CN108924120A - A kind of dynamic accesses control method of multi-dimensional state perception - Google Patents
A kind of dynamic accesses control method of multi-dimensional state perception Download PDFInfo
- Publication number
- CN108924120A CN108924120A CN201810686982.2A CN201810686982A CN108924120A CN 108924120 A CN108924120 A CN 108924120A CN 201810686982 A CN201810686982 A CN 201810686982A CN 108924120 A CN108924120 A CN 108924120A
- Authority
- CN
- China
- Prior art keywords
- access request
- req
- request
- current
- coefficient
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The present invention proposes a kind of dynamic accesses control method of multi-dimensional state perception, can identify the state of user itself, the other unknown multi-dimensional states of user can be also identified, to reach more accurate access control.The method mainly includes the following steps that:Step 1:Obtain the association attributes of user request information;Step 2:Computation requests main body oneself state;Step 3:Know that user requests other states by influenza;Step 4:Comprehensive oneself state result and stream sensing results;Step 5:It is made a policy according to comprehensive evaluation result;Step 6:Decision adjusts the threshold value that overall merit module risk occupies after practical application is fed back;The attributes such as main body, object and context environmental are considered as data flow by the present invention, by the abnormality detection of the data flow to history window, evaluate the value-at-risk of current accessed.This method can realize dynamic access control under dynamic cloud ring mirror, thus the safety of the vast resources under protecting cloud computing environment.
Description
Technical field
The present invention relates to the dynamic accesses control methods that field of cloud computer technology more particularly to a kind of multi-dimensional state perceive.
Background technique
In cloud computing environment, various resources are dynamically connected on internet, since internet is one open
Network environment inevitably interacts between node, is related to safety problem, therefore convenient enjoying cloud computing bring
While, also to consider its safety, access control technology is safety method most basic in cloud computing environment, each for protecting
Kind resource is used by the user of unrecognizable system and unauthorized.However the resource in cloud computing environment it is not only huge and
And there is dynamic, in cloud computing environment demand for security also with the different from of traditional computer.CloudIt calculatesIt is dangerous in environment
Property mainly consists of two parts:A part is uncontrollable from outside, caused by uniqueness of the another part from cloud computing environment
Inside it is uncontrollable.The access control in cloud computing environment is mostly from the angle of risk at this stage, the access control based on risk
Simulation is to solve the mode that insecurity factor is best in dynamic environment.Meanwhile it is this kind of dynamic, distributed in cloud computing environment
System in, necessary not only for concern user role, it is also necessary to relevant attribute is paid close attention to, because beam-based alignment can
To provide the security means of dynamic, context-aware, beam-based alignment can well adapt to cloud computing environment.
The mode that risk and attribute combine can be provided to better safe thinking for access control, thus herein just be based on attribute with
On access control model based on risk, how research utilizes the context state of user in access control technology, provides one
A cloud computing environment perceives dynamic access control system.
It is relevant research shows that risk assessment be solve object environment in randomness bring safety factor effective way.
However, about the research of risk access control and few in cloud computing environment.For risk trust model, there is correlative study person
The access control model based on risk assessment is proposed, in their model, there are three modules:Access control module,
Risk assessment module and context module.Some scholars propose risk trusted right delegation mechanism to evaluate the voucher of user, with dynamic
State adjusts access authority, and the detailed effect for discussing risk and trust of author in the text is descendant on risk faith mechanism
Research lay a good foundation.However in the access control model of these risk assessment, risk assessment module is substantially still adopted
With static risk policy, this mode requires safety officer not only to need to configure traditional rule and policy and is also required to configuration wind
Dangerous rule and policy, although also having aggravated the burden of safety manager enhancing the safety of access control to a certain degree.
Therefore the present invention proposes a kind of new dynamic accesses control method, and this method passes through for requesting at the analysis flowed
Reason, to provide a kind of multi-dimensional state perception dynamic accesses control method based on context environmental perception.
Summary of the invention
A kind of dynamic accesses control method of multi-dimensional state perception proposed in this paper, this method are different from traditional access control
The information that user requests stream is utilized in technology processed in the access control decision to user, passes through the current of analysis user's request
State, and Multidimensional Awareness is carried out to current request by stream, so that the analysis of current state progress multidimensional is requested user, with
Carry out decision to the authentication result of current request, specific step is as follows:
Step 1:When a user submits access request, this method handle main body relevant to access request is believed substantially
Breath and subjective environment information are as input.Main body essential information refers to essential attribute information relevant to request, subjective environment letter
Breath is some variables with request body environmental correclation, includes the fragility, menace and integrality of environment.
Step 2:The objective security coefficient of current request main body is calculated, objective security coefficient includes main body essential information safety
Coefficient and subjective environment information security coefficient.
Step 3:Access request is subjected to decision, evaluation of the computation requests history stream to current request in stream process engine
Coefficient, the evaluation coefficient obtain the evaluation of estimate of itself by the impact factor and historical data stream for calculating similar record.It goes through
History data flow is the drift exponent of history stream itself to the evaluation of estimate of itself, and drift exponent refers to the credible of historical requests point itself
Degree, because the confidence level of historical requests point can be varied with the variation of time and other environmental factors.
Step 4:In conjunction with current request main body objective security coefficient and historical requests stream to the evaluation coefficient of current request,
Final comprehensive evaluation result is calculated.
Step 5:Decision engine determines final decision according to the comparison of comprehensive evaluation result and default access thresholds:If
Comprehensive evaluation result is greater than or equal to default access thresholds, then allows current access request;Otherwise, refuse current access request.
Further, the dynamic accesses control method of multi-dimensional state of the invention perception further includes:
Step 6:After practical application a certain period of time, the actual feedback of dynamic accesses control method is obtained, it will
This value of feedback be used to adjust comprehensive evaluation result, achieve the effect that by practical application come feedback adjustment comprehensive evaluation result,
Improve the purpose of access control method accuracy.
In conclusion a kind of dynamic accesses control method of multi-dimensional state perception provided by the invention, effectively improves
Access performance:One there is provided a kind of completely dynamic access control technology, which no longer restrains the formulation of static rule;Two
It is the historical data that user is effectively utilized, gives the method that current request is authenticated by historical data;Third is that meter
The validity of historical data node is calculated, so that the authentication result of stream process engine is more acurrate;Four there is provided a dynamic is anti-
Adjustment module is presented, can be improved the accuracy of access control method.
Detailed description of the invention
Fig. 1 is the dynamic accesses control method schematic diagram that present invention request influenza is known
Fig. 2 is the flow chart of the dynamic accesses control method model of multi-dimensional state perception of the present invention
Fig. 3 is the structural block diagram of present invention request stream sensing module
Specific embodiment
To make the objectives, technical solutions, and advantages of the present invention clearer and more explicit, right as follows in conjunction with drawings and embodiments
The present invention is further described.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, and do not have to
It is of the invention in limiting.
The present invention is suitable for the access control method under cloud computing environment.The invention proposes request data stream perception
Dynamic accesses control method.It is with the maximum difference of existing method:One there is provided a kind of completely dynamic access control skills
Art, the technology no longer restrain the formulation of static rule;Second is that the historical data of user is effectively utilized, gives one and pass through
The method of historical data certification current request;Third is that the validity of historical data node is calculated, so that stream process engine is recognized
It is more acurrate to demonstrate,prove result;Four there is provided a dynamic threshold adjustment modules, different from traditional artificial given threshold mode, the mould
Block is capable of providing a kind of more flexible more accurate threshold value adjusting.
Fig. 1 describes request influenza of the invention and knows that dynamic accesses control method, Fig. 2 describe the dynamic that the present invention uses
Access control model.
Step 1:Collect main body essential information and subjective environment information.When a user submits access request, this
Method handle main body essential information relevant to access request and subjective environment information are as input.Main body essential information refers to and leads
Body request relevant such as user information, resource information, operation information, subjective environment information is one with request body environmental correclation
A little variables include the fragility, menace and integrality of environment.
Specifically, a terminal cloud user submits the access request to resource to cloud platform, the security engine in cloud platform
The essential information of user is submitted to property engine and environment engine:Property engine collects the essential information of the user, and environment draws
The subjective environment information for calculating the user is held up, then both information are submitted in access control module.
Step 2:Calculate the objective security coefficient of main body.The calculating of objective security coefficient is divided into main body essential information
Several and subjective environment information security coefficient.
Access control module in cloud platform receives main body essential attribute information and subjective environment information, query strategy data
Table calculates main body objective security coefficient.
The present invention is when it is implemented, specifically include step:
Step 2-1:Main body essential information safety coefficient P (zm) calculating
In calculating essential information safety coefficient, it is proposed that regular and related to request using attribute value description of access control
Information.Each attribute is made of a key-value pair, such as " Role=Admin ".In different application scenarios, it is based on attribute
Static policies rule it is also different.The related definition of this policing rule detection module is given below:
Define 1:Request → req (S, R, C, A), request req includes S, R, C, A, represents main body, resource, context environmental
And operation.
Define 2:Attribute set → SA, RA, CA, AA, wherein:SA indicates body attribute, such as role, user group, User ID
Deng these body attributes can be by obtaining in conversational services;RA indicates Resource Properties, for describing the attribute set of resource,
Such as in an electronic health care system, indicate the health records of patient's ID attribute;CA context property, for describing requestor
Context environmental, for example, request time, communication protocol, geographical location of requestor etc.;AA indicates operational attribute, that is, requests
The movement that person wishes to carry out, such as common " reading " " writing " to file operate, and may be related in complex environment more
Movement.
Define 3:Request attribute → ATT (S), ATT (R), ATT (C), ATT (A), they respectively correspond main body S, resource R,
Context C, the attribute set for operating A:
Each attribute be then one such as<Attr, VAL, OP>The expression of triple.Wherein, attr refers to attribute, VAL table
Show the value of attribute, OP is indicated for indicating the relational operator between att and VAL, such as "=" "<""∈".
Define 4:Whether policing rule → z, policing rule are legal for detecting request essential attribute.In security policy database,
One strategy is expressed as { (ATT (S), ATT (R), ATT (C), ATT (A) | legal ∈ (0,1) }, and wherein legal indicates this rules and regulations
It is then legal or illegal.
Policy data table is the set of the rule defined according to body attribute, object attribute and Resource Properties.
A plurality of policing rule may be needed to calculate the verifying of user request, pass through query strategy tables of data
Obtain final main body essential information safety coefficient P (zm), such as one request may include attribute have:
ATT(S1)={ " department "=" sales ", " role "=" admin ", " manage level "≤" 3 " }
ATT(R1)={ " type "=" proposal document ", " region "=" W1 ", " level "≤" 4 " }
ATT(C1)={ " time " ∈<8:00,22:00>,0.5<Trust(IP)}
ATT(A1)={ " action "=" read " }
Each single item attribute is inquired by policy data table, obtains the corresponding regular inspection result of each single item attribute.Such as ATT
(S)=" role " and the corresponding policy data table of ATT (S)=" age " are as shown in table 1.
1 policy data table (part) of table
| z | ATT(S) | ATT(R) | ATT(C) | ATT(A) |
| z1 | role:manager | Type:Proposal-doc | Time:<8:00,22:00> | write |
| z2 | age:44 | Type:Proposal-doc | Time:<20:00,22:00> | Read |
| z3 | age:20 | Type:public-doc | Trust (IP)=0.7 | Write |
| z4 | role:employee | Type:public-doc | Location:Chengdu | Write Read |
| z5 | role:sectary | Type:private-doc | Location:Chengdu | Write |
| … | … | … | … | … |
The corresponding regular inspection result of each single item attribute remembers zi, i=1,2,3 ..., zi∈ { 0,1 }, the comprehensive request are all
The regular inspection result of attribute obtains main body essential information safety coefficient P (zm)
P(zm)=z1∩z2∩z3∩......
