CN107147665B - Application method of the beam-based alignment model in industrial 4.0 systems - Google Patents

Application method of the beam-based alignment model in industrial 4.0 systems Download PDF

Info

Publication number
CN107147665B
CN107147665B CN201710418880.8A CN201710418880A CN107147665B CN 107147665 B CN107147665 B CN 107147665B CN 201710418880 A CN201710418880 A CN 201710418880A CN 107147665 B CN107147665 B CN 107147665B
Authority
CN
China
Prior art keywords
user
equipment
permission
attribute
access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710418880.8A
Other languages
Chinese (zh)
Other versions
CN107147665A (en
Inventor
刘刚
房璐
王泉
王荣
齐晓倩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xian University of Electronic Science and Technology
Original Assignee
Xian University of Electronic Science and Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xian University of Electronic Science and Technology filed Critical Xian University of Electronic Science and Technology
Priority to CN201710418880.8A priority Critical patent/CN107147665B/en
Publication of CN107147665A publication Critical patent/CN107147665A/en
Application granted granted Critical
Publication of CN107147665B publication Critical patent/CN107147665B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention provides application method of the beam-based alignment model in industrial 4.0 systems, realize that the access operation permission to industrial 4.0 devices in system terminals controls, and prevents unauthorized access of the illegal user to equipment, and reduce the privacy leakage of user.Realize step are as follows: improve to beam-based alignment model ABAC according to the characteristics of industrial 4.0 system;Industrial 4.0 systems are corresponding with improved ABAC model;Responsibility is distributed for member in industrial 4.0 systems;User applies for access equipment, and after user independently selects user class and registers in equipment, whether equipment there is operating right to verify user.The present invention has prevented unauthorized access of the illegal user to equipment, reduces privacy of user leakage, and privacy of user leakage reduces influence caused by user security risk, while eliminating the influence of policy library expansion and policy conflict to ABAC model.

Description

Application method of the beam-based alignment model in industrial 4.0 systems
Technical field
The invention belongs to field of information security technology more particularly to beam-based alignment model in industrial 4.0 systems Application method in system can be used for controlling the user's operation permission of access equipment and protect privacy of user.
Background technique
Industry 4.0 is exactly to combine industry and internet, is showed each enterprise, enterprises by Internet of Things Field device and personal device etc. connect, itself dependency number in external network is stored inside each equipment According to these data are able to carry out real-time update and upload, and realize information sharing.In industrial 4.0 systems, the quantity of user and set Standby quantity is very huge, and the type of equipment is very more, and the user information and device using information of vast number are stored in net There are shared resources simultaneously in network, will generate information security issue: the user information uploaded in network causes user hidden Private leakage, illegal user steal legitimate user's information and carry out unauthorized access.Therefore, it should using the mode of access control to user Authentication is carried out, while controlling user to the operating right of equipment.
Access control constrains the access ability to object by certain mode, under the premise of guaranteeing system safety, realizes Maximum resource-sharing.Access control only allows the protected resource of legal principal access, prevent illegal main body or The principal access resource of person's non-authentication.Currently, control using more to the access authority of user in industrial 4.0 systems Method is the mode of identity-based certification, i.e. user carries out purview certification using user name and password, and internal system needs thing Binary group information related to user (ID, PW) is first stored, wherein ID indicates user name, and PW indicates that the password of user, user x exist Apply needing to input its ID possessed when access equipmentxAnd PWx, equipment, which inputs the binary group information of storage inside and user x, to be believed Breath compares, and the user is allowed to log in if matching, and user is no longer influenced by limitation to the operation of equipment after login;User exists When being operated to equipment, be input to equipment related data can after encryption technology is encrypted in a manner of ciphertext in net It is transmitted in network, improves internet security.But this authentication mode needs to input static password when accessing system every time, and at present Carrying out user name, the password etc. of authentication in industrial 4.0 systems is mostly system default, this causes illegal user that may lead to Cross and peep or the modes such as decryption obtain user password to logging device, once and illegal user's logging device, it is right The operating right of equipment will not be subject to limitation, this is very dangerous;Although user data is encrypted simultaneously, attacker Still means can be taken to crack the user data encrypted in network, obtain the information of user, cause the privacy leakage of user.
Since the mode of identity-based certification still has problem, later Ravi when controlling permission S.Sandhu proposes Role-based access control model (RBAC).RBAC is mapped users to from the angle of main body Role, user enjoy license by role.In RBAC, the authority relation of role is predefined, this makes him simple Ground user is distributed into predefined role.Authorization is that role and permission, user and role and role and role are closed in RBAC System, these relationships determine whether certain specific user is allowed access to a certain resource jointly.However it is many kinds of, several in Subjective and Objective It measures huge and guest species to change in more frequent system, if carrying out rights management using RBAC model, works as resource category When increasing or reducing, safety officer must be updated all relative roles.If the attribute of object changes, together When the data by object different attribute being needed to distribute to different access main body processing, safety officer will have to increase new Role, and the access authority setting of original all roles must also be updated and the role of access main body distributes setting, this The access control management of sample is sufficiently complex, and the task of system manager becomes excessively heavy.
Beam-based alignment model (ABAC) is more suitable under comparing in Subjective and Objective substantial amounts, object Rights management is carried out in miscellaneous system.ABAC by the attribute to main body, object, operation and environment these fourth types object into Row description carries out permission grant decision using the access control policy being stored in policy library, can provide particulate for access control The control of degree has enough flexibilities and scalability.And since ABAC is authorized based on attribute, user can pass through Anonymous access mode protects privacy.Therefore ABAC model is applied to this using Open Network and with the master of vast number Body, object 4.0 system of industry in access permission control it is most suitable.
Summary of the invention
It is an object of the invention to overcome defect existing for above-mentioned technology, provides beam-based alignment model and exist Application method in industrial 4.0 systems, it is intended to realize that the access operation permission to industrial 4.0 devices in system terminals controls, Du Exhausted unauthorized access of the illegal user to equipment, and reduce the privacy leakage of user.
Technical thought of the invention is: first according to the characteristics of industrial 4.0 system to beam-based alignment model ABAC is improved, and obtains improved ABAC model, then that industrial 4.0 systems are corresponding with improved ABAC model, and is work Member distributes responsibility in 4.0 system of industry, and when user applies for access equipment, equipment is according to the permission match of improved ABAC model Whether rule verification user is able to carry out the operating right applied to equipment, so that fine-grained control user is for equipment Access authority prevents illegal user to equipment unauthorized access, while protecting privacy of user by user's hierarchical approaches.
According to above-mentioned technical thought, the technical solution for realizing that the object of the invention is taken includes the following steps:
(1) improved beam-based alignment model ABAC is obtained:
(1a) creates associated with object permission grant table, using the access control policy in ABAC model strategy library as The Authorization Attributes of object are stored in permission grant table, while being deleted in object attribute and ABAC model in access control policy Policy library;
(1b), which is deleted in ABAC model access control policy, does not allow permission, and permission will be allowed to be stored in permission and permitted In table;
(1c) reformulates permission match rule in permission grant table:
Permission=(PA, EA), PA=(SA, OA)
Wherein, Permission is the Authorization Attributes in permission grant table, and PA is the binary group being made of SA and OA (SA, OA), SA and OA are respectively the body attribute and operational attribute for allowing a certain or a variety of main bodys to carry out corresponding operating, and EA is Environment attribute set when main object being allowed to be operated;
(2) industrial 4.0 systems are corresponding with improved ABAC model:
Using the rights management personnel of each enterprises in industrial 4.0 systems as a system of improved ABAC model Administrator, an object of each equipment as improved ABAC model, the user of each equipment is as improved ABAC model A main body;
(3) responsibility of each member in industrial 4.0 systems is set:
(i) set enterprises rights management personnel's responsibility: the equipment of this enterprise is initialized, including configuration and more Permission grant table in new equipment and Authorization Attributes in permission grant table are initialized, wherein being weighed in permission grant table When limit attribute is initialized, the body attribute in Authorization Attributes is the rank of user, and different stage user has different number Body attribute, Permission Levels are different;
(ii) responsibility of set device: equipment storage inside permission grant table;Internal weight is automatically updated after user's registration Limit attribute;Access right matching rule judges whether to authorize user;
(iii) it sets the responsibility of user: applying for the access authority to equipment;User class is selected simultaneously when using equipment for the first time Apply for access equipment after being registered, non-first use applies for access equipment after selection user class when equipment;
(4) whether equipment there is operating right to verify user:
(4a) user applies for access equipment: new user selects user class to register and input on facility registration interface User property, old user input user property after selecting user class;
(4b) equipment replaces the user class of Authorization Attributes in permission grant table using the attribute of new user, obtains and permission The Authorization Attributes that matching rule matches;
(4c) equipment judges that the user property of user's input whether there is in permission grant table according to permission match rule In Authorization Attributes, if so, equipment allows user to log in, user log off is otherwise prompted, and execute step (4i);
(4d) user is in initial interface application to the operating right of equipment;
(4e) equipment collects the operational attribute and current environment attribute of user property, user's application, and according to attributes match Rule judges that these attributes whether there is in the Authorization Attributes of permission grant table, if so, authorizing to user, and executes step (4f), otherwise prompt forbids user to obtain operating right, and executes step (4g);
(4f) user returns to initial interface after executing the operation applied to equipment, executes if applying for next operating right Step (4d), it is no to then follow the steps (4i);
Whether the reason of judgement of (4g) equipment forbids user to obtain operating right is that user property is incorrect, and operational attribute It is correct with environment attribute, if so, prompt user carries out higher level registration, and step (4h) is executed, it is no to then follow the steps (4i);
(4h) user judges whether to higher level registration, if so, returning to register interface, and executes step (4a), no Then, step (4i) is executed;
(4i) user terminates the access to equipment, and logs off.
Compared with the prior art, the invention has the following advantages:
1, the present invention controls the user access device permission in industrial 4.0 systems using improved ABAC model, Equipment judges whether to authorize user using attribute according to permission match rule, prohibits unauthorized users to access equipment, while can To carry out fine granularity control to user's operation equipment permission, and illegal user is difficult to steal legal user property, behaviour simultaneously Make attribute and environment attribute carrys out access equipment, prevents unauthorized access of the illegal user to equipment.
2, the present invention is arranged different user gradations in industrial 4.0 systems, and user is using can carry out rank choosing when equipment It selects, different user rank needs user property quantity different, and user can be by independently determining to input how many attribute from source The amount of user information in network is controlled, privacy of user leakage is reduced, meanwhile, when system is by network attack, user is not mentioned The attribute of supply arrangement will not be revealed, and the attribute that the user of leakage provides is difficult to real name, impact to user smaller.
3, the present invention is since there is no in policy library and permission grant table associated with object for improved ABAC model It in the presence of permission permission, therefore applies in the system of industrial 4.0 this Subjective and Objective substantial amounts, eliminates policy library expansion and plan Slightly influence of the conflict to ABAC model.
Detailed description of the invention
Fig. 1 is implementation process block diagram of the invention;
Fig. 2 is the structural schematic diagram of the improved ABAC model of the present invention;
Fig. 3 is the implementation flow chart whether present device there is operating right to be verified user.
Specific embodiment
Below in conjunction with the drawings and specific embodiments, the present invention will be described in further detail.
Referring to Fig.1, application method of the beam-based alignment model in industrial 4.0 systems, includes the following steps:
Step 1, beam-based alignment model, if that is, ABAC model directly applies in industrial 4.0 systems, by User, number of devices are huge in industrial 4.0 systems, are easy to make policy library and expand and generate policy conflict, therefore according to industry The characteristics of 4.0 system, improves ABAC model, obtains improved ABAC model, and structure is as shown in Figure 2:
Step 1a, creation permission grant table associated with object, by the access control policy in ABAC model strategy library Authorization Attributes as object are stored in permission grant table, while deleting the object attribute in access control policy and ABAC mould Policy library in type solves the problems, such as that ABAC model strategy library expands;
Step 1b, deleting in ABAC model access control policy does not allow permission, and permission will be allowed to be stored in permission In grant table, solve the problems, such as that ABAC model strategy conflicts;
Step 1c, permission match rule in permission grant table is reformulated:
Permission=(PA, EA), PA=(SA, OA)
Wherein, Permission is Authorization Attributes, is stored in permission grant table in ((SA, OA), EA) form, PA serves as reasons The binary group (SA, OA) of SA and OA composition, SA and OA are respectively the master for allowing a certain or a variety of main bodys to carry out corresponding operating Body attribute and operational attribute, EA are environment attribute set when main object being allowed to be operated, including are empty and non-empty two Kind state, corresponding permission match rule are respectively as follows:
When EA is empty, permission match rule are as follows:Indicate Authorization Attributes not by the pact of environment attribute Beam, as long as meeting (S, O) ∈ PA access request can be allowed to, wherein S and O respectively indicates the body attribute requested access to and master The operational attribute of body application, T indicate that access request is allowed to;
When EA is non-empty, permission match rule are as follows:It indicates in satisfaction (S, O) ∈ PA Under the premise of condition, only user, which applies for that environment attribute when access equipment is consistent with the environment attribute in Authorization Attributes, just allows Authorization, wherein e indicates environment attribute when user applies for access equipment;
Improved ABAC model is applied in industrial 4.0 systems by step 2, realizes industrial 4.0 systems and improved ABAC The correspondence of model:
Industrial 4.0 systems are all linked together the equipment of different enterprises and enterprises using Internet of Things, using changing Into ABAC model the access operation permission of industrial 4.0 devices in system terminals is controlled, to the permission of equipment in each enterprise Control mode is all identical, therefore the present embodiment is explained by taking an enterprise as an example;
Using a rights management personnel of enterprises in industrial 4.0 systems as a system of improved ABAC model Administrator, an object of each equipment as improved ABAC model in enterprise, each user of equipment is as improved One main body of ABAC model;
Step 3, the responsibility for setting each member in industrial 4.0 systems:
(i) set enterprises rights management personnel's responsibility: the equipment of this enterprise is initialized, including configuration and more Permission grant table in new equipment and Authorization Attributes in permission grant table are initialized, wherein being weighed in permission grant table When limit attribute is initialized, the body attribute in Authorization Attributes is the rank of user, and different stage user has different number Body attribute, Permission Levels are different;
(ii) responsibility of set device: equipment storage inside permission grant table;Internal weight is automatically updated after user's registration Attribute is limited, i.e., replaces the user property in Authorization Attributes using user class, equipment can access right matching rule at this time Judge whether to authorize user;Access right matching rule judges to apply for the body attribute of access equipment, operational attribute and work as Preceding environment attribute whether there is in Authorization Attributes, judge whether to authorize user;
(iii) it sets the responsibility of user: applying for the access authority to equipment;User class is selected simultaneously when using equipment for the first time Apply for access equipment after being registered, it is non-first using access equipment is applied for after selection user class when equipment, wherein selection is used Family rank be in order to user can autonomous control upload to user property in network, user is considered that the attribute of privacy will not be defeated Enter to equipment and upload in network, achievees the purpose that reduce leakage privacy;
Step 4, user apply for access equipment, and whether equipment there is operating right to verify user, to reach permission The purpose of control, implementation flow chart are as shown in Figure 3:
Step 4a, user applies for access equipment: new user selects user class to be registered simultaneously on facility registration interface User property is inputted, old user inputs user property after selecting user class;
Step 4b, equipment using new user attribute replace permission grant table in Authorization Attributes user class, obtain with The Authorization Attributes that permission match rule matches;
Step 4c, equipment judges that the user property of user's input whether there is and permits in permission according to permission match rule In the Authorization Attributes of table, if so, equipment allows user to log in, user log off is otherwise prompted, and execute step 4i;
Step 4d, user is in initial interface application to the operating right of equipment;
Step 4e, equipment collects the operational attribute and current environment attribute of user property, user's application, and according to attribute Judge that these attributes whether there is in the Authorization Attributes of permission grant table with rule, if so, authorizing to user, and executes step 4f, otherwise prompt forbids user to obtain operating right, and executes step 4g;
Step 4f, user returns to initial interface after executing the operation applied to equipment, if applying for next operating right Step 4d is executed, it is no to then follow the steps 4i;
Step 4g, whether the reason of equipment judgement forbids user to obtain operating right is that user property is incorrect, and operates Attribute and environment attribute are correct, if so, prompt user carries out higher level registration, and execute step 4h, no to then follow the steps 4i;
Step 4h, user judges whether to higher level registration, if so, returning to register interface, and executes step 4a, no Then, step 4i is executed;
Step 4i, user terminates the access to equipment, and logs off.

Claims (2)

1. application method of the beam-based alignment model in industrial 4.0 systems, which is characterized in that including walking as follows It is rapid:
(1) improved beam-based alignment model ABAC is obtained:
(1a) creates permission grant table associated with object, using the access control policy in ABAC model strategy library as object Authorization Attributes be stored in permission grant table, while deleting the plan in object attribute and ABAC model in access control policy Slightly library;
(1b), which is deleted in ABAC model access control policy, does not allow permission, and permission will be allowed to be stored in permission grant table In;
(1c) reformulates permission match rule in permission grant table:
Permission=(PA, EA), PA=(SA, OA)
Wherein, Permission is the Authorization Attributes in permission grant table, PA be made of SA and OA binary group (SA, OA), SA and OA is respectively the body attribute and operational attribute for allowing a certain or a variety of main bodys to carry out corresponding operating, and EA is to allow Environment attribute set when main object is operated;
(2) industrial 4.0 systems are corresponding with improved ABAC model:
Using the rights management personnel of each enterprises in industrial 4.0 systems as a system administration of improved ABAC model Member, an object of each equipment as improved ABAC model, the user of each equipment as improved ABAC model one A main body;
(3) responsibility of each member in industrial 4.0 systems is set:
(i) it sets enterprises rights management personnel's responsibility: the equipment of this enterprise being initialized, including configures and updates and set Permission grant table in standby and Authorization Attributes in permission grant table are initialized, wherein the permission category in permission grant table Property when being initialized, the body attribute in Authorization Attributes is the rank of user, the body attribute number that different stage user possesses Amount is different, and Permission Levels are different;
(ii) responsibility of set device: equipment storage inside permission grant table;Internal permission category is automatically updated after user's registration Property;Access right matching rule judges whether to authorize user;
(iii) it sets the responsibility of user: applying for the access authority to equipment;Selection user class when equipment is used for the first time and is carried out Apply for access equipment after registration, non-first use applies for access equipment after selection user class when equipment;
(4) whether equipment there is operating right to verify user:
(4a) user applies for access equipment: new user selects user class to register and input user on facility registration interface Attribute, old user input user property after selecting user class;
(4b) equipment replaces the user class of Authorization Attributes in permission grant table using the attribute of new user, obtains and permission match The Authorization Attributes that rule matches;
(4c) equipment judges that the user property of user's input whether there is in the permission of permission grant table according to permission match rule In attribute, if so, equipment allows user to log in, user log off is otherwise prompted, and execute step (4i);
(4d) user is in initial interface application to the operating right of equipment;
(4e) equipment collects the operational attribute and current environment attribute of user property, user's application, and according to attributes match rule Judge that these attributes whether there is in the Authorization Attributes of permission grant table, if so, authorizing to user, and execute step (4f), Otherwise prompt forbids user to obtain operating right, and executes step (4g);
(4f) user returns to initial interface after executing the operation applied to equipment, if applying, next operating right is thened follow the steps (4d), it is no to then follow the steps (4i);
Whether the reason of judgement of (4g) equipment forbids user to obtain operating right is that user property is incorrect, and operational attribute and ring Border attribute is correct, if so, prompt user carries out higher level registration, and executes step (4h), no to then follow the steps (4i);
(4h) user judges whether to higher level registration, if so, returning to register interface, and executes step (4a) and otherwise holds Row step (4i);
(4i) user terminates the access to equipment, and logs off.
2. a kind of application method of the ABAC model according to claim 1 in industrial 4.0 systems, which is characterized in that step Suddenly environment attribute set described in (1c), including be empty and non-empty two states, corresponding permission match rule is respectively as follows:
When EA is empty, permission match rule are as follows:Expression Authorization Attributes are not by the constraint of environment attribute, only Meeting (S, O) ∈ PA access request can be allowed to, and wherein S and O respectively indicates the main body category of the user of current request access Property with user application operational attribute, T indicate access request be allowed to;
When EA is non-empty, permission match rule are as follows:It indicates in satisfaction (S, O) ∈ PA condition Under the premise of, only user, which applies for that environment attribute when access equipment is consistent with the environment attribute in Authorization Attributes, just allows to award Power, wherein e indicates environment attribute when user applies for access equipment.
CN201710418880.8A 2017-06-06 2017-06-06 Application method of the beam-based alignment model in industrial 4.0 systems Active CN107147665B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710418880.8A CN107147665B (en) 2017-06-06 2017-06-06 Application method of the beam-based alignment model in industrial 4.0 systems

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710418880.8A CN107147665B (en) 2017-06-06 2017-06-06 Application method of the beam-based alignment model in industrial 4.0 systems

Publications (2)

Publication Number Publication Date
CN107147665A CN107147665A (en) 2017-09-08
CN107147665B true CN107147665B (en) 2019-12-03

Family

ID=59780622

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710418880.8A Active CN107147665B (en) 2017-06-06 2017-06-06 Application method of the beam-based alignment model in industrial 4.0 systems

Country Status (1)

Country Link
CN (1) CN107147665B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108712369B (en) * 2018-03-29 2022-01-07 中国工程物理研究院计算机应用研究所 Multi-attribute constraint access control decision system and method for industrial control network
CN109347822A (en) * 2018-10-16 2019-02-15 杭州迪普科技股份有限公司 A kind of user accesses the reminding method and device of unauthorized resource
CN111815832A (en) * 2020-07-22 2020-10-23 南京航空航天大学 Intelligent door lock access control method based on attributes
CN113411297A (en) * 2021-05-07 2021-09-17 上海纽盾科技股份有限公司 Situation awareness defense method and system based on attribute access control

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101876994B (en) * 2009-12-22 2012-02-15 中国科学院软件研究所 Establishing method for multi-layer optimized strategy evaluation engine and implementing method thereof
CN104967620A (en) * 2015-06-17 2015-10-07 中国科学院信息工程研究所 Access control method based on attribute-based access control policy

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8799986B2 (en) * 2009-05-07 2014-08-05 Axiomatics Ab System and method for controlling policy distribution with partial evaluation
US20140259090A1 (en) * 2013-03-08 2014-09-11 Futurewei Technologies, Inc. Storage Object Distribution System with Dynamic Policy Controls

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101876994B (en) * 2009-12-22 2012-02-15 中国科学院软件研究所 Establishing method for multi-layer optimized strategy evaluation engine and implementing method thereof
CN104967620A (en) * 2015-06-17 2015-10-07 中国科学院信息工程研究所 Access control method based on attribute-based access control policy

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
H-ABAC: A Hierarchical System Based Access Control Model for;Gang Liu,Quan Wang,Lu Fang;《2016 International Conference on Artificial Intelligence and Computer Science (AICS 2016)》;20161225;全文 *
扩展了信任与隐私的ABAC模型研究;倪川,王珊珊,黄传林;《电子产品世界》;20151231;第22卷(第Z1期);全文 *

Also Published As

Publication number Publication date
CN107147665A (en) 2017-09-08

Similar Documents

Publication Publication Date Title
US9635029B2 (en) Role-based access control permissions
CN107147665B (en) Application method of the beam-based alignment model in industrial 4.0 systems
CN104935590A (en) HDFS access control method based on role and user trust value
KR20070114725A (en) A multi-layer system for privacy enforcement and monitoring of suspicious data access behavior
CN102571873B (en) Bidirectional security audit method and device in distributed system
CN111797374B (en) Supply chain access control system and method based on public chain intelligent contract
CN109039734B (en) Distributed access control model and access method
CN106685955B (en) Radius-based video monitoring platform security authentication method
CN106506491B (en) Network safety system
CN111010396A (en) Internet identity authentication management method
CN109918934A (en) Research and development data safety and secrecy system based on tri- layers of dynamic encryption technology of AES
CN112994872A (en) Key management method and system for mobile terminal platform
CN110290125B (en) Data security system based on block chain and data security processing method
CN109245880B (en) Hadoop component safety reinforcement method
Chandersekaran et al. Use case based access control
CN116208401A (en) Cloud master station access control method and device based on zero trust
KR101404537B1 (en) A server access control system by automatically changing user passwords and the method thereof
KR20200115902A (en) Method for Providing Secret Security Processing by using Smart Contract
Tellabi et al. Overview of Authentication and Access Controls for I&C systems
US10867077B2 (en) Method of accessing functions of an embedded device
Liu et al. A task-attribute-based workflow access control model
Guo et al. Simulation Implementation and Verification of a Security Framework for ICS Based on SPD
CN111538973A (en) Personal authorization access control system based on state cryptographic algorithm
CN114978771B (en) Data security sharing method and system based on blockchain technology
Batra et al. Autonomous multilevel policy based security configuration in distributed database

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant