CN106529323A - Multilevel security model access control data fusion method - Google Patents
Multilevel security model access control data fusion method Download PDFInfo
- Publication number
- CN106529323A CN106529323A CN201610692349.5A CN201610692349A CN106529323A CN 106529323 A CN106529323 A CN 106529323A CN 201610692349 A CN201610692349 A CN 201610692349A CN 106529323 A CN106529323 A CN 106529323A
- Authority
- CN
- China
- Prior art keywords
- access control
- line segment
- hasse
- data
- figures
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2113—Multi-level security, e.g. mandatory access control
Abstract
The invention discloses a multilevel security model access control data fusion method. A data source of multilevel security model access control data is established based on a BLP access model. The method comprises the following steps of A, converting original lattices into Hasse graphs and performing combination; B, performing mapping function conversion on a data source; and C, combining access control matrixes. According to the method, the lattices are converted into the Hasse graphs through lattice fusion, mapping function conversion and access matrix combination; an access permission is judged according to a partial ordering relation on the fused Hasse graph; user attributes do not need to be globally unified and only need to be mapped to corresponding nodes; and meanwhile, when a data source modifies an access policy, the combination process does not need to be re-established, and only a mapping relationship of users or data sets needs to be modified, so that the fusion process is prevented from being re-established. The multilevel security model access control data fusion method can be widely applied to the field of data processing.
Description
Technical field
The present invention relates to data processing field, especially a kind of Multilevel Security Models access control data fusion method.
Background technology
1st, term is explained:
BLP (Bell LaPadula model) Access Model:
The access control model that a kind of forced symmetric centralization is combined with self contained navigation.By be in Bell in 1976 and
Padulla proposes a multilvel security policy model.BLP has a level of security by each subject and object, including peace
Congruent level and classification, i.e. level of security may be defined as:Level=(C, S), C are level of confidentiality, S presentation class levels.Wherein, level of confidentiality tool
There is hierarchical relationship, classification is then some class labels.And level of security Level is the presence of partial ordering relation.When principal access object
When, compare level of security between the two, its mandate for accessing is determined according to access matrix then.
BLP models are protected mainly for data confidentiality.At the user during relatively low level of security, it is impossible to read higher level
Data message, so just ensure that the one-way flow of data message, control data information flows to high-level from low level.This
Outward, when user class in it is high-level when, it is impossible to carry out write operation to low-level data message.This two rule, can describe
For SS characteristics, *-characteristic, the level of security of wherein F (S) expression main bodys S, F (O) represent the level of security of object O.In order to add
Self contained navigation property, adds the motility for accessing, and also add using access matrix to describe discretionary security rule.Work as master
Body user and object have access attribute in access matrix, and main body just allows object to access.
Three big characteristics of BLP models can be expressed as
1) SS characteristics (simple security property):And if only if F (S) >=F (O), main body S carry out read operation to object O.
2) *-characteristic (star security feature):And if only if F (S)≤F (O), main body S carry out write operation to object O.
3) DS characteristics (discretionary security characteristic):Subject and object under current state that and if only if is all in current state
In access matrix, then current state main body can access object.
Lattice (Lattice):
In number theory, Lattice is a kind of set of partial ordering relation.In access control, it is a kind of multilevel security rank, by
Two parts composition, safe class and security classification.Safe class is then with clear and definite grade classification, such as Top secret
(TS), Secret (S), Confidential (C), Unclassified (U), TS >=S therein >=C >=U.And security classification,
It is then the combination of labelling.Hypothesis has two level of security l1=(c1, k1) and l2=(c2, k2).And if only if c1≤c2 andWhen, l1 and l2 meet partial ordering relation≤, be represented by l1≤l2.
Hasse schemes:
In introduction, Hasse figures are a kind of figures for expressing limited partial ordering relation set, graphically show inclined
The transitive reduction of order relation set.
In partial ordering set<S,≤>, it is a summit in each element of S in Hasse figures.And for two 1 Hes of element S
S2 meets partial ordering relation, i.e. s1, s2 ∈ S and s1≤s2, then in Hasse figures, partial ordering relation represents one section of directed line segment, from
S2 points to S1.
2nd, prior art:
The appearance of mass data, people are increasingly absorbed in and how to effectively utilize these data and obtain its maximum valency
Value.For example, American Medical retailer is being analyzed using big data and is being utilized, and effectively improves their interests 60%.With this
Meanwhile, the utilization of big data also helps European Government to improve work efficiency, reduces by nearly 100,000,000,000 Euros of government's expense.
Data are exactly opened and are supplied to other users, by multiple separate sources by the mode of one of which data separate
Data Integration is together.Therefore, in data fusion process, the data for becoming increasingly complex are produced therewith.At the same time, this also can
Facility is provided to these data separates person, is allowed which to obtain more accurate data analysiss, is obtained in data mining and intelligent decision
It is more accurate to utilize.And in actual life, Apache Solr and ElasticSearch are just typically used for drawing as search
Hold up to scan for behavior in fused data.
The problem of data safety faced in the enterprising line retrieval of fused data, is how that processing fused data obtains
Confidentiality protection in taking.In big data, need to protect in data acquisition individual privacy information, such as personal interest, hobby and
Property etc..People easily can obtain the personal information of user by the open page of Facebook user.In mixed cloud
In cloud computing environment, sensitive data is placed in private clound as far as possible, reduces individual privacy information disclosure risk.
Therefore, the data in multiple data sources are merged, when user is scanned in fused data, the result of search
The data that must can not be accessed comprising the user.It is assumed that a user u allows to access data set DA, do not allow to access
Data set DB.In data fusion process, a new data set DC by DA and DB fusion produced by, such as attended operation, DA
With the join of DB.Therefore, DC will the data message comprising DA and DB.When user u sends search statement q in fused data,
So retrieval result must filter the data from data set DB.Because if not filtering, directly by those from DC number
According to user u is returned to, user u just very likely acquires the data message from data set DB, so that leaking data.
So, necessary not only for merging to data in the environment of multi-data source, in addition it is also necessary to in each data source
Access strategy is merged.It is directed to the access strategy problem of Multilevel Security Models, it is desirable to have access strategy is integrated into by one kind
The scheme of row fusion.Collision problem that may be present between each access strategy is directed to, method needs effectively solving collision problem.
Research is merged in existing research work with regard to access strategy both at home and abroad, and one of which method is solving convergence strategy
When the conflict that occurs be exactly to use mathematical logical operationss.Strategy is expressed as a kind of mathematical logic algebraic expression by Rao, and is proposed
One framework represents the process of fusion by algebraic operation.And inside framework, Rao uses XACML (eXtensible
Access Control Markup Language, extendible access control markup language) carry out Descriptive strategies.It is a kind of base
In the open standard language of XML, it be designed for describe safety policy and to network service, digital copyright management (DRM) with
And the authority that enterprise security application message conducts interviews.In fusion process, merge the result of the New Policy for generating, exactly pass through
The logistic operation result per bar strategy is calculated, and returns final result.
And the conflict that another kind of method solves convergence strategy appearance is exactly rewritten query sentence or generates global map mould
Formula.For example, a query statement Q can be converted into Q ', and the result set returned by Q ' meets the safety of original data set
Strategy.Hu is using based on semantic security strategy.By Ontology Mapping and merging, query statement will be rewritten into a class entity and
Property Name, and it is mapped to local search.In addition, local policy is may map in the middle of global schema.Cruz is by local plan
Slightly store in xml.And in fusion process, it is converted into an overall situation RDF scheme.When two access strategies merge,
Local mode is converted to RDF patterns, then remerges into global RDF patterns.Under web service environment, Alodib is proposed
Access control policy service, it will merge requestor, ISP and access strategy information, with web services definition language
(Web Services Description Language, WSDL) is described.When access strategy is merged, then basis
Wsdl document is merged, and replaces current wsdl document.
According to the method for above-mentioned fused data:(1) if access strategy is converted into mathematical logic computing, work as access strategy
During fusion, may be imperfect because of user property, there is end value unknown.
Because the information of the attribute imperfection or offer Multilevel Security Models that fused data is not searched for are complete, if using number
The result that reason logical operationss are very likely returned is unknown.Because unknown result so that system can only make denied access (because
For protecting highest privacy), this affects the availability of system to a certain extent.
(2) if rewriteeing or generating global map pattern by access queries sentence, when certain data source needs modification to access plan
When slightly, then need to regenerate a new global map pattern.
The content of the invention
In order to solve above-mentioned technical problem, the purpose of the present invention is:There is provided a kind of speed for setting up fusion fast, safe
Multilevel Security Models access control data fusion method.
The technical solution adopted in the present invention is:A kind of Multilevel Security Models access control data fusion method is described more
The data source of level security model access control data is set up based on BLP Access Models, includes following steps:
A, original lattice are converted to into Hasse figures after merge, so as to realize the fusion of plaid matching;
B, mapping function conversion is carried out to data source;
C, access control matrix is merged.
Further, step A includes following sub-step:
Directed line segment between A1, the relation of equality according to the summit between Hasse figures or dominance relation addition summit;
A most association line segment of A2, the deletion occurrence number in conflict path, if per bar in all conflict paths
The number of times that association line segment occurs is identical, then delete the level of security highest association line segment being related in conflict path;
A3, the association line segment to there is redundancy in Hasse figures carry out abbreviation process.
Further, step A1 is specially:If the summit between Hasse figures is relation of equality, between two summits
The directed line segment that addition two is pointed to mutually;If the summit between Hasse figures is dominance relation, add one between two summits
Bar is pointed to by the directed line segment on domination summit by summit is arranged.
Further, the redundancy line segment in step A3 includes association line segment and the association of covering relation of relations on an equal basis
Line segment.
Further, step A3 is specially:For the association line segment of relations on an equal basis in Hasse figures after merging, will association
Two nodes of line segment are merged and generate new node;For the association line segment of covering relation in Hasse figures after merging, will be from
Starting point is pointing directly at the association line segment of end point and deletes.
Further, step B is specially:Lattice after safe class mapping function on original lattice is converted into merging
Safe class mapping function.
Further, step C is specially:It is described access control matrix is merged including the merging to data set and
Merging to user profile data.
Further, the method for the merging to data set is:The data acquisition system of data source is merged into into a data set
Close.
Further, the method for the merging to user profile data is:User profile data are sought into union.
The invention has the beneficial effects as follows:The inventive method is changed by the fusion of lattice, mapping function, access matrix merges real
The lattice in access strategy are converted into into Hasse figures now, when judging whether user has access rights to data set, then can basis
Partial ordering relation on fusion Hasse figures judges;And the access matrix in access strategy merges the use of two original access matrixs
Family and data set, user property need not be global unified, only need to be mapped to corresponding node.Meanwhile, certain data source is repaiied
When having changed access strategy, then without the need for resettling again merging process, it is only necessary to which the mapping relations of user or data set are changed
, it is to avoid re-establish fusion process.
Description of the drawings
Fig. 1 is the total flow chart of steps of the inventive method;
Fig. 2 is the flow chart of the fusion of lattice in step of the present invention;
Fig. 3 is the flow chart of mapping function conversion in step of the present invention;
Fig. 4 is the flow chart of access matrix merging in step of the present invention.
Specific embodiment
Below in conjunction with the accompanying drawings the specific embodiment of the present invention is described further:
With reference to Fig. 1, a kind of Multilevel Security Models access control data fusion method, the Multilevel Security Models access control
The data source of data is set up based on BLP Access Models, because each data source is all based on setting up access strategy under BLP models
, therefore, according to BLP patterns, access strategy Pi is defined as Pi=(fi, LTCi, Mi), and wherein i represents i-th data source.When
Different data sources are combined, and will produce a new fused data set.Because existing between different data sources
Some differences, so the conflict when access strategy PG=(fG, LTCG, MG) of fusion must process fusion, and keep with it is former
Access strategy in some data sources is consistent.And fusion process is mainly the fusion of three parts, a part is lattice (Lattice)
Fusion, a part is the conversion of mapping function, and another part is the fusion of access matrix, has specifically included following steps:
The fusion of A, lattice:Merge after original lattice are converted to Hasse figures, so as to realize the fusion of plaid matching;
Because lattice are a kind of special partial ordering relation set, lattice can also be represented with Hasse figures.Therefore, lattice
Fusion can be converted to the merging of two width Hasse figures.
B, mapping function conversion:Mapping function conversion is carried out to data source;
The fusion of C, access matrix:Access control matrix is merged.
With reference to Fig. 2, it is further used as preferred embodiment, merging process is broadly divided into three phases, initial phase,
Clash handle stage and abbreviation stage.Initial phase is that addition meets partial ordering relation between two original Hasse figures
Line segment.After addition association line segment, merge Hasse figures and may exist and conflict with original Hasse figures, so needing to melting
Closing Hasse figures carries out collision detection and process, deletes some conflict line segments.Finally, in addition it is also necessary to merging Hasse figures
Letter, deletes the line segment of redundancy;Step A includes following sub-step:
A1, initial phase:Having between summit is added according to the relation of equality or dominance relation on the summit between Hasse figures
To line segment;
Assume that two lattice are expressed as LTC1=<S1,R1>And LTC2=<S2,R2>.In initial phase, need to two
Node relationships between lattice are accounted for.And the relation between two nodes is divided into two kinds, one kind is relation of equality, and another kind is
Dominance relation.
For two safe classes l1=<c1,k1>And l2=<c2,k2>, and if only if c1=c2 and k1=k2, then l1
It is relation of equality with l2.
For two safe classes l1=<c1,k1>And l2=<c2,k2>, and if only if c1 >=c2 andThen
L1 and l2 is dominance relation.Wherein, l1 referred to as arranges point, and l2 is referred to as by domination point.
After it with the addition of according to two node relationships line segments, fusion Hasse figures now there may be the line of redundancy
Section or conflict line segment.Therefore, following step A2 processes the line segment conflicted with the Hasse figures of original lattice.
A2, clash handle stage:A most association line segment of the occurrence number in conflict path is deleted, that is, is being merged
In Hasse figures, all conflict paths are included, then go to count the number of times for associating line segment appearance per bar, delete appearance most
One association line segment;If the number of times for associating line segment appearance in all conflict paths per bar is identical, delete in conflict path
The level of security highest association line segment being related to;
One paths are the conditions of conflict:1) this paths is loop;2) this paths starting point and end point are original
Hasse figures in be not comparable relationship, but this paths causes to become comparable in Hasse figures are merged.
Processing stage A3, abbreviation:Association line segment to there is redundancy in Hasse figures carries out abbreviation process;
After the clash handle stage, merge Hasse figures and should not there is any path with conflict, but now
Hasse figures may compare redundancy, it is therefore desirable to carry out last step, Reduction to Hasse figures.
It is further used as preferred embodiment, according to the node relationships between two lattice, in the initialization of the fusion of lattice
In the stage, for the node relationships between two Hasse figures, following calculating is made, step A1 is specially:If between Hasse figures
Summit be relation of equality, then add two directed line segments for pointing to mutually between two summits;If the summit between Hasse figures
For dominance relation, then add one between two summits and pointed to by the directed line segment on domination summit by domination summit.
It is further used as preferred embodiment, the redundancy line segment in step A3 includes the association line of relations on an equal basis
The association line segment of section and covering relation.
Assume, in Hasse figures, there is two nodes s1 and s2, and if only if, and this two paths (association line segment) are straight mutually
Connect and point to other side, be i.e., during s1 → s2 and s2 → s1, two paths are relations on an equal basis.
Assume, in Hasse figures, there is two nodes s1 and s2, and if only if, and paths are s2 to be pointing directly at by s1, such as
S1 → s2, another paths are then by s1 to s2 and middle through several nodes, such as s1 → → s2, Ze Liangtiao roads
Footpath is covering relation.
Redundancy line segment is the above-mentioned association line segment for meeting relations on an equal basis or covering relation.
Therefore, if the Hasse figures after clash handle have redundancy line segment, provide two rules herein to enter redundancy line segment
Row is deleted, and abbreviation Hasse figures, obtains the final Hasse figures for simplifying.
It is further used as preferred embodiment, step A3 is specially:For relations on an equal basis in Hasse figures after merging
Association line segment, two nodes of association line segment are merged and generate new node;
In the Hasse figures after clash handle, two nodes Levela and Levelb are pointed to mutually, i.e. and Levela →
Levelb and Levelb → Levela, then the two nodes can merge to Levela and Levelb, forms new section
Point Levela, b.
For the association line segment of covering relation in Hasse figures after merging, the association of end point will be pointing directly at from starting point
Line segment is deleted;
In the Hasse figures after clash handle, two node Levela and Levelb respectively as starting point and destination node,
If there are two paths, wherein paths are pointing directly at Levelb, i.e. Levela → Levelb, another paths by Levela
Be then by Levela through several nodes reach Levelb, i.e. Levela → Level1 → Level2 → Level3 →
Levelb, then delete Levela → Levelb line segments.
With reference to Fig. 3, it is further used as preferred embodiment, step B is specially:By the safe class on original lattice
Mapping function is converted into the safe class mapping function of the lattice after fusion.
Because each data source is managing access control with BLP models, therefore has each data source to have one to reflect
(i represents data source i), and main body or object are mapped on each self-corresponding level of security to penetrate function fi.For example, f1 (u1)=
{TS,<k1,k2>Represent in data source 1, user u1 possess level of security TS,<k1,k2>}.
In fusion process, need for the safe class on original lattice to be mapped to newly-generated lattice after the fusion of lattice
Safe class.In Hasse figures, it is node in figure that each level of security is corresponding.Therefore, the Mapping and Converting of level of security is just
It is equal to the node that the node on original Hasse figures is mapped on fusion Hasse figures.
With reference to Fig. 4, it is further used as preferred embodiment, step C is specially:It is described that access control matrix is entered
Row merges and includes the merging to data set and the merging to user profile data.
It is further used as preferred embodiment, the method for the merging to data set is:By the data set of data source
Conjunction is merged into a data acquisition system.
It is further used as preferred embodiment, the method for the merging to user profile data is:By user profile
Data seek union.
In addition to the forced symmetric centralization of BLP Access Models, in invention, model is realized automatic by access control matrix
Flexible self contained navigation.It is to merge the row and column of original matrix that access matrix merges.Assume M=SUB × OBJ
It is to merge the matrix for producing, M1=subject1 × object1 and M2=subject2 × object2 is two respectively to be needed to close
And original access matrix.
For the merging of matrix, the object (data set) for merging matrix is exactly that the data acquisition system of two data sources merges generation
Process, therefore OBJ=Int (object1, object2).And the main body (user) for merging matrix is exactly the master of two data sources
The union of body, therefore SUB=subject1 ∪ subject2.
When user can in two data sources to data set can be accessed when, the user could be in access control data fusion
The data set of fusion is accessed afterwards.This process with formalized description can be:The value of the access matrix of fusion be TRUE, i.e. MG (sub,
Obj)=TRUE, wherein obj=Int (object1, object2), and if only if user sub is in two original access matrixs
In can access fusion before data set, i.e. M1 (sub, obj)=TRUE and M2 (sub, obj)=TRUE.Wherein, sub ∈
Subject1, sub ∈ suject2 and obj ∈ object1, obj ∈ object2.Otherwise, the value of fusion access matrix is
FALSE。
It is more than that the preferable enforcement to the present invention is illustrated, but the invention is not limited to the enforcement
Example, those of ordinary skill in the art on the premise of without prejudice to spirit of the invention can also be made a variety of equivalents or be replaced
Change, the deformation or replacement of these equivalents are all contained in the application claim limited range.
Claims (9)
1. a kind of Multilevel Security Models access control data fusion method, the data of the Multilevel Security Models access control data
Source is set up based on BLP Access Models, it is characterised in that:Include following steps:
A, original lattice are converted to into Hasse figures after merge;
B, mapping function conversion is carried out to data source;
C, access control matrix is merged.
2. a kind of Multilevel Security Models access control data fusion method according to claim 1, it is characterised in that:It is described
Step A includes following sub-step:
Directed line segment between A1, the relation of equality according to the summit between Hasse figures or dominance relation addition summit;
A most association line segment of A2, the deletion occurrence number in conflict path, if associate per bar in all conflict paths
The number of times that line segment occurs is identical, then delete the level of security highest association line segment being related in conflict path;
A3, the association line segment to there is redundancy in Hasse figures carry out abbreviation process.
3. a kind of Multilevel Security Models access control data fusion method according to claim 2, it is characterised in that:It is described
Step A1 is specially:If the summit between Hasse figures is relation of equality, add having for two mutual sensings between two summits
To line segment;If the summit between Hasse figures is dominance relation, adds one between two summits and propped up by the sensing of domination summit
Directed line segment with summit.
4. a kind of Multilevel Security Models access control data fusion method according to claim 2, it is characterised in that:It is described
Redundancy line segment in step A3 includes the association line segment and the association line segment of covering relation of relations on an equal basis.
5. a kind of Multilevel Security Models access control data fusion method according to claim 4, it is characterised in that:It is described
Step A3 is specially:For the association line segment of relations on an equal basis in Hasse figures after merging, two nodes of association line segment are closed
And generate new node;For the association line segment of covering relation in Hasse figures after merging, end point will be pointing directly at from starting point
Association line segment delete.
6. a kind of Multilevel Security Models access control data fusion method according to claim 1, it is characterised in that:It is described
Step B is specially:The safe class mapping function of the lattice after the safe class mapping function on original lattice is converted into merging.
7. a kind of Multilevel Security Models access control data fusion method according to claim 1, it is characterised in that:It is described
Step C is specially:It is described access control matrix to be merged including the merging to data set and the conjunction to user profile data
And.
8. a kind of Multilevel Security Models access control data fusion method according to claim 4, it is characterised in that:It is described
To the method for the merging of data set it is:The data acquisition system of data source is merged into into a data acquisition system.
9. a kind of Multilevel Security Models access control data fusion method according to claim 7, it is characterised in that:It is described
To the method for the merging of user profile data it is:User profile data are sought into union.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2016100414788 | 2016-01-21 | ||
| CN201610041478 | 2016-01-21 |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106529323A true CN106529323A (en) | 2017-03-22 |
| CN106529323B CN106529323B (en) | 2019-09-13 |
Family
ID=58343559
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610692349.5A Active CN106529323B (en) | 2016-01-21 | 2016-08-18 | A kind of Multilevel Security Models access control data fusion method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106529323B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107871020A (en) * | 2017-12-07 | 2018-04-03 | 郑州云海信息技术有限公司 | A kind of method based on SolrCloud completion data object attributes |
| CN107886107A (en) * | 2017-09-26 | 2018-04-06 | 赵淦森 | A kind of fusion method of big data, system and device |
| CN112115304A (en) * | 2019-06-20 | 2020-12-22 | 百度(中国)有限公司 | Partial order data processing method, device and system and storage medium |
| CN114448659A (en) * | 2021-12-16 | 2022-05-06 | 河南大学 | Yellow river dam bank monitoring Internet of things access control optimization method based on attribute exploration |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101286158A (en) * | 2008-01-25 | 2008-10-15 | 太原科技大学 | Celestial body light spectrum local bias data digging system and method based on constrained concept lattice |
| CN101631021A (en) * | 2008-07-18 | 2010-01-20 | 日电(中国)有限公司 | Position sensitive and role-based method, device and system for access control |
-
2016
- 2016-08-18 CN CN201610692349.5A patent/CN106529323B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101286158A (en) * | 2008-01-25 | 2008-10-15 | 太原科技大学 | Celestial body light spectrum local bias data digging system and method based on constrained concept lattice |
| CN101631021A (en) * | 2008-07-18 | 2010-01-20 | 日电(中国)有限公司 | Position sensitive and role-based method, device and system for access control |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107886107A (en) * | 2017-09-26 | 2018-04-06 | 赵淦森 | A kind of fusion method of big data, system and device |
| CN107886107B (en) * | 2017-09-26 | 2021-03-30 | 赵淦森 | Big data fusion method, system and device |
| CN107871020A (en) * | 2017-12-07 | 2018-04-03 | 郑州云海信息技术有限公司 | A kind of method based on SolrCloud completion data object attributes |
| CN107871020B (en) * | 2017-12-07 | 2020-09-15 | 浪潮云信息技术股份公司 | Method for complementing data object attributes based on SolrCloud |
| CN112115304A (en) * | 2019-06-20 | 2020-12-22 | 百度(中国)有限公司 | Partial order data processing method, device and system and storage medium |
| CN114448659A (en) * | 2021-12-16 | 2022-05-06 | 河南大学 | Yellow river dam bank monitoring Internet of things access control optimization method based on attribute exploration |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106529323B (en) | 2019-09-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104809405B (en) | The leakage-preventing method of structural data assets based on classification | |
| Du et al. | Research on the application of blockchain in smart healthcare: constructing a hierarchical framework | |
| US7539682B2 (en) | Multilevel secure database | |
| US8201216B2 (en) | Techniques for database structure and management | |
| Sharma et al. | Representing attribute based access control policies in owl | |
| CN111149332A (en) | System and method for implementing centralized privacy control in decentralized systems | |
| CN103745161B (en) | Access method of controlling security and device | |
| Kabir et al. | A conditional purpose-based access control model with dynamic roles | |
| CN106529323B (en) | A kind of Multilevel Security Models access control data fusion method | |
| Dias et al. | Blockchain for access control in e-health scenarios | |
| El-Din et al. | Information integrity for multi-sensors data fusion in smart mobility | |
| Collinson et al. | Layered graph logic as an assertion language for access control policy models | |
| Hu et al. | Attribute considerations for access control systems | |
| Al Bouna et al. | The image protector-a flexible security rule specification toolkit | |
| Le Gall et al. | PlexC: A policy language for exposure control | |
| Moniruzzaman et al. | A study of privacy policy enforcement in access control models | |
| Al-Fedaghi et al. | Privacy enhanced information systems | |
| CN106570413A (en) | System and method for controlling access permission of document system | |
| Hernandez et al. | TIKD: A Trusted Integrated Knowledge Dataspace for Sensitive Data Sharing and Collaboration | |
| Bellini et al. | Rights enforcement and licensing understanding for RDF stores aggregating open and private data sets | |
| Piattini et al. | Secure databases: state of the art | |
| Merkl et al. | Security for next generation hypertext systems | |
| Sengupta | Dynamic fragmentation and query translation based security framework for distributed databases | |
| Li et al. | Multidimensional correlation hierarchical differential privacy for medical data with multiple privacy requirements | |
| Farooqi et al. | Developing a dynamic trust based access control model for xml databases |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 510631 No. 55, Zhongshan Avenue, Guangzhou, Guangdong Co-patentee after: GUANGDONG INTELLIGENT DATA TECHNOLOGY Co.,Ltd. Patentee after: SOUTH CHINA NORMAL University Address before: 510631 No. 55, Zhongshan Avenue, Guangzhou, Guangdong Co-patentee before: GUANGZHOU SHIYUN INFORMATION TECHNOLOGY Co.,Ltd. Patentee before: SOUTH CHINA NORMAL University |