Search strategy tables of data, for each rule, when four attribute ATT (S) therein, ATT (R), ATT (C) and
There is the regulation for being unsatisfactory for the rule in ATT (A), which is denoted as 0;As four attribute ATT therein
(S), the regulation of the rule is all satisfied in ATT (R), ATT (C) and ATT (A), which is denoted as 1.That is P (zm)
∈ { 0,1 }, current request have the obstructed out-of-date P (z of an attribution rulem)=0, the P (z when all attribution rules all pass throughm)
=1.
Step 2-2:Calculate subjective environment information security coefficient M (envi):To the vulnerability metric value of current topic environment
PV, menace metric PT and integrity measurement value PR are weighted and obtain M (envi)。
The wherein PV of environment, PT, the metric form of PR are the usual metric form of this field, and value range is respectively 0
≤ PV≤1,0≤PT≤1,0≤PR≤1, the present invention do not summarize.In the present invention, the specific value of PV, PT, PR can be by correlations
Release mechanism provides.
That is subjective environment information security coefficient M (envi)=α * PV+ β * PT+ γ * PR, alpha+beta+γ=1, wherein α, beta, gamma divide
Do not indicate the weight of these three indexs PV, PT, PR, specific weight depending on not homologous ray is by different security requirements, by
Security Officer is configured.
Step 2-3:Combining main body essential information safety coefficient and subjective environment information security coefficient are calculated final
Main body objective security coefficient.
Step 3:To the evaluation coefficient of current request, the access control module in cloud platform is passing through computation requests history stream
After step 2 obtains main body objective security coefficient, data flow engine is inquired, a period of time window is obtained in data flow engine
History flow data, impact factor and historical data stream by calculating similar record finally obtain history to the evaluation of estimate of itself
Flow the evaluation coefficient to current request.
Referring to Fig. 3, the present invention is when it is implemented, specifically include step:
Step 3-1:Calculate the context influence measures factor, i.e., evaluation index of the similar main body to current request, the factor
The trust value and environmental information of historical data point are reacted.Combining environmental evaluation of estimate evaluates user's context environment.
Firstly, history window (being assumed to be n) whithin a period of time, calculates historical data stream to the context influence measures of current data point
The factor, shown in model such as formula (1):
Wherein, the size n of window is according to different Environment Definitions.Current request vector is (reqm), calculate historical record
Data measure the context of current request.In formula, j is indicated in window size before current request from m-n to m-1
Historical requests data.envmIndicate the context environmental vector of current request, envjIndicate the context of j-th of historical requests
Environment vector, sim (envm,envj) indicate context environmental vector and similarity, M (envj) indicate the main body that step 2 calculates
Environmental security coefficient.
Step 3-2:Calculate the impact factor TZ of similar recordm, TZmWhat is indicated is that historical data stream comments current request
Valence, using a kind of analysis mode of data flow increment, R (reqm) it is evaluation coefficient of the history stream to current request, each
The request of historical data stream has a R (reqj), TZmIt calculates as shown in formula (2):
Step 3-3:Evaluation of estimate TD of the calculating historical data stream to itselfm, this is because data flow there are concept drifts
The problem of, with time, the variation of environment, the effect of some historical datas can drift about, historgraphic data recording itself affect
Factor TDiIt calculates as shown in formula (3):
Step 3-4:Finally combine the two factors TZmAnd TDm, historical data stream is obtained to the evaluation coefficient R of current request
(reqm), as shown in formula (4):
R(reqm)=α .TZi+β.TDi
{ α ∈ (0,1), β ∈ (0,1), alpha+beta=1 } (formula 4)
Can be in different environments by adjusting α, the weight of β adjusts historical data context environmental or self attributes
Influence to current request, to obtain a more suitable and accurate result.For example, a cloud management user if it find that
Their cloud computing environment dynamic characteristic with higher, can moderately adjust, and improve the value of α and reduce the value of β.
Step 4:Synthesis result is calculated, overall merit module is determined according to risk assessment and policing rule as a result, meter
Final comprehensive evaluation result H (reqm) it is used for decision, it calculates as shown in formula (5):
H(reqm)=(1-dt) P (zm)+dt.R(reqm) (formula 5)
In above-mentioned formula, R (reqm) it is evaluation coefficient of the historical data stream to current request, P (zm) it is essential information safety
Coefficient.Wherein, threshold parameter dt is dynamically adjusted by the practical application of the result of decision.
Step 5:According to synthesis result H (reqm) authorized, under normal conditions administrative staff can set a trust
Value, when value-at-risk is just not authorized lower than this trust value.
The access control module of cloud platform is calculated after comprehensive evaluation result, and security centre is according to the big of this result
It is small, it determines, if authorization, to allow for operation of the cloud user to request resource to submitting the cloud user of request authorize/refuse
(such as reading and writing change operation);If refusal, the request of current cloud user can be ignored, this time result is only used as log recording to protect
It deposits.
Step 6:After request terminates, threshold value dt is dynamically adjusted according to physical record, in historical record, for every
One request requestiAll store corresponding attribute information, risk evaluation results R (reqi) and feedback factor fdi.Instead
Present factor fdiIt is provided by service provider or resource provider, the result as verifying current accessed control.A such as warp
The final overall merit obtained by this method, the result of decision are allow, are verified via service provider or resource quotient, this result is that
Correctly, then fdiIt is 1, is otherwise 0, it is specific as shown in formula (6):
Feedback factor is to be obtained by practice effect, such as S1 is to the resource request of R1, at that time risk evaluation results
It is 0.9, the final result of decision is allow, is most fed back afterwards through actual verification, this decision is correctly therefore feedback factor
fdiIt is 1.
In conjunction with feedback factor fd all in historical recordi, the threshold value dt of calculation risk module can select and be verified
Feedback factor, i.e. fdi=1, or the unacceptable feedback factor of verifying calculates, what the selection that this programme uses was verified
fdiThreshold value is adjusted, as shown in formula (7),
In formula (7), k indicates the record quantity of phase of history time window, if fdi=0, then R (reqi)·
fdi·Asi=0, which is negative-feedback;If fdi=1, then R (reqi)·fdi·Asi>0, which is positive feedback.At it
In, it is also contemplated that operation susceptibility AsiInfluence, safe operation susceptibility is as shown in table 1.Finally positive and negative feedback is combined to obtain wind
The threshold value dt of dangerous evaluation module, the threshold value can be used to adjust the weight of risk assessment in overall merit module.
2 safe operation susceptibility table of table
| id | ATT(A) | As |
| 1 | It reads | 0.2 |
| 2 | Duplication | 0.4 |
| 3 | It writes | 0.6 |
| 4 | It executes | 0.8 |
In conclusion a kind of dynamic accesses control method of multi-dimensional state perception provided by the present invention, makes access performance
It improves:One there is provided a kind of completely dynamic access control technology, which no longer restrains the formulation of static rule;Second is that having
The historical data that user is utilized of effect gives the method for authenticating current request by historical data;Third is that calculating
The validity of historical data node, so that the authentication result of stream process engine is more acurrate;Four there is provided a dynamic threshold tune
Module is saved, different from traditional artificial given threshold mode, which is capable of providing a kind of more flexible more accurate threshold value adjusting.
The above description is merely a specific embodiment, any feature disclosed in this specification, except non-specifically
Narration, can be replaced by other alternative features that are equivalent or have similar purpose;Disclosed all features or all sides
Method or in the process the step of, other than mutually exclusive feature and/or step, can be combined in any way.
Claims (7)
1. a kind of dynamic accesses control method of multi-dimensional state perception, which is characterized in that including step:
1) when cloud terminal user submits access request to cloud platform, main body essential information relevant to the access request is extracted
With subjective environment information, wherein the main body essential information is essential attribute information relevant to the access request;The master
Body environmental information is variable relevant to the access request subjective environment, fragility, menace and integrality including environment;
2) according to the main body essential information and subjective environment information, query strategy tables of data calculates main body essential information safety
Coefficient, wherein policy data table is the set of the rule defined according to body attribute, object attribute and Resource Properties, subjective environment
The calculating of information security coefficient passes through vulnerability metric value, menace metric and the integrity measurement value to current topic environment
Weighted sum obtains, wherein the fragility, menace and integrity measurement value are provided by associated safety mechanism;
3) according to the subjective environment information security coefficient, evaluation coefficient of the historical data stream to current request, institute's commentary are calculated
The impact factor and historical data stream that valence coefficient is record similar to current access request are to the weighted sum of the evaluation of estimate of itself;
4) the comprehensive main body essential information safety coefficient and the historical data stream work as the evaluation coefficient of current request
The comprehensive evaluation result of preceding access request;
5) it is made a policy according to the comprehensive evaluation result to current access request:If comprehensive evaluation result is greater than or equal to default
Access thresholds then allow current access request;Otherwise, refuse current access request.
2. dynamic accesses control method as described in claim 1, which is characterized in that further comprise that step 6) is based on a fixed number
The access request of amount dynamically adjusts the comprehensive evaluation result.
3. dynamic accesses control method as claimed in claim 2, which is characterized in that calculating and current accessed in the step 3)
Request the impact factor TZ of similar recordmSpecially:
The historical data stream is calculated first to the context influence measures factor P (req of current access requestm), using formulaWherein n indicates preset sizes of history window, (reqm) indicate current
Access request vector, m indicate the identifier of current access request, and history access request identifier j is from m-n to m-1, envmIt indicates
The context environmental vector of current access request, envjIndicate the context environmental vector of j-th of history access request, sim
(envm,envj) indicate current access request and history access request context environmental vector similarity, M (envj) indicate
Subjective environment information security coefficient;
Calculate the impact factor TZ of similar recordm, using formulaWherein P (reqj) indicate the
The context influence measures factor of j history access request, R (reqj) indicate that j-th of history access request asks current accessed
The evaluation coefficient asked;
Evaluation of estimate TD of the calculating historical data stream to itselfm, using formula
4. dynamic accesses control method as claimed in claim 3, which is characterized in that in the step 4), be based on the history
Evaluation coefficient R (req of the data flow to current requestm) and the main body essential information safety coefficient P (zm) weighted sum obtain it is comprehensive
Close evaluation result H (reqm), formula is expressed as H (reqm)=(1-dt) P (zm)+dt.R(reqm), wherein threshold value dt is default
Value.
5. dynamic accesses control method as claimed in claim 4, which is characterized in that further include being based on a certain number of access
The correctness of the decision of request dynamically adjusts the threshold value dt.
6. dynamic accesses control method as claimed in claim 5, which is characterized in that use formulaCalculate threshold value dt, wherein k indicates the access request of phase of history time window
Quantity, access request reqiFeedback factor fdiFor verifying to access request reqiThe result of access control:If being asked to access
Seek reqiDecision it is correct, then the feedback factor fdiIt is 1;It otherwise is 0;AsiIndicate access request reqiOperation susceptibility.
7. dynamic accesses control method as claimed in claim 6, which is characterized in that be based on access request reqiAction type,
Obtain operation susceptibility AsiValue:
" reading " is operated, operation susceptibility is 0.2;
" duplication " is operated, operation susceptibility is 0.4;
" writing " is operated, operation susceptibility is 0.6;
" execution " is operated, operation susceptibility is 0.8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810686982.2A CN108924120B (en) | 2018-06-28 | 2018-06-28 | Multi-dimensional state perception dynamic access control method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810686982.2A CN108924120B (en) | 2018-06-28 | 2018-06-28 | Multi-dimensional state perception dynamic access control method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108924120A true CN108924120A (en) | 2018-11-30 |
| CN108924120B CN108924120B (en) | 2020-09-25 |
Family
ID=64422882
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810686982.2A Active CN108924120B (en) | 2018-06-28 | 2018-06-28 | Multi-dimensional state perception dynamic access control method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108924120B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109543404A (en) * | 2018-12-03 | 2019-03-29 | 北京芯盾时代科技有限公司 | A kind of methods of risk assessment and device of access behavior |
| CN111931210A (en) * | 2020-08-19 | 2020-11-13 | 中国移动通信集团江苏有限公司 | Access control method, device, equipment and computer storage medium |
| CN111953633A (en) * | 2019-05-15 | 2020-11-17 | 北京奇安信科技有限公司 | Access control method and access control device based on terminal environment |
| CN114710340A (en) * | 2022-03-25 | 2022-07-05 | 绿盟科技集团股份有限公司 | Security authentication system and method |
| CN115514576A (en) * | 2022-10-09 | 2022-12-23 | 中国南方电网有限责任公司 | Access identity authentication method, device, equipment and medium for power monitoring system |
| CN117494163A (en) * | 2023-11-06 | 2024-02-02 | 深圳市马博士网络科技有限公司 | Data service method and device based on security rules |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104333542A (en) * | 2014-10-23 | 2015-02-04 | 张勇平 | Cloud computing access control system and method |
| CN104780159A (en) * | 2015-03-23 | 2015-07-15 | 中国科学院信息工程研究所 | Access control method based on dynamic trust thresholds |
| CN104935590A (en) * | 2015-06-10 | 2015-09-23 | 南京航空航天大学 | HDFS access control method based on role and user trust value |
| CN105245554A (en) * | 2015-11-24 | 2016-01-13 | 无锡江南计算技术研究所 | Dynamic property access control method in cloud environment |
| CN105493093A (en) * | 2013-09-27 | 2016-04-13 | 英特尔公司 | Mechanism for facilitating dynamic context-based access control of resources |
| CN105917627A (en) * | 2014-02-07 | 2016-08-31 | 甲骨文国际公司 | Cloud service custom execution environment |
| CN107395430A (en) * | 2017-08-16 | 2017-11-24 | 中国民航大学 | A kind of cloud platform dynamic risk access control method |
| CN107409126A (en) * | 2015-02-24 | 2017-11-28 | 思科技术公司 | System and method for protecting enterprise computing environment safety |
-
2018
- 2018-06-28 CN CN201810686982.2A patent/CN108924120B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105493093A (en) * | 2013-09-27 | 2016-04-13 | 英特尔公司 | Mechanism for facilitating dynamic context-based access control of resources |
| CN105917627A (en) * | 2014-02-07 | 2016-08-31 | 甲骨文国际公司 | Cloud service custom execution environment |
| CN104333542A (en) * | 2014-10-23 | 2015-02-04 | 张勇平 | Cloud computing access control system and method |
| CN107409126A (en) * | 2015-02-24 | 2017-11-28 | 思科技术公司 | System and method for protecting enterprise computing environment safety |
| CN104780159A (en) * | 2015-03-23 | 2015-07-15 | 中国科学院信息工程研究所 | Access control method based on dynamic trust thresholds |
| CN104935590A (en) * | 2015-06-10 | 2015-09-23 | 南京航空航天大学 | HDFS access control method based on role and user trust value |
| CN105245554A (en) * | 2015-11-24 | 2016-01-13 | 无锡江南计算技术研究所 | Dynamic property access control method in cloud environment |
| CN107395430A (en) * | 2017-08-16 | 2017-11-24 | 中国民航大学 | A kind of cloud platform dynamic risk access control method |
Non-Patent Citations (2)
| Title |
|---|
| AHMED BOUCHAMI等: ""Enhancing Access-Control with Risk-Metrics for"", 《2015 IEEE TRUSTCOM/BIGDATASE/ISPA》 * |
| AIGUO CHEN等: ""A Dynamic Risk-based Access Control Model for Cloud Computing"", 《2016 IEEE INTERNATIONAL CONFERENCES ON BIG DATA AND CLOUD COMPUTING (BDCLOUD), SOCIAL COMPUTING AND NETWORKING (SOCIALCOM), SUSTAINABLE COMPUTING AND COMMUNICATIONS (SUSTAINCOM)》 * |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109543404A (en) * | 2018-12-03 | 2019-03-29 | 北京芯盾时代科技有限公司 | A kind of methods of risk assessment and device of access behavior |
| CN109543404B (en) * | 2018-12-03 | 2019-10-25 | 北京芯盾时代科技有限公司 | A kind of methods of risk assessment and device of access behavior |
| CN111953633A (en) * | 2019-05-15 | 2020-11-17 | 北京奇安信科技有限公司 | Access control method and access control device based on terminal environment |
| CN111931210A (en) * | 2020-08-19 | 2020-11-13 | 中国移动通信集团江苏有限公司 | Access control method, device, equipment and computer storage medium |
| CN114710340A (en) * | 2022-03-25 | 2022-07-05 | 绿盟科技集团股份有限公司 | Security authentication system and method |
| CN114710340B (en) * | 2022-03-25 | 2023-05-23 | 绿盟科技集团股份有限公司 | Security authentication system and method |
| CN115514576A (en) * | 2022-10-09 | 2022-12-23 | 中国南方电网有限责任公司 | Access identity authentication method, device, equipment and medium for power monitoring system |
| CN117494163A (en) * | 2023-11-06 | 2024-02-02 | 深圳市马博士网络科技有限公司 | Data service method and device based on security rules |
| CN117494163B (en) * | 2023-11-06 | 2024-05-31 | 深圳市马博士网络科技有限公司 | Data service method and device based on security rules |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108924120B (en) | 2020-09-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108924120A (en) | A kind of dynamic accesses control method of multi-dimensional state perception | |
| US20220012672A1 (en) | Systems and methods for score genration for applicant tracking | |
| US20220353274A1 (en) | Managing verification repositories to facilitate real-time servicing of verification queries | |
| US11146394B2 (en) | Systems and methods for biometric key generation in data access control, data verification, and path selection in block chain-linked workforce data management | |
| CN107395430B (en) | Cloud platform dynamic risk access control method | |
| US9059982B2 (en) | Authentication federation system and ID provider device | |
| US10984410B2 (en) | Entity-sovereign data wallets using distributed ledger technology | |
| EP3736723B1 (en) | Differentially private budget tracking using renyi divergence | |
| US20090271635A1 (en) | Methods and systems for authentication | |
| EP3923207A2 (en) | Clustering techniques for machine learning models | |
| CN108804909B (en) | Method for carrying out block chaining evidence storage processing on detection data | |
| EP3742700B1 (en) | Method, product, and system for maintaining an ensemble of hierarchical machine learning models for detection of security risks and breaches in a network | |
| CN106209821A (en) | The big data management system of information security based on credible cloud computing | |
| KR101250616B1 (en) | An access right control method and device in social networks | |
| Sun | Research on the tradeoff between privacy and trust in cloud computing | |
| CN116186757A (en) | Method for publishing condition feature selection differential privacy data with enhanced utility | |
| WO2023192175A1 (en) | Device-agnostic access control techniques | |
| Saha et al. | A novel two phase data sensitivity based access control framework for healthcare data | |
| Shen et al. | Blockchain-based lightweight and privacy-preserving quality assurance framework in crowdsensing systems | |
| CN113824739B (en) | User authority management method and system of cloud management platform | |
| CN113392385B (en) | User trust measurement method and system in cloud environment | |
| CA3179224A1 (en) | Bias detection and reduction in a machine-learning techniques | |
| WO2020130082A1 (en) | Analysis query response system, analysis query execution device, analysis query verification device, analysis query response method, and program | |
| CN113486311B (en) | Access authorization method and device | |
| CN117278329B (en) | Application resource dynamic control access method based on zero trust gateway |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |