on cloud-stored data[C]∥2014 IEEE 34th International Conference on Distributed Computing Systems (ICDCS).IEEE,2014:637-648.
[7]LI F H, WANG W, MA J F,et al.Action-based access control model and administration of actions[J].Acta Electronica Sinica,2008,36(10):1881-1890.(in Chinese)
李凤华,王巍,马建峰,等.基于行为的访问控制模型及其行为管理[J].电子学报,2008,36(10):1881-1890.
[8]KUHLMANN M,SHOHAT D,SCHIMPF G.Role mining-revealing business roles for security administration using data mining technology[C]∥Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies.ACM,2003:179-186.
[9]JAFARIAN J H,TAKABI H,TOUATI H,et al.Towards a general framework for optimal role mining:A constraint satisfaction approach[C]∥Proceedings of the 20th ACM Symposium on Access Control Models and Technologies.ACM,2015:211-220.
[10]MARTIN E,XIE T.Inferring access-control policy properties via machine learning[C]∥Seventh IEEE International Workshop on Policies for Distributed Systems and Networks.IEEE,2006.
[11]CLEVELAND J, MAYHEW M J, ADLER A,et al.Scalable machine learning framework for behavior-based access control[C]∥2013 6th International Symposium on Resilient Control Systems (ISRCS).IEEE,2013:181-185.
[12]MA M,TANG Z,LI R F,et al.Improved BLP Model Based on CRFs[J].Computer Science,2015,42(8):138-144,151.(in Chinese)
马萌,唐卓,李仁发,等.基于条件随机场的改进型BLP访问控制模型[J].计算机科学,2015,42(8):138-144,151.
[13]CRAMPTON J,MORISSET C,ZANNONE N.On missing attributes in access control:Non-deterministic and probabilistic attribute retrieval[C]∥Proceedings of the 20th ACM Symposium on Access Control Models and Technologies.ACM,2015:99-109.
[14]LI J,SQUICCIARINI A,LIN D,et al.Secloc:securing location-sensitive storage in the cloud[C]∥Proceedings of the 20th ACM Symposium on Access Control Models and Technologies.ACM,2015:51-61.
[15]JAYARAMAN K,GANESH V,TRIPUNITARA M,et al.Automatic error finding in access-control policies[C]∥Proceedings of the 18th ACM Conference on Computer and Communications Security.ACM,2011:163-174.
[16]OH S,PARK S.Task-role-based access control model[J].Information Systems,2003,28(6):533-562.
[17]ARDAGNA C A,CREMONINI M,DAMIANI E,et al.Supporting location-based conditions in access control policies[C]∥Proceedings of the 2006 ACM Symposium on Information,Computer and Communications Security.ACM,2006:212-222.
[18]RAY I,KUMAR M,YU L.LRBAC:a location-aware role-based access control model[C]∥International Conference on Information Systems Security.Springer Berlin Heidelberg,2006:147-161.
[19]RAY I,TOAHCHOODEEM.A spatio-temporal role-based access control model[C]∥IFIP Annual Conference on Data and Applications Security and Privacy.Springer Berlin Heidelberg,2007:211-226.
[20]CHEN H C,WANG S J,WEN J H,et al.Temporal and Location-based RBAC model[C]∥Fifth International Joint Confe-rence on INC,IMS and IDC.IEEE,2009:2111-2116.
[21]CHAKRABORTY S,RAY I.TrustBAC:integrating trust relationships into the RBAC model for access control in open systems[C]∥Proceedings of the Eleventh ACM Symposium on Access Control Models and Technologies.ACM,2006:49-58.
[22]LANG B.Access control oriented quantified trust degree representation model for distributed systems[J].Journal on Communications,2010,31(12):45-54.(in Chinese)
郎波.面向分布式系统访问控制的信任度量化模型[J].通信学报,2010,31(12):45-54.
[23]KANDALA S,SANDHUR.Secure role-based workflow models[M]∥Database and Application Security XV.Springer US,2002:45-58.
[24]BOTHA R A,ELOFF J H P.Designing role hierarchies for access control in workflow systems[C]∥Computer Software and Applications Conference,2001(COMPSAC 2001).IEEE,2001:117-122.
[25]SUN Y,MENG X,LIU S,et al.Flexible workflow incorporated with RBAC[C]∥International Conference on Computer Supported Cooperative Work in Design.Springer Berlin Heidelberg,2005:525-534.
[26]YAO H B,HU H P,LU Z D,et al.Dynamic role and context-based access control for grid applications[J].Computer Science,2006,33(1):41-44.(in Chinese)
姚寒冰,胡和平,卢正鼎,等.基于角色和上下文的动态网格访问控制研究[J].计算机科学,2006,33(1):41-44.
[1] 郭鹏军, 张泾周, 杨远帆, 阳申湘.
飞机机内无线通信网络架构与接入控制算法研究
Study on Wireless Communication Network Architecture and Access Control Algorithm in Aircraft
计算机科学, 2022, 49(9): 268-274. https://doi.org/10.11896/jsjkx.210700220
[2] 胡安祥, 尹小康, 朱肖雅, 刘胜利.
基于数据流特征的比较类函数识别方法
Strcmp-like Function Identification Method Based on Data Flow Feature Matching
计算机科学, 2022, 49(9): 326-332. https://doi.org/10.11896/jsjkx.220200163
[3] 李斌, 万源.
基于相似度矩阵学习和矩阵校正的无监督多视角特征选择
Unsupervised Multi-view Feature Selection Based on Similarity Matrix Learning and Matrix Alignment
计算机科学, 2022, 49(8): 86-96. https://doi.org/10.11896/jsjkx.210700124
[4] 陈晶, 吴玲玲.
多源异构环境下的车联网大数据混合属性特征检测方法
Mixed Attribute Feature Detection Method of Internet of Vehicles Big Datain Multi-source Heterogeneous Environment
计算机科学, 2022, 49(8): 108-112. https://doi.org/10.11896/jsjkx.220300273
[5] 李瑶, 李涛, 李埼钒, 梁家瑞, Ibegbu Nnamdi JULIAN, 陈俊杰, 郭浩.
基于多尺度的稀疏脑功能超网络构建及多特征融合分类研究
Construction and Multi-feature Fusion Classification Research Based on Multi-scale Sparse Brain Functional Hyper-network
计算机科学, 2022, 49(8): 257-266. https://doi.org/10.11896/jsjkx.210600094
[6] 李宗民, 张玉鹏, 刘玉杰, 李华.
基于可变形图卷积的点云表征学习
Deformable Graph Convolutional Networks Based Point Cloud Representation Learning
计算机科学, 2022, 49(8): 273-278. https://doi.org/10.11896/jsjkx.210900023
[7] 姜梦函, 李邵梅, 郑洪浩, 张建朋.
基于改进位置编码的谣言检测模型
Rumor Detection Model Based on Improved Position Embedding
计算机科学, 2022, 49(8): 330-335. https://doi.org/10.11896/jsjkx.210600046
[8] 苏丹宁, 曹桂涛, 王燕楠, 王宏, 任赫.
小样本雷达辐射源识别的深度学习方法综述
Survey of Deep Learning for Radar Emitter Identification Based on Small Sample
计算机科学, 2022, 49(7): 226-235. https://doi.org/10.11896/jsjkx.210600138
[9] 黄觉, 周春来.
基于本地化差分隐私的频率特征提取
Frequency Feature Extraction Based on Localized Differential Privacy
计算机科学, 2022, 49(7): 350-356. https://doi.org/10.11896/jsjkx.210900229
[10] 帅剑波, 王金策, 黄飞虎, 彭舰.
基于神经架构搜索的点击率预测模型
Click-Through Rate Prediction Model Based on Neural Architecture Search
计算机科学, 2022, 49(7): 10-17. https://doi.org/10.11896/jsjkx.210600009
[11] 张源, 康乐, 宫朝辉, 张志鸿.
基于Bi-LSTM的期货市场关联交易行为检测方法
Related Transaction Behavior Detection in Futures Market Based on Bi-LSTM
计算机科学, 2022, 49(7): 31-39. https://doi.org/10.11896/jsjkx.210400304
[12] 高振卓, 王志海, 刘海洋.
嵌入典型时间序列特征的随机Shapelet森林算法
Random Shapelet Forest Algorithm Embedded with Canonical Time Series Features
计算机科学, 2022, 49(7): 40-49. https://doi.org/10.11896/jsjkx.210700226
[13] 胡艳羽, 赵龙, 董祥军.
一种用于癌症分类的两阶段深度特征选择提取算法
Two-stage Deep Feature Selection Extraction Algorithm for Cancer Classification
计算机科学, 2022, 49(7): 73-78. https://doi.org/10.11896/jsjkx.210500092
[14] 张颖涛, 张杰, 张睿, 张文强.
全局信息引导的真实图像风格迁移
Photorealistic Style Transfer Guided by Global Information
计算机科学, 2022, 49(7): 100-105. https://doi.org/10.11896/jsjkx.210600036
[15] 曾志贤, 曹建军, 翁年凤, 蒋国权, 徐滨.
基于注意力机制的细粒度语义关联视频-文本跨模态实体分辨
Fine-grained Semantic Association Video-Text Cross-modal Entity Resolution Based on Attention Mechanism
计算机科学, 2022, 49(7): 106-112. https://doi.org/10.11896/jsjkx.210500224
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!