JP2007226495A - Policy management device, policy management program, and policy management method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To perform access control entirely identical to an already set access control list and to minimize the number of rules included in the access control list. <P>SOLUTION: An access control matrix generation part 5 creates an access control matrix from the access control list in an access control list DB 4. An access control list minimization part 7 analyzes the access control list and the access control matrix in accordance with the frequency with which Subject information or the access control list is updated or a manager's request and creates a minimum access control list where the number of access control rules becomes minimum. A request permission determining part 9 compares contents between a request and the access control matrix to judge whether or not to permit the request. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to a policy management apparatus, a policy management program, and a policy management method.

  Conventionally, an access control technique using an access control list has been proposed in order to prevent unauthorized access to a file server or a database system or information leakage due to an erroneous operation (see, for example, Patent Document 1 and Patent Document 2). There is a role-based access control technique as a typical access control method. There are several applications for role-based access control technology. Hereinafter, an example of the role-based access control technique will be described. In the following description, the term “policy” is used. The policy is a condition for accessing a file server, a database system, or the like.

  First, the access control rule will be described. In the role-based access control technology, the subject of access control is called “Subject Role”, and these are S1, S2,. Further, the object of access control is called “Target” and is T1, T2,..., Tn. Here, Subject Roles S1, S2,..., Sn represent job titles, organization names, etc., and the order relation is set in the order of subscript numbers. For example, S1 = general employee <S2 = deputy section manager <S3 = section manager <S4 = deputy section manager <S5 = department manager <... <Sn = representative director. Further, the Targets are independent of each other and do not have such an order relationship.

  In the role-based access control technology, there are three types of access control rules as “authorization rules”, “propagation rules”, and “exception rules” as access control rules. As shown in FIG. 9, these three types of access control rules are further classified into four types of propagation rules, and two types of authorization rules and acceptance rules.

  More specifically, there are two types of authorization rules: Auth + (Sa, Tb) and Auth− (Sa, Tb). Auth + (Sa, Tb) is a rule that defines that a user whose Subject Role is Sa can access the Target Tb, and Auth- (Sa, Tb) is a user whose Subject Role is Sa is prohibited from accessing the Target Tb. It is a rule that defines that.

  In addition, there are four types of propagation rules: Auth + (Tb) ↑, Auth + (Tb) ↓, Auth− (Tb) ↑, and Auth− (Tb) ↓. Auth + (Tb) ↑ is a rule that defines that Auth + (*, *) set for Target Tb is propagated to the upper Subject Role, and Auth + (Tb) ↓ is for Target Tb. The set Auth + (*, *) is a rule that defines propagation to the lower Subject Role.

  Auth- (Tb) ↑ is a rule that defines that Auth-(*, *) set for Target Tb is propagated to the upper Subject Role, and Auth- (Tb) ↓ is Auth-(*, *) set for Target Tb is a rule that defines propagation to the lower Subject Role. In the description of the rule, “upper” means the smaller subscript when the above-described Subject Roles S1, S2,..., Sn are arranged in ascending order, and “lower” means the larger subscript. Indicates.

  There are two types of exception rules: eAuth + (Sa, Tb) and eAuth− (Sa, Tb). eAuth + (Sa, Tb) is a rule that defines that a user whose Subject Role is Sa is prohibited from accessing the Target Tb, and eAuth- (Sa, Tb) is a user whose Subject Role is Sa is the Target Tb. This rule defines access prohibition.

  Next, the access control list will be described. A set of the above-described three types and eight types of access control rules is referred to as an access control list. The access control list is a list created by the system administrator. The access control list is classified according to the type of Target to be ruled. For example, a collection of all access control rules set for Target T1 is referred to as an “access control list (T1)”. An example of the access control list (T1), the access control list (T2), and the access control list (T3) is shown in FIG. However, the subject role has eight {S1 <S2 <S3 <S4 <S5 <S6 <S7 <S8}, and the target has only three {T1, T2, T3}. And

  Next, the access control matrix will be described. A list of access rights set for all combinations of Subject Roles and Targets based on the access control list is called an access control matrix. The access control matrix is created inside the system as needed in order for the system to perform the actual access control processing. Generally, the system administrator does not need to create or edit the access control matrix directly. . FIG. 11 shows an access control matrix corresponding to the access control lists (T1) to (T3) described above.

  Here, a method of creating the access control matrix shown in FIG. 11 from the access control list shown in FIG. 10 will be briefly described with reference to FIG. 12, taking the case of the access control list (T1) as an example. First, all Subject Roles are listed according to the order set between Subject Roles on the vertical axis, and a table in which the name of Target is described on the horizontal axis is created (Step 1). Next, + · − is described in the above table for all authorization rules described in the access control list (FIG. 10) (Step 2).

  Next, in accordance with all the propagation rules described in the access control list (FIG. 10), + and − described in Step 2 are propagated to other lines and described (Step 3). Next, according to all the acceptance rules described in the access control list (FIG. 10), the + and − symbols of the access control matrix created in the procedure up to Step 3 are overwritten (Step 4).

The access control matrix is completed by executing the above steps 1 to 4 for all the targets. In addition, when an access control matrix is created according to the above procedure, a case such as “both + and − symbols are described” or “+ and − symbols are not described” occurs in one row. Can be considered. This is a problem that occurs because the previously set access control list is incomplete, and is excluded here. That is, it is assumed that the access control list is properly set in advance so that there are no double symbol descriptions or undefined parts in the access control matrix.
JP 2005-182478 A JP 2004-139292 A

  In general, an administrator sets an access control list, and actual access control processing is performed in the system based on an access control matrix automatically created based on the access control list. At this time, the description method of the access control list from which a certain access control matrix is created is not necessarily unique. For this reason, the management work of the administrator's access control list becomes complicated.

  For example, the same access control matrix (T1 in FIG. 11) is created from the access control list shown in FIG. In general, as the acceptance rule increases in the access control list, the number of rules described in the access control list increases, and it becomes difficult for the administrator to manage it. For the administrator, the smaller the number of rules included in the access control list, the better. For example, in the example shown in FIG. 2 and access control list (T1) No. 3 than the access control list (T1) No. 3. Obviously, 1 is the most manageable access control list.

  However, the exception rules are added to the access control list as necessary in operation, and it is natural that the number thereof gradually increases. Therefore, a technology that periodically analyzes the set access control list and automatically creates an access control list that minimizes the number of rules for which the same access control matrix is created (this is called a minimum access control list). Is required.

  In the prior art (Patent Document 1), it is possible to detect contradictory rules and redundant rules set in the access control list. However, there is no method for minimizing the number of rules included in the access control list. In the prior art (Patent Document 2), it is possible to diagnose and present whether there is an excessively strict or loose policy in the access control list before actual operation. However, there is no mention of a technique for minimizing the number of rules included in the access control list.

  The present invention has been made in view of such circumstances, and its purpose is to realize the same access control as that of an already set access control list and to include a rule included in the access control list. To provide a policy management apparatus, a policy management program, and a policy management method capable of minimizing the number.

  In order to solve the above-described problem, the present invention defines the access right of the user to the target based on an access control list including a plurality of access control rules that define a user access condition for the target to be accessed. An access control matrix generating means for generating an access control matrix for generating the access control matrix, and an access control for generating a minimum access control list having a minimum number of access control rules based on the access control matrix generated by the access control matrix generating means And a list minimizing means.

  According to the present invention, in the above invention, the access control list minimizing means includes an access control rule generating means for generating all combinations of access control rules that can be generated from the access control matrix, and the access control rule generating means. Based on the combination of the generated access control rules, the extracting means for extracting the smallest number of access control rules and the combination of the access control rules extracted by the extracting means, the minimum access control list is generated. And a minimum access control list generating means.

  In order to solve the above-described problem, the present invention provides an access control list storage unit that stores an access control list including a plurality of access control rules that define user access conditions for a target to be accessed, and the access Based on an access control list stored in the control list storage means, an access control matrix generation means for generating an access control matrix for defining an access right of the user for the target, and an access for storing the access control matrix Based on the control matrix storage means and the access control matrix stored in the access control matrix storage means, a minimum access control list that minimizes the number of access control rules is generated and output to the access control list storage means A control list minimizing means; According to the access control matrix stored in the scan control matrix storage unit, characterized by comprising a request determination means for determining whether the request to the target user.

  In order to solve the above-described problem, the present invention provides the computer with respect to the user based on an access control list including a plurality of access control rules that define access conditions for the user with respect to the target to be accessed. Generating an access control matrix for defining a right of access and generating a minimum access control list that minimizes the number of access control rules based on the access control list and the access control matrix It is characterized by making it.

  Further, in order to solve the above-described problem, the present invention provides the user with respect to the target based on an access control list that is a collection of access control rules in which user access conditions for the target to be accessed are defined. Generating an access control matrix for defining an access right, and generating a minimum access control list having a minimum number of access control rules based on the access control list and the access control matrix. It is characterized by.

  According to the present invention, the access control matrix generating means defines the user's access right to the target based on the access control list including a plurality of access control rules that define the user's access condition for the target to be accessed. And an access control list minimizing unit generates a minimum access control list that minimizes the number of access control rules based on the generated access control matrix. Therefore, the same access control as the already set access control list can be realized, the number of rules included in the access control list can be minimized, and the management work of the access control list can be greatly reduced. The advantage that it can be obtained.

  According to the present invention, the access control list minimizing means generates all combinations of access control rules that can be generated from the access control matrix by the access control rule generating means, and the access control list generated by the extracting means. Among the combinations of rules, a combination that minimizes the number of access control rules is extracted, and a minimum access control list is generated by the minimum access control list generation unit based on the extracted combination of access control rules. Therefore, the same access control as the already set access control list can be realized, the number of rules included in the access control list can be minimized, and the management work of the access control list can be greatly reduced. The advantage that it can be obtained.

  Further, according to the present invention, an access control list comprising a plurality of access control rules defining user access conditions for the target to be accessed is stored in the access control list storage means, and the access control matrix generating means controls the access control. Based on the list, an access control matrix for defining a user access right to the target is generated, the access control matrix is stored in the access control matrix storage means, and the access control list and the access are accessed by the access control list minimizing means. Based on the control matrix, a minimum access control list that minimizes the number of access control rules is generated and output to the access control list storage means, and the access control stored in the access control matrix storage means by the request availability determination means According to the matrix That determine the propriety of the request to the target. Therefore, the same access control as the already set access control list can be realized, the number of rules included in the access control list can be minimized, and the management work of the access control list can be greatly reduced. The advantage that it can be obtained.

Hereinafter, a policy management apparatus according to an embodiment of the present invention will be described with reference to the drawings.
FIG. 1 is a block diagram showing a configuration of a policy management apparatus according to an embodiment of the present invention. The Subject (user) registration / deletion / modification unit 1 registers (deletes or modifies) the information and order of the Subject (user) in the Subject (user) information DB (database) 3. The access control list registration / deletion / correction unit 2 registers (deletes or corrects) an access control list in the access control list DB 4. The access control matrix generation unit 5 creates an access control matrix from the access control list of the access control list DB4 and stores it in the access control matrix DB6.

  The access control list minimizing unit 7 analyzes the subject (user) information, the access control list, and the access control matrix according to the frequency of updating the subject (user) information or the access control list, or according to the request of the administrator. Create an access control list consisting of the minimum number of rules. The request receiving unit 8 receives an access request from the subject (user 12) to the target (file server 13). The request availability determination unit 9 compares the contents of the request and the access control matrix to determine whether the request is permitted or prohibited.

  The availability determination result processing unit 10 notifies the target (file server 13) of the availability determination result of the request. The access control list check unit 11 compares the access control list with the subject (user) information, and when there is no subject described in the access control list, performs an operation of invalidating the corresponding rule, The access control list is compared with the Target, and if there is no Target described in the access control list, the corresponding rule is invalidated.

  Next, the operation of the above-described embodiment will be described. 2 to 4 are flowcharts for explaining the operation of the policy management apparatus according to the present embodiment. Here, a case where a minimum access control list for the access control matrix (T1) shown in FIG. 11 is derived will be described.

  First, the access control list is read (S1), and the existing access control matrix is temporarily copied to another table (S2). Next, as an access control list sorting process, the access control list is rearranged in ascending order according to the order of Subject Roles (user rules) (S3). Next, t = (0, 1,..., Total number of targets) is set (S4), and t is incremented by 1 (S18), and the following processing is repeated for all targets.

  First, i = (0, 1,..., The total number of subjects (users) +1) is set (S5), i is incremented by 1 (S9), and the following steps S6 to S8 are repeated. The total number of subjects (users) for which prohibition rules have been set for the i-th and previous users is substituted into a variable p (S6). Next, the total number of subjects (users) for which permission rules are set in the i-th and subsequent subjects (users) is substituted into a variable q (S7). When i = 0, 1, the total number of subjects (users) −1, or the total number of subjects (users), sum = (p + q−1) and the value of index = i are written to the table A. , I is other than the above, sum = (p and q) and the value of index = i are written in the table A (S8).

  Next, j = (0, 1,..., Total number of subjects (users) +1) is set (S10), j is incremented by 1 (S14), and the following steps S11 to S13 are repeated. The total number of subjects (users) for which permission rules have been set in the j-th and previous subjects (users) is substituted into the variable p (S11). Next, the total number of subjects (users) for which prohibition rules are set in the jth and subsequent subjects (users) is substituted into the variable q (S12). If j = 0, 1, the total number of subjects (users) −1, or the total number of subjects (users), sum = (p + q−1) and the value of index = i + j are written to table A. , J is other than the above, sum = (p and q) and the value of index = i + j are written to the table A (S13).

  Next, the table A is searched for one having the smallest value sum, and the index value at that time is extracted (S15). Then, the existing access control list is rewritten with the next access control list (S16). That is, Auth + (tth target) ↑ (only when index = [2, 3,..., Total number of users + 1]), Auth + (tth target) ↑ (index = [total number of users + 2, total number of users) Auth- (t-th target) ↑ (only when index = [total number of users + 4, total number of users + 5,..., Total number of users × 2 + 2]), Auth− (tth target) ↓ (only when index = [0, 1,..., Total number of users−1]), Auth + (indexth user, tth target), Auth− (index + 1th user) , T-th target).

  Next, based on the above access control list, create an access control matrix and compare it with the existing access control matrix that has been temporarily copied. The exception rule to be described is described in the access control list (S17). When the above processing is completed for all targets, the access control matrix copied temporarily to another table is deleted (S19), and the processing ends.

  Next, the above-described access control list minimization method will be described more specifically. Here, FIG. 5 is a conceptual diagram showing a search process of the optimum access control list.

  In Step 1 to Step 9, the dotted line block above the thick line represents the {Auth- (T1) ↓} policy, and the solid line frame below the thick line represents the {Auth + (T1) ↑} policy. Also, in Step 10 to Step 18, the dotted line frame above the thick line represents the {Auth- (T1) ↑} policy, and the solid line frame below the thick line represents the {Auth + (T1) ↓} policy. Yes. Further, “◯” marks in the right column of each step represent {eAuth + (Sx, T1)} or {eAuth− (Sx, T1)}, respectively. For convenience, numbers 0 to 8 are assigned to the boundaries of each column, and this is referred to as a reference position.

  Step 1: First, the reference position is set to 0 first. In FIG. 5, the thick line of Step 1 represents the reference position. With respect to the set reference, a dotted line frame expressing the {Auth + (T1) ↑} policy is described above the reference position, and a solid line frame expressing the {Auth− (T1) ↓} policy is described below the reference position. However, in the case of Step 1, since the reference position is at the uppermost end, the dotted frame is not marked. Next, the following processing is performed for each of the solid line block and the dotted line block.

(1) If there is a “-” in the solid line block, enter “◯” on the right side of the line.
(2) If there is a “+” in the dotted line block, enter “◯” on the right side of the line.

Step 2: Next, the reference position is set to 1, and the same operation as Step 1 is performed.
Step 3 to Step 9: Similarly, the same operation is repeated until the (number of rows + 1) Step, while incrementing the reference position by +1.

  Step 10: Next, the reference position is reset to 0, and the next operation is performed. With respect to the set reference position, a dotted line frame representing the {Auth- (T1) ↑} policy is written above the reference position, and a solid line frame representing the {Auth + (T1) ↓} policy is written below the reference position. However, in the case of Step 10, since the reference position is at the uppermost end, the dotted frame is not marked. Next, the following processing is performed for each of the solid line frame and the dotted line frame.

(1) If there is a “-” in the solid line block, enter “◯” on the right side of the line.
(2) If there is a “+” in the dotted line block, enter “◯” on the right side of the line.

Step 11: Next, the reference position is set to 1, and the same operation as Step 10 is performed.
Step 12 to Step 18: Similarly, the same operation is repeated until the (2 × (number of rows + 1)) Step, while incrementing the reference position by +1.

  Step 19: Next, when all the above Steps are completed, the number of “◯” described in the work of Step 1 to Step 18 is collected in the table shown in FIG. However, in Step 1, Step 2, Step 8, Step 9, Step 10, Step 11, Step 17, and Step 18, a value obtained by subtracting 1 from the actual number of “◯” is described. This is because these steps do not require one propagation policy compared to other steps.

  In this case, the optimal access control list search process shown in FIG. 5 yields the results shown in FIG. Then, the part having the smallest number of “◯” is searched from the table shown in FIG. In this case, it can be seen that Step 2 or Step 3 is the minimum value.

  Step 20: The information retrieved in Step 19 indicates the minimization policy to be obtained. For example, in the case of Step 3, as shown in Step 3 of FIG. 5, {Auth + (S2, T1), Auth + (T1) ↑} is set for the second subject from the top, and from the top {Auth- (S3, T1), Auth- (T1) ↓} is set for the third Subject. Furthermore, it is understood that {eAuth + (Sx, T1)} should be set for the fifth and seventh subjects from the top. That is, the left side shown in FIG. 7 is the minimum access control list to be obtained. Similarly, the minimum access control list based on Step 2 is also obtained as shown on the right side shown in FIG. Note that Auth + (T1) ↑ is not required in this case.

  Step 21: The entire access control list can be minimized by performing the processing from Step 1 to Step 20 on the other access control list (T2) and the access control list (T3). An example of the minimum access control list (T2) and the minimum access control list (T3) according to the case is shown in FIG.

  As shown in FIG. 7, there are cases where a plurality of minimum access control lists can be generated. In such a case, there is no problem even if any minimum access control list is used.

  According to the above-described embodiment, the policy that represents the rule realized in the current control list is searched for all patterns, and the control list with the smallest number of exception policies is selected from among the policies, thereby minimizing the current control list. The access control policy can be automatically generated, the access control list can always be kept at the minimum state, and the management work of the access control list can be greatly reduced.

It is a block diagram which shows the structure of the policy management apparatus by embodiment of this invention. It is a flowchart for demonstrating operation | movement of the policy management apparatus by this embodiment. It is a flowchart for demonstrating operation | movement of the policy management apparatus by this embodiment. It is a flowchart for demonstrating operation | movement of the policy management apparatus by this embodiment. It is a conceptual diagram which shows the search process of the optimal access control list | wrist by this embodiment. It is a conceptual diagram which shows the table which put together the number of exception policies by this embodiment. It is a conceptual diagram which shows the minimum access control list (T1) by this embodiment. It is a conceptual diagram which shows the minimum access control list (T2) and (T3). It is a conceptual diagram for demonstrating the access control rule in the conventional role-based access control technique. It is a conceptual diagram for demonstrating the access control list in the conventional role-based access control technique. It is a conceptual diagram for demonstrating the access control matrix in the conventional role-based access control technique. It is a conceptual diagram for demonstrating the method of producing an access control matrix from the access control list in a prior art. It is a conceptual diagram which shows the example of the access control list in a prior art.

Explanation of symbols

1 Subject registration / deletion / correction unit 2 Access control list registration / deletion / correction unit 3 Subject information DB
4 Access control list DB (access control list storage means)
5 Access control matrix generator (access control matrix generator)
6 Access control matrix DB
7 Access control list minimizing section (access control list minimizing means, access control rule generating means, extracting means, minimum access control list generating means)
8 Request reception part 9 Request availability determination part (request availability determination means)
10 Accessibility List Checking Unit 11 Access Control List Checking Unit 13 Target

Claims (5)

Access control matrix generation for generating an access control matrix for defining the access right of the user to the target based on an access control list comprising a plurality of access control rules defining a user access condition for the target to be accessed Means,
A policy management apparatus comprising: an access control list minimizing unit that generates a minimum access control list that minimizes the number of access control rules based on the access control matrix generated by the access control matrix generating unit . The access control list minimizing means includes:
Access control rule generating means for generating all combinations of access control rules that can be generated from the access control matrix;
An extraction unit that extracts a combination having the minimum number of access control rules out of a combination of access control rules generated by the access control rule generation unit;
The policy management apparatus according to claim 1, further comprising: a minimum access control list generation unit that generates the minimum access control list based on a combination of access control rules extracted by the extraction unit. Access control list storage means for storing an access control list comprising a plurality of access control rules defining user access conditions for the target to be accessed;
An access control matrix generating means for generating an access control matrix for defining an access right of the user to the target based on an access control list stored in the access control list storage means;
Access control matrix storage means for storing the access control matrix;
An access control list minimizing means for generating a minimum access control list having a minimum number of access control rules based on the access control matrix stored in the access control matrix storage means and outputting the minimum access control list to the access control list storage means; ,
A policy management apparatus comprising: a request availability determination unit that determines whether a request to a target by a user is permitted according to the access control matrix stored in the access control matrix storage unit. On the computer,
Generating an access control matrix for defining the user's access rights to the target based on an access control list comprising a plurality of access control rules defining user access conditions for the target to be accessed;
A policy management program that realizes a step of generating a minimum access control list that minimizes the number of access control rules based on the access control list and the access control matrix. Generating an access control matrix for defining the access rights of the user to the target based on an access control list that is a collection of access control rules in which user access conditions for the target to be accessed are defined; ,
Generating a minimum access control list that minimizes the number of access control rules based on the access control list and the access control matrix.

Images