Attribute-based lightweight reconfigurable access control policy

被引：0

作者：

Xie R. ^{[1
]}

Li H. ^{[1
]}

Shi G. ^{[2
]}

Guo Y. ^{[3
]}

机构：

[1] School of Cyber Engineering, Xidian University, Xi'an

[2] Department of Electronics and Communication Engineering, Beijing Electronic Science and Technology Institute, Beijing

[3] Institute of Information Engineering, Chinese Academy of Sciences, Beijing

来源：

Tongxin Xuebao/Journal on Communications | 2020年 / 41卷 / 02期

基金：

中国国家自然科学基金; 国家重点研发计划;

关键词：

Algebraic expression; Atomic access control rule; Equivalent transformation; Lightweight; Reconfigurable;

D O I：

10.11959/j.issn.1000-436x.2020035

中图分类号：

学科分类号：

摘要：

Aiming at the severe challenges of access control policy redundancy and conflict detection, the efficiency of access control policy evaluation in complex network environment, an attribute-based lightweight reconfigurable access control policy was proposed. Taking the attribute-based access control policy as an example, the attribute-based access control policy was divided into multiple disjoint atomic access control rules according to the operation type, subject attribute, object attribute, and environment attribute in the access control policy. Complex access control policies were constructed through atomic access control rules and an algebraic expression formed by AND, OR logical relationships. A method for redundancy and collision detection of atomic access control rules was proposed. A method was proposed for decompose a complex access control policy into equivalent atomic access control rules and an algebraic expression. The method for redundancy and collision detection of complex access control policies were proposed through redundancy and collision detection of equivalent atomic access control rules and algebraic expressions. From time complexity and space complexity, the efficiency of the equivalent transformation access control policy was evaluated. It showes that the reconstruction method for access control policy greatly reduces the number, size and complexity of access control policy, improves the efficiency of access control policy redundancy and collision detection, and the efficiency of access control evaluation. © 2020, Editorial Board of Journal on Communications. All right reserved.

引用

页码：112 / 122

页数：10

共 15 条

[1] Ribeiro C., Zuquete A., Ferreira P., Et al., SPL: an access control language for security policies and complex constraints, The Network and Distributed System Security Symposium(NDSS'01), pp. 89-107, (2001)
[2] Damianou N., Dulay N., Lupu E., Et al., The ponder policy specification language, The International Workshop on Policies for Distributed Systems and Networks, pp. 18-38, (2001)
[3] eXtensible access control Markup language XACML version 3.0, (2013)
[4] Rao P., Lin D., Bertino E., Et al., An algebra for fine-grained integration of XACML policies, The 14th ACM Symposium on Access Control Models and Technologies (SACMAT'09), pp. 63-72, (2009)
[5] Shahzad M., Towards composing access control policies, IEEE International Conference on Communications (ICC), pp. 1-6, (2018)
[6] Xu Z., Stoller S., Mining attribute-based access control policies, IEEE Transactions on Dependable and Secure Computing, 12, 5, pp. 533-545, (2015)
[7] Ngo C., Demchenko Y., Laat De C., Decision diagrams for XACML policy evaluation and management, Computers & Security, 49, pp. 1-16, (2015)
[8] Yao J., Mao B., Xie L., A DAG-based security policy conflicts detection method, Journal of Computer Research and Development, 42, 7, pp. 1108-1114, (2005)
[9] Li R.X., Lu J.F., Li T.Y., Et al., An approach for resolving inconsistency conflicts in access control policies, Chinese Journal of Computers, 36, 6, pp. 1210-1223, (2013)
[10] Beckerle M., Martucci L.A., Formal definitions for usable access control rule sets from goals to metrics, The Ninth Symposium on Usable Privacy and Security (SOUPS), pp. 1-11, (2013)

← 1 2 →