CN112134848B - Fusion media cloud self-adaptive access control method, device, terminal and medium - Google Patents

Fusion media cloud self-adaptive access control method, device, terminal and medium Download PDF

Info

Publication number
CN112134848B
CN112134848B CN202010876532.7A CN202010876532A CN112134848B CN 112134848 B CN112134848 B CN 112134848B CN 202010876532 A CN202010876532 A CN 202010876532A CN 112134848 B CN112134848 B CN 112134848B
Authority
CN
China
Prior art keywords
security level
user
media
media resource
integrity
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010876532.7A
Other languages
Chinese (zh)
Other versions
CN112134848A (en
Inventor
陈卫平
琚宏伟
邓晖
赵勇
林莉
孙侃
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Media Group
Original Assignee
China Media Group
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Media Group filed Critical China Media Group
Priority to CN202010876532.7A priority Critical patent/CN112134848B/en
Publication of CN112134848A publication Critical patent/CN112134848A/en
Application granted granted Critical
Publication of CN112134848B publication Critical patent/CN112134848B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Abstract

The embodiment of the application provides a fusion media cloud self-adaptive access control method, a fusion media cloud self-adaptive access control device, a fusion media cloud self-adaptive access control terminal and a fusion media cloud platform media resource access control medium, and aims to solve the problems of high security risk and poor usability in the related technologies. The method for integrating the media cloud self-adaptive access control comprises the following steps: receiving an access request for accessing media resources, which is initiated by a user; when the user is determined to have the access right according to the acquired role information of the user, determining risk information of the user accessing the media resource according to the role information and the acquired context environment information; and when the risk information meets a preset condition, allowing the user to access the media resource under the current context environment.

Description

Fusion media cloud self-adaptive access control method, device, terminal and medium
Technical Field
The present application relates to a technology for controlling access to media resources of a converged media cloud platform, and in particular, to a method, an apparatus, a terminal, and a medium for controlling adaptive access to a converged media cloud.
Background
At present, the broadcasting and television industry is promoting the integration development of the traditional media and the emerging media of the broadcast television comprehensively, leading-edge new technologies such as cloud computing, 5G, AI and big data are used as the business production enabling, an integration media system based on a hybrid cloud architecture is constructed, and a novel, convenient, rapid and safe integration media production and broadcasting application is created.
In the related technology, a mixed cloud architecture-based converged media system usually deploys a service foreground on a public cloud and deploys a service support middle station on an exclusive cloud and a private cloud, so that the advantages and resources of the public cloud and the private cloud can be comprehensively utilized, the sudden increase of the burst access volume of a large-scale user can be effectively coped with, and the IT resource elastic requirements of different services of a broadcast television station can be met.
However, for the converged media resource cloud storage service, due to the close interaction between the public cloud and the internet, the personnel structure is more complex, when the media resources with high security level are stored on the public cloud, if the authority limit is not tight, an attacker can directly connect the storage to tamper the content file, and the security risk is higher; if all media resources are stored in the exclusive cloud or the private cloud, the availability of new media foreground services such as mobile mining, editing and broadcasting will be seriously affected.
Disclosure of Invention
The embodiment of the application provides a fusion media cloud self-adaptive access control method, a device, a terminal and a medium, which are used for solving the problems of high security risk and poor usability in the related technology.
A first aspect of an embodiment of the present application provides a converged media cloud adaptive access control method, including:
receiving an access request for accessing media resources, which is initiated by a user;
when the user is determined to have the access right according to the acquired role information of the user, determining risk information of the user accessing the media resource according to the role information and the acquired context environment information;
and when the risk information meets a preset condition, allowing the user to access the media resource in the current context environment.
A second aspect of the embodiments of the present application provides a converged media cloud adaptive access control device, including:
the access control module is used for receiving an access request for accessing the media resource, which is initiated by a user; and the system is also used for allowing the user to access the media resource under the current context environment when the risk information meets the preset condition
And the risk determining module is used for determining the risk information of the user accessing the media resource according to the role information and the acquired context environment information when the user is determined to have the access right according to the acquired role information of the user.
A third aspect of the embodiments of the present application provides a terminal, including:
a memory;
a processor; and
a computer program;
wherein the computer program is stored in the memory and configured to be executed by the processor to implement the method as described in the preceding.
A fourth aspect of embodiments of the present application provides a computer-readable storage medium having a computer program stored thereon; the computer program is executed by a processor to implement the method as described in the foregoing.
The embodiment of the application provides a fusion media cloud self-adaptive access control method, a fusion media cloud self-adaptive access control device, a fusion media cloud self-adaptive access control terminal and a fusion media cloud self-adaptive access control medium.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
FIG. 1 is a schematic flow chart of a method provided in an exemplary embodiment;
FIG. 2 is a schematic flow chart of a method provided in another exemplary embodiment;
fig. 3 is a signaling diagram of a method provided by an exemplary embodiment;
FIG. 4 is a block diagram illustrating a method according to an exemplary embodiment;
fig. 5 is a block diagram of an apparatus according to an exemplary embodiment.
Detailed Description
In order to make the technical solutions and advantages of the embodiments of the present application more apparent, the following further detailed description of the exemplary embodiments of the present application with reference to the accompanying drawings makes it clear that the described embodiments are only a part of the embodiments of the present application, and are not exhaustive of all embodiments. It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict.
In the related technology, a mixed cloud architecture-based converged media system usually deploys a service foreground on a public cloud and deploys a service support middle station on an exclusive cloud and a private cloud, so that the advantages and resources of the public cloud and the private cloud can be comprehensively utilized, the sudden increase of the burst access volume of a large-scale user can be effectively coped with, and the IT resource elastic requirements of different services of a broadcast television station can be met.
However, for the cloud storage service of the converged media resources, due to the close interaction between the public cloud and the internet, the personnel structure is more complicated, when the media resources with high security level are stored on the public cloud, if the limit of the authority is not strict, an attacker can directly connect the storage and tamper the content file, and the security risk is higher; if all media resources are stored in the exclusive cloud or the private cloud, the availability of new media foreground services such as mobile mining, editing and broadcasting will be seriously affected. Therefore, how to realize fine-grained control of access authority according to business requirements, which not only ensures the storage safety of the access authority, but also does not influence the business availability becomes a problem to be solved urgently in the industry.
The inventor finds in the research process that although solutions for controlling access exist in the related art, the solutions still have difficulty in meeting the requirements of the converged media due to the characteristics of multiple user types, multiple access modes, multiple access environments and the like. Specifically, the method comprises the following steps:
in some schemes, on the basis of an access control model of attributes and risks, a multi-dimensional state perception dynamic access control method is provided by utilizing the current state of a user in an access control technology, and the method identifies the current state (basic attribute information and the like) requested by the user and other unknown multi-dimensional analysis states (subject objective safety factor, evaluation coefficients of request historical flow to the current request and the like) to the current request state through analysis processing of a request flow, so that the aim of improving the accuracy of the access control method is fulfilled, and more accurate access control is realized. According to the scheme, the related attribute information of each access request, the risk evaluation result of the historical flow and the like are required to be stored, although the multi-dimensional state perception can be achieved to a certain extent, for the actual scenes of multiple user types, multiple access modes and flexible access demand of the fusion media cloud environment, the multi-dimensional state analysis of the request flow for each access is unrealistic, and the problems of fusion media service performance bottleneck and the like can be caused.
In other schemes, reputation modeling is carried out on user behaviors by inheriting thought hierarchical description access rights, and a cloud authentication center builds a mapping relation of a model according to the historical reputation of a user and a user role tree and grants an identity token. The cloud authentication center monitors the behavior change of the user in real time, and the comprehensive credibility of the user is dynamically adjusted to judge the credibility of the user. The scheme calculates the credit degree of the user based on the historical behavior of the user, realizes dynamic access control according to the credit degree of the user, does not consider the influence of the environment state of the user on the access authority of the user, and cannot meet the dynamic access control requirement brought by various user access modes and access environments in a converged media cloud environment.
In still other schemes, firstly, performing permission division based on a minimized permission principle on all resource permissions to form a permission containing set, and then, packaging and controlling the minimized permissions according to specific permission requirements of different roles by a system administrator through an editing control function set to form individual permission sets which jointly form a permission set; and the system gives the user the authority set of the user role in the authority set. The administrator can dynamically control the distribution of the authority only by editing the control function set. Although the scheme provides the access control based on role adjustment, the role assigns a fixed minimum right in advance, so the scheme is a static access control method, lacks risk assessment of information such as the environment where the user accesses, and cannot be applied to the converged media cloud environment with various user access environments and various access requirements.
In addition, although the classic attribute-based access control technology considers the environment attributes of users and resources during authorization, the classic attribute-based access control technology only performs static authorization based on the attributes of the objects and the objects marked in advance and the environment attributes, lacks measurement and evaluation on access risks, does not support real dynamic authorization, and cannot meet the dynamic access control requirements brought by the characteristics of various types of access users, various access modes, various access environments and the like of the converged media cloud environment. Therefore, the invention aims at the problems that under the fusion media cloud environment, a large number of PGC professionals are required to carry out media asset collecting, editing and broadcasting under various different environments (different places, different networks and the like) for collecting, editing and broadcasting services of news media and the like, and common UGC users can also access the fusion media cloud platform by using various types of equipment, so that the potential risks of media resource leakage, damage and the like exist.
In summary, the related art has the following problems:
(1) The self-adaptive access control can not be realized according to the characteristics of multiple types of fusion media users, strong mobility, various access environments and the like;
news media needs a large amount of personnel to collect, compile and broadcast media assets, and an access request is initiated to the converged media cloud platform under various different environments (uncontrolled network, location and the like), so that the risk of potential media resource leakage damage and the like is brought to the platform. For example, the identity role of the user has an access right to a media resource (a news broadcast file, a conference file, etc.) with a higher security level, but if the user is in an insecure network environment when accessing the media resource in an off-site different network, or uses an unauthenticated device to access the media resource, the access request of the user may have security risks such as tampering damage, unauthorized access, etc., and thus the access request cannot be given with the right to the user simply by judging the security level, role or attribute, etc., which results in that the classical static access control technology based on the security level, role and attribute cannot be directly applied to the converged media cloud platform.
(2) The fine-grained division and control of the user authority are difficult to realize under the conditions that the number and types of users on the converged media cloud platform are large, different media resources have different safety protection requirements and the like.
At present, the main problem of the access control system in the converged media environment in controlling the user authority is that the granularity of the sensitive authority is too coarse. For example, in the process of storing and applying media content, if the authority limit of an accessor is not strict, the accessor can obtain the authority beyond the regulation, and the accessor may be directly connected with storage, so that the file content is tampered, leaked and lost, and a broadcasting safety accident is caused, so that related personnel are ensured to have the minimum authority, and the division and the control of the authority with fine granularity are very important. The invention integrates the access control ideas based on roles and attributes, and adopts an access control strategy which takes the roles as the center and takes the attributes as the auxiliary in the integrated media cloud access control so as to meet the requirement of fine-grained control on user authority. Meanwhile, the security levels of different media resources in the converged media cloud platform are different greatly, and the requirements on the integrity, confidentiality and availability of the different media resources are different, however, most of the current access control systems store the data resources at the same logic position, and cannot achieve the isolation and independent management application of the resources.
In order to overcome the above problems, embodiments of the present application provide a method, an apparatus, a terminal, and a medium for fusion media cloud adaptive access control, where fine-grained permissions of fusion media cloud users are divided, risk assessment is performed according to context environments of the users, and whether the users are allowed to access media resources is determined according to the permissions and risk conditions of the users, so that adaptive access control of a fusion media cloud platform on users in different environments is achieved, and not only can security risks of the media resources be reduced, but also usability of the media resources can be ensured.
In the application, in the complex converged media cloud platform in the cloud computing environment, the decision result of the access control system should be changed along with the change of the context environment of a user accessing the converged media cloud platform. For example, a news file is a file played on a fusion media full platform, and has high security and privacy requirements, so that the fusion media cloud platform requires that news workers (news clippers, news auditors, and the like) can only use an intranet and equipment in the intranet to complete work, and when the news workers access the news file in a cooperative unit by using equipment in the cooperative unit, the access control system denies (the access control system determines, through calculation, that the access of the current environment has a risk of damaging the news file) the access request of the news workers. Therefore, context environment is introduced based on the current complex converged media cloud environment, and the access authority of the user to media resources (cloud application service, video picture resource files and the like) is determined jointly according to the context environment information and the identity attribute (namely, role) of the converged media cloud user, so that fine-grained self-adaptive access control of the user is realized.
The method and the device define the access control strategy of the converged media cloud by taking a role main body as a center and taking role attributes as auxiliary so as to realize fine-grained authority division of users of the converged media cloud. In addition, under the media resource access authority owned by the role of the subject, the risk value calculation of the real-time environment where the role of the subject is located is added, whether the user can access the media resource object file or not is judged by comprehensively matching the security level of the role of the subject, the security level of the media resource with different confidentiality, integrity and availability requirements and the risk generated by the context environment of the role of the subject, and finally, the self-adaptive access control is realized in the converged media cloud platform. In addition, the method and the device can distribute different ratio weights according to different integrity, confidentiality and availability requirements of different services on the media resources, and manage the media resources according to the fine-grained security level.
The functions and implementation processes of the converged media cloud adaptive access control method provided by this embodiment are described below with reference to the accompanying drawings.
As shown in fig. 1, this embodiment provides a converged media cloud adaptive access control method, which includes:
s101, receiving an access request for accessing media resources, wherein the request is initiated by a user;
s102, when the user is determined to have the access right according to the acquired role information of the user, determining risk information of the user for accessing media resources according to the role information and the acquired context environment information;
s103, when the risk information meets the preset condition, allowing the user to access the media resource in the current context environment.
In step S101, an access request sent by a user through a client is received. The access request also comprises information such as identification or number of the media resource requested to be accessed, so as to facilitate quick determination of the media resource requested to be accessed by the user. In some examples, the access request may also include role information for the user. The role information of the user is used to represent the role attributes of the user. In some examples, the access request may also include contextual environmental information of the user. The context environment information includes: the user sends the surrounding environment information of the access request at present; for example, the time of access (temporal context), the location of the place where the user is located (location context), the network environment (network context), and the device information used (device context), etc. are included. In the complex converged media cloud platform of the cloud computing environment, along with the change of context environment information of a user accessing the converged media cloud platform, a corresponding decision result should also be changed accordingly.
In specific implementation, a user can perform identity authentication through a client, and after the identity authentication is passed, the user can send an access request through the client. The corresponding role can be determined from the preset role set according to the user information in the process of identity authentication of the user, the corresponding role is given to the user after the identity authentication is passed, and the user can be used as a corresponding role main body to initiate access. The user information may include information such as the user's name, job title, job content, etc.
In step S102, it is first determined whether the user has an access right to the media resource; and when the user is determined to have the access right to the media resource, judging whether the user is allowed to access the media resource under the current context environment according to the risk information determined based on the context environment information.
As shown in fig. 2 and 3, the determining whether the user has the access right to the media resource includes:
s1021, determining an authority set of a role main body corresponding to the user according to the acquired role information of the user;
s1022, when the access right of the media resource exists in the right set of the role body, determining that the user has the access right;
the method further comprises the following steps:
and S104, when the access right of the media resource does not exist in the right set of the role body, determining that the user has no access right, and refusing the user to access the media resource.
Before step S1021, according to the service requirement, the permission set requirement, and the personnel distribution condition of the fusion media cloud platform, selecting a corresponding role Clustering method (K-Means), spectral Clustering (Spectral Clustering), hierarchical Clustering (Hierarchical Clustering), and the like), and Clustering to analyze the role set on the fusion media cloud platform. The selection of the role clustering algorithm is not required or limited in the present application, and may be determined according to actual situations.
Selecting a corresponding role Clustering method (K-Means) and spectrum Clustering (Spectral Clustering) according to the service requirements, the permission set requirements and the personnel distribution condition of the converged media cloud platform, analyzing the functional permission of each role and the security level of media resources to be operated after a hierarchical Clustering administrator clusters the roles, and then endowing the roles with corresponding permission sets and security levels; wherein, the authority set can be embodied in the form of a role authority table. I.e. the role assigned to its corresponding attribute, according to the work content and the relevant nature of the particular person. When a user is assigned a role, the user has the security level of the role and obtains the set of permissions to which the role is assigned.
For example, in the application of a fusion media video file editing and publishing service, there are roles of a common user, a video editor, a video auditor and the like; the subjects corresponding to the roles (which may be referred to as role subjects) all need to access media resources (which may also be referred to as object resