CN106572116A - Role-and-attribute-based cross-domain secure switch access control method of integrated network - Google Patents
Role-and-attribute-based cross-domain secure switch access control method of integrated network Download PDFInfo
- Publication number
- CN106572116A CN106572116A CN201610991427.1A CN201610991427A CN106572116A CN 106572116 A CN106572116 A CN 106572116A CN 201610991427 A CN201610991427 A CN 201610991427A CN 106572116 A CN106572116 A CN 106572116A
- Authority
- CN
- China
- Prior art keywords
- role
- access control
- user
- authority
- attribute
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention, which relates to the technical field of information security, provides a role-and-attribute-based cross-domain secure switch access control method of an integrated network. Using the method provided by the invention, a problem that the existing access control method can not consider access control granularity, flexibility, and decision-making performance in the dynamic complicated network environment according to the existing access control method can solved. The method is applied to access control nodes of an internet; four kinds of data and access control decision-making modules are arranged and are deployed at access control nodes of the internet network. When a mobile terminal accesses resources/a service of an internet network by an integrated network, an access node intercepts an access request to obtain user information and authority information associated with the user; if the access node can not obtain the authority information, a request is sent to an access control node; and the access control decision-making module of the access control node obtains authority of the user based on the following steps. Therefore, the access control granularity is refined and the access control method becomes flexible.
Description
Technical field
The present invention relates to field of information security technology, is related to a kind of access control method, and in particular to a kind of based role
With the fine-grained access control method of attribute.
Background technology
Integrated network is made up of terrestrial interconnection net and spatial network, and mobile terminal can be by terrestrial wireless base station or space
Low orbit satellite (LEO) access internet on resources/services.Within such networks, mobile terminal is frequently in heterogeneous networks
Switching (such as cut another LEO constellation from a LEO constellation, or terrestrial interconnection net is cut from spatial network), its space-time between domain
Attribute is continually changing.Access control demand DYNAMIC COMPLEX, access control decision will be relied more heavily on residing for access control request
Context environmental and master, the security attribute of object.Access control based roles method (RBAC) easily produces role's blast
Problem, cannot adapt to access control demand complicated and changeable.Beam-based alignment method (ABAC) solves RBAC not
The problem (i.e. role's explosion issues) of a large amount of context properties can be well supported, dynamic and fine-grained access is realized and is controlled
System.But compared with RBAC, the access control decision of ABAC is more complicated, it is more difficult to the safety analysis of the control rule that conducts interviews.
No matter RBAC or ABAC, there is corresponding merits and demerits, and there is stronger complementarity.Therefore, much
Scholar just proposes the scheme (i.e. RABAC) that RBAC and ABAC combine, to retain the simplicity and security of RBAC, and
The flexibility of ABAC.RABAC methods are based on RBAC, the static relation between user and authority to be managed using RBAC,
And guarantee the security of this relation, and the dynamic relationship between user and authority is managed using ABAC, by based on attribute
Access control rule is dynamically applied to user-role mapping, role-permissions mapping and user-permissions mapping.However, at present
The access control granularity of RABAC methods is thicker, and flexibility not enough, cannot also be applied to the cross-domain handoff-security of integrated network.
The content of the invention
It is an object of the invention to provide a kind of cross-domain handoff-security of the integrated network of based role and attribute accesses control
Method processed, to solve existing method access control granularity, flexibility and decision-making can not be taken into account under the network environment of DYNAMIC COMPLEX
The deficiency of aspect of performance.
The integrated network access control method of based role and attribute, the method is applied to the access control section of internet
Point, including four class data and access control decision module, data and access control decision module are deployed in the access of internet
In control node, when mobile terminal accesses the resources/services of internet by integrated network, access node intercepts first visit
Ask request, obtain user profile and the authority information associated by user, if access node cannot obtain authority information, to
Access control node sends request, and the power of user is obtained by following step by the access control decision module of access control node
Limit;The method is specifically realized by following steps:
Step one:User-role relation table, user-Role Policies table, role-authority pass are set up in node database
It is table and role-authorization policy table, according to retrieving what the user was possessed in ID u to user-role relation table
Role set R;
Step 2:Each role r in role set R described in traversal step one, is closed using role identification retrieval role r
The Role Policies set Policies_r of connection;
Step 3:Each Role Policies policy_ in Role Policies set Policies_r described in traversal step two
R, using tactful validity computational methods, with reference to user property UATT, role attribute RATT and environment attribute ENV each angle is calculated
Whether effectively the validity of color strategy policy_r, judge each Role Policies policy_r, if it is not, then from role set R
Middle deletion role r, and execution step two;If it is, continuing to judge the next angle in Role Policies set Policies_r
Color strategy;
Step 4:Each role r in traversal role set R, in role-authority relation table the role association is retrieved
All permissions identify p, and authority all permissions identified in p adds authority set PP;User property UATT and role are belonged to
Property RATT combines to form new role attribute RATT ';
Step 5:Each capability identification p in traversal authority set PP, the power of access right identification retrieval authority association
Limit strategy set Policies_p;
Step 6:Each authorization policy policy_p in traversal authorization policy set Policies_p, application strategy has
Effect property computational methods, with reference to new role attribute RATT ', object properties OATT and environment attribute ENV authorization policy is calculated
Whether effectively the validity of policy_p, judge authorization policy policy_p, if it is not, then deleting authority from authority set PP
Mark p, and execution step five, if it is, continuing with the next authorization policy in authorization policy set Policies_p;
Realize the NS software of based role and attribute.
Beneficial effects of the present invention:
There are two kinds based on the method for RABAC, one kind is to be only used for beam-based alignment strategy to reduce user-power
Limit relation, it is another kind of then be reduce role-authority relation when using simple role attribute RATT.Compared to the former, this
Bright method is more flexible, and beam-based alignment strategy not only may act on user-authority relation, may also act to use
Family-role relation.For example, using the access control method of the present invention, people can define user can not be swashed under certain conditions
Live or use certain role.
Compared to the latter, the access control granularity of the present invention is thinner.What the present invention was used when role-authorization policy is reduced
It is combined with the new role attribute RATT ' of user property.Due to the user property that RATT ' is included, therefore the present invention can be thinner
Granularity ground control role-authority relation, such as applies the method for the present invention, people to define certain (organization of organization
The typically attribute of user) role can not activate or using certain authority.
Description of the drawings
The frame of the cross-domain handoff-security access control method of integrated network of Fig. 1 based roles of the present invention and attribute
Frame schematic diagram;
The cross-domain handoff-security access control method of integrated network of Fig. 2 based roles of the present invention and attribute is accessed
Control decision flow chart;
Number in the cross-domain handoff-security access control method of integrated network of Fig. 3 based roles of the present invention and attribute
According to storehouse design principle figure;
The cross-domain handoff-security access control method of integrated network of Fig. 4 based roles of the present invention and attribute should
Use schematic diagram.
Specific embodiment
Specific embodiment one, the integrated network that present embodiment, based role and attribute are illustrated with reference to Fig. 1 to Fig. 4
Access control method, the method is divided into static and dynamic two parts, and method frame is as shown in Figure 1;Static part is used
RBAC methods determine the mapping relations of user and authority, and dynamic part is then weighed using beam-based alignment rule to user
Limit relation is reduced.
In the static part of method, present embodiment remains most elements of RBAC, including ID u, angle
Color R, capability identification P, authority can be subdivided into operation OPS and object OBS, user-role relation UR, role-authority relation RP and
Role succession relation RH.
Also user property UATT, such as user's sex, age, unit one belongs to are defined in present embodiment for user;For angle
Color defines role attribute RATT, such as role hierarchy;The class of the object that object properties OATT for authority definition, such as user are accessed
Type, affiliated unit etc.;Environment attribute ENV, such as current time, user position for Environment Definition.These attributes will be
The dynamic part participation role of method and authority are filtered, reduction user-role, role-authority relation.
In the dynamic part of method, present embodiment will determine the process (session establishment process) point of user-authority relation
For two stages, they are respectively designated as S1 and S2.
S1 is on the basis of user-role's static relation according to user property UATT, role attribute RATT and environment attribute ENV
And the available role of user is dynamically determined by the access control policy of these attribute definitions;
Based on role that S2 is determined by S1 and its corresponding authority, according to new role attribute RATT ', object properties
OATT, environment attribute ENV and the final available authority of user is dynamically determined by the strategy of these attribute definitions.
Session establishment process is specially:
S1:User-role relation UR is determined by RBAC model;According to user property UATT, role attribute RATT, environment category
Property ENV and corresponding strategies delete the relation for breaking the rules from user-role relation UR, generate new user-role relation
UR′;
S2:Role-authority relation RP is determined by RBAC model, and user property UATT and role attribute RATT is combined into shape
The role attribute RATT ' of Cheng Xin;According to new role attribute RATT ', object properties OATT, environment attribute ENV and corresponding strategies
The relation for breaking the rules is deleted from role-authority relation RP, new role-authority relation RP ' is generated.
Finally available user-authority relation UP ' can be obtained by above-mentioned S1 and S2, the relation be RBAC determine user-
The subset of authority relation UP, i.e.,Because the security of user-authority relation UP is ensured by RBAC, and it is of the invention
Access control method be that ineligible relation is deleted on the basis of user-authority relation UP, therefore, it is final to determine
User-authority relation UP ' can't violate the restriction of RBAC model.
Strategy is divided into two classes by the access control decision module of present embodiment:User-Role Policies and role-authority plan
Slightly.The former is retrieved by role, therefore this kind of strategy must include role identification, so as to the acquisition of access control decision module
Can be applicable to the All Policies of certain role.Adopt access control decision module to carry out the process of network node access control for:
Set up user-role relation table, user-Role Policies table, role-authority relation table and role-authorization policy
Table, this 4 class data is stored in database, wherein:
User-role relation table can represent by two tuples (u, r), wherein:U is ID, and r is role identification.
User-Role Policies table can represent by four-tuple (r, c, e, v), wherein:C is precondition expression formula;E is strategy
Expression formula;V is tactful effective term.In four elements, r is used for the role corresponding to associating policy.
Precondition expression formula c and policy expression e are based on the Boolean expression of attribute, and v is Boolean Class offset.Only
The value for having precondition expression formula c is true time, and access control decision module can just calculate the value of e, and according to result of calculation and v
Value is determining the validity of the user-Role Policies.The method of access control decision module calculative strategy validity is:
Calculate the value of precondition expression formula c;If the value of precondition expression formula c is true, the value of calculation expression e,
The value of e values and v is carried out into XOR, finally result is negated and is exported;If the value of precondition expression formula c is false, defeated
Go out true value.
From above-mentioned steps, when preposition conditional expression c is fictitious time, tactful validity is not affected by e values, i.e. the plan
Slightly cut little ice to reducing user-role relation.Only precondition expression formula c is true time, and the value of e just can controlling policy
Validity, and finally affect user-role relation.Certainly, the not unique decision-making validity of the value of e, it must be with v XORs
And negate.Therefore when v is true time, tactful validity has e to determine, otherwise by(e's is anti-) determines.Why introduce v, be for
Facilitate system manager (being especially unfamiliar with the keeper of policy expression) select e orAs access control rule.
Role-authority relation can be represented by two tuples (r, p);
Role-authorization policy can represent by four-tuple (p, c, e, v), wherein:The implication and user-Role Policies of c, e and v
In it is identical;Access control decision module can be used for the All Policies of certain authority according to the retrieval of the value of capability identification p.The plan
Validity computational methods slightly are identical with user-Role Policies.
Access control decision module will follow the steps below access control decision:
Step 1:According to retrieving all role R that the user is possessed in ID u to user/role relation table.
Step 2:Each role r in traversal R, using role identification the All Policies of the role association are retrieved
Policies_r。
Step 3:Each tactful policy_r in traversal Policies_r, application strategy validity computational methods calculate plan
Validity slightly, if result is false, the deletion role r (i.e. R=R r) from set R, and execution step 2, otherwise continue with
Next one strategy in set Policies_r.
Step 4:Each role r in traversal R, all permissions of the role association are retrieved in role/authority relation table
Mark p, and P is added into authority set PP (i.e. PP=PP ∪ P).
Step 5:Each capability identification p in traversal PP, the All Policies of access right identification retrieval authority association
Policies_p。
Step 6:Each tactful policy_p in traversal Policies_p, application strategy validity computational methods calculate plan
Validity slightly, if result is false, the deletion capability identification p (i.e. PP=PP p) from set PP, and execution step 5, otherwise
Continue with the next one strategy in set Policies_p.
Through above step, set R is the final available role set of user, and set PP is the final available authority of user
Collection.
Present embodiment can be applicable to the cross-domain security handoff process of integrated network, and the access to user's cross-domain please
Ask and be controlled.But present embodiment is not limited to integrated network, web application or other need the control that conducts interviews
Application program can be using the present invention.
Specific embodiment two, with reference to Fig. 4 illustrate present embodiment, present embodiment be specific embodiment one described in
The embodiment of the integrated network access control method of based role and attribute:The present embodiment is described by taking integrated network as an example
How the present invention is applied in the network environment, and other application programs can be as reference.
Integrated network includes ground internet and spatial network, and mobile terminal can pass through terrestrial wireless base station or space
Low orbit satellite (LEO) accesses the resources/services on internet, and integrated network framework refers to accompanying drawing 4.Due to spatial network platform
Load is limited, therefore Main Resources/service, and access control/identity authentication service is deployed in internet.Present embodiment
Described access control method is mainly used in the access control node of internet, including the four class data that are related to of method and visit
Ask control decision module.In view of spatial network postpone it is larger, can by data buffer storage to access node (such as LEO), while
Access control decision module is also deployed in access node to accelerate access control decision speed.
Setting data and access control decision module are deployed on the access control node of internet in present embodiment.
Firstly the need of setting up some tables of data in the database of node:User's table, Jiao Sebiao, authority list, user-role relation table,
Role-authority relation table, user-Role Policies table and role-authorization policy table.The setting arranged in relation and table between table is detailed
See accompanying drawing 3, wherein conditional expression, policy expression are character string type, and are OO Boolean expression.
In the present embodiment, set access control demand as:Organization can be May 1 in 2016 for the user of " 10 "
Day, to certain role is activated between June 1, otherwise disables the role.For this demand, definable conditional expression is:
U.org==" 10 " (u is user object, and org is user property, represents user unit one belongs to);Policy expression is:e.date
>=20160501&&e.date<=20160601 (e is environmental objects, and date is environment attribute, represents current date);Strategy
Effective term is true.
When mobile terminal accesses the resources/services of internet by integrated network, access node Intercept Interview first
Request, the authority information associated by acquisition user profile and user, if access node cannot obtain authority information and (work as user
Access first integrated network or user from a network domains cut another network domains when), then send to access control node
Request, by the access control decision module of access control node the authority of user is obtained as follows:
First, according to retrieving all role R that the user is possessed in ID u to user/role relation table.
2nd, each the role r in R is traveled through, using role identification the All Policies Policies_r of the role association is retrieved.
3rd, each the tactful policy_r in Policies_r is traveled through, application strategy validity method calculative strategy is effective
Property (process is related to user, role and environment attribute), if result is false, the deletion role r (i.e. R=R r) from set R,
And execution step 2, otherwise continue with the next one strategy in set Policies_r.
4th, each the role r in R is traveled through, all permissions mark of the role association is retrieved in role/authority relation table
P, and P is added into authority set PP (i.e. PP=PP ∪ P).
5th, each capability identification p in PP, the All Policies of access right identification retrieval authority association are traveled through
Policies_p。
6th, each the tactful policy_p in Policies_p is traveled through, application strategy validity method calculative strategy is effective
Property (process is related to user, role, object and environment attribute), if result is false, the deletion capability identification p from set PP
(i.e. PP=PP p), and execution step 5, otherwise continue with the next one strategy in set Policies_p.
Through above step, set R is the final available role set of user, and set PP is the final available authority of user
Collection.
Claims (3)
1. the cross-domain handoff-security access control method of the integrated network of based role and attribute, the method is applied to internet
Access control node, including four class data and access control decision module, data and access control decision module are deployed in mutually
On the access control node of networking, when mobile terminal accesses the resources/services of internet by integrated network, access node
Intercept Interview request first, the authority information associated by acquisition user profile and user, if access node cannot be weighed
Limit information, then send to access control node and ask, and by the access control decision module of access control node following step is passed through
Obtain the authority of user;It is characterized in that, the method is specifically realized by following steps:
Step one:User-role relation table, user-Role Policies table, role-authority relation table are set up in node database
And role-authorization policy table, according to retrieving the role that the user is possessed in ID u to user-role relation table
Set R;
Step 2:Each role r in role set R described in traversal step one, using role identification role r associations are retrieved
Role Policies set Policies_r;
Step 3:Each Role Policies policy_r in Role Policies set Policies_r described in traversal step two, adopts
With tactful validity computational methods, with reference to user property UATT, role attribute RATT and environment attribute ENV each role's plan is calculated
Slightly whether effectively the validity of policy_r, judge each Role Policies policy_r, if it is not, then deleting from role set R
Except role r, and execution step two;If it is, continuing to judge the next role's plan in Role Policies set Policies_r
Slightly;
Step 4:Each role r in traversal role set R, retrieves all of the role association in role-authority relation table
Capability identification p, and authority all permissions identified in p adds authority set PP;By user property UATT and role attribute
RATT combines to form new role attribute RATT ';
Step 5:Each capability identification p in traversal authority set PP, the authority plan of access right identification retrieval authority association
Slightly set Policies_p;
Step 6:Each authorization policy policy_p in traversal authorization policy set Policies_p, application strategy validity
Computational methods, with reference to new role attribute RATT ', object properties OATT and environment attribute ENV authorization policy policy_p is calculated
Validity, whether effectively judge authorization policy policy_p, if it is not, then delete capability identification p from authority set PP, and
Execution step five, if it is, continuing with the next authorization policy in authorization policy set Policies_p;Realization is based on
Role and the NS software of attribute.
2. the cross-domain handoff-security access control method of the integrated network of based role according to claim 1 and attribute,
Characterized in that, the detailed process that application strategy validity computational methods calculate the validity of Role Policies or authorization policy is:
Step A:The value of precondition expression formula c in calculative strategy;
Step B:Whether the value for judging precondition expression formula c in step A is true, if it is, the Policy Table in calculative strategy
Up to the value of formula e, the value of the value of the e and tactful effective term v is carried out into XOR, finally operation result is negated and defeated
Go out;If it is not, then output true value.
3. the cross-domain handoff-security access control method of the integrated network of based role according to claim 1 and attribute,
Characterized in that, by data buffer storage to access node, while access control decision module is also deployed in access node, using
In the access control decision speed for accelerating access control decision module.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610991427.1A CN106572116A (en) | 2016-11-10 | 2016-11-10 | Role-and-attribute-based cross-domain secure switch access control method of integrated network |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610991427.1A CN106572116A (en) | 2016-11-10 | 2016-11-10 | Role-and-attribute-based cross-domain secure switch access control method of integrated network |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106572116A true CN106572116A (en) | 2017-04-19 |
Family
ID=58541260
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610991427.1A Pending CN106572116A (en) | 2016-11-10 | 2016-11-10 | Role-and-attribute-based cross-domain secure switch access control method of integrated network |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106572116A (en) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109495474A (en) * | 2018-11-19 | 2019-03-19 | 南京航空航天大学 | Towards the dynamic access control frame internaled attack |
CN110704871A (en) * | 2019-09-23 | 2020-01-17 | 北京百分点信息科技有限公司 | Authority management method and device |
CN112733185A (en) * | 2020-12-30 | 2021-04-30 | 普华云创科技(北京)有限公司 | Method and system for controlling resources based on attribute access |
CN113098695A (en) * | 2021-04-21 | 2021-07-09 | 金陵科技学院 | Micro-service unified authority control method and system based on user attributes |
CN113206845A (en) * | 2021-04-28 | 2021-08-03 | 的卢技术有限公司 | Network access control method, device, computer equipment and storage medium |
CN113486312A (en) * | 2021-05-08 | 2021-10-08 | 北京易成时代科技有限公司 | Access control design method based on mode |
CN113779603A (en) * | 2021-09-13 | 2021-12-10 | 成都高新愿景数字科技有限公司 | Asset authority control system and method based on 4A unified security management platform |
CN116760610A (en) * | 2023-06-30 | 2023-09-15 | 中国科学院空天信息创新研究院 | User cross-domain authentication system, method, equipment and medium under network limited condition |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105187365A (en) * | 2015-06-04 | 2015-12-23 | 北京邮电大学 | Method and device for access control based on roles and data items |
US9641536B2 (en) * | 2014-10-20 | 2017-05-02 | International Business Machines Corporation | Policy access control lists attached to resources |
-
2016
- 2016-11-10 CN CN201610991427.1A patent/CN106572116A/en active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9641536B2 (en) * | 2014-10-20 | 2017-05-02 | International Business Machines Corporation | Policy access control lists attached to resources |
CN105187365A (en) * | 2015-06-04 | 2015-12-23 | 北京邮电大学 | Method and device for access control based on roles and data items |
Non-Patent Citations (2)
Title |
---|
HUI QI等: "Access Control Model Based on Role and Attribute and Its Applications on Space-Ground Integration Networks", 《2015 4TH INTERNATIONAL CONFERENCE ON COMPUTER SCIENCE AND NETWORK TECHNOLOGY》 * |
HUI QI等: "Access Control Model Based on Role and Attribute and Its Implementation", 《2016 INTERNATIONAL CONFERENCE ON CYBER-ENABLED DISTRIBUTED COMPUTING AND KNOWLEDGE DISCOVERY》 * |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109495474B (en) * | 2018-11-19 | 2021-04-13 | 南京航空航天大学 | Dynamic access control method facing internal attack |
CN109495474A (en) * | 2018-11-19 | 2019-03-19 | 南京航空航天大学 | Towards the dynamic access control frame internaled attack |
CN110704871A (en) * | 2019-09-23 | 2020-01-17 | 北京百分点信息科技有限公司 | Authority management method and device |
CN112733185A (en) * | 2020-12-30 | 2021-04-30 | 普华云创科技(北京)有限公司 | Method and system for controlling resources based on attribute access |
CN113098695B (en) * | 2021-04-21 | 2022-05-03 | 金陵科技学院 | Micro-service unified authority control method and system based on user attributes |
CN113098695A (en) * | 2021-04-21 | 2021-07-09 | 金陵科技学院 | Micro-service unified authority control method and system based on user attributes |
CN113206845B (en) * | 2021-04-28 | 2023-08-11 | 西藏宁算科技集团有限公司 | Network access control method, device, computer equipment and storage medium |
CN113206845A (en) * | 2021-04-28 | 2021-08-03 | 的卢技术有限公司 | Network access control method, device, computer equipment and storage medium |
CN113486312A (en) * | 2021-05-08 | 2021-10-08 | 北京易成时代科技有限公司 | Access control design method based on mode |
CN113486312B (en) * | 2021-05-08 | 2023-08-18 | 北京易成时代科技有限公司 | Access control design method based on mode |
CN113779603A (en) * | 2021-09-13 | 2021-12-10 | 成都高新愿景数字科技有限公司 | Asset authority control system and method based on 4A unified security management platform |
CN116760610A (en) * | 2023-06-30 | 2023-09-15 | 中国科学院空天信息创新研究院 | User cross-domain authentication system, method, equipment and medium under network limited condition |
CN116760610B (en) * | 2023-06-30 | 2024-05-07 | 中国科学院空天信息创新研究院 | User cross-domain authentication system, method, equipment and medium under network limited condition |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106572116A (en) | Role-and-attribute-based cross-domain secure switch access control method of integrated network | |
Zhang et al. | A survey on federated learning | |
US10055561B2 (en) | Identity risk score generation and implementation | |
Tsoumas et al. | Towards an ontology-based security management | |
Lv et al. | An optimizing and differentially private clustering algorithm for mixed data in SDN-based smart grid | |
US20120278264A1 (en) | Techniques to filter media content based on entity reputation | |
CN104735055B (en) | A kind of cross-domain safety access control method based on degree of belief | |
CN103905469B (en) | It is applied to intelligent grid radio sensing network and the safety control system of cloud computing and method | |
CN105915535B (en) | A kind of virtual resources access control method based on user identity | |
CN103312682B (en) | The method and system that gateway security accesses | |
Sicari et al. | Security&privacy issues and challenges in NoSQL databases | |
CN108600163A (en) | A kind of cloud environment distributed hash chain framework and cloud data integrity verification method | |
Alkhresheh et al. | DACIoT: Dynamic access control framework for IoT deployments | |
Zhang et al. | A trust‐based noise injection strategy for privacy protection in cloud | |
US20140281482A1 (en) | Secure storage and sharing of user objects | |
Chen et al. | Modeling and verifying NDN‐based IoV using CSP | |
CN115396229B (en) | Cross-domain resource isolation sharing system based on blockchain | |
Molinaro et al. | Polynomial time queries over inconsistent databases with functional dependencies and foreign keys | |
CN108366068A (en) | Cloud network resource management control system based on policy language under a kind of software defined network | |
Veichtlbauer et al. | Advanced metering and data access infrastructures in smart grid environments | |
Amiri et al. | Prever: Towards private regulated verified data | |
Zhang et al. | Research on access control scheme of system wide information management based on attribute association | |
CN107454112A (en) | A kind of method and its system for accessing trusted application | |
Gerges et al. | Scalable multi-tenant authorization in highly-collaborative cloud applications | |
Jing et al. | The construction and development of app application platform for public information products of urban grand media in the context of artificial intelligence |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20170419 |
|
WD01 | Invention patent application deemed withdrawn after publication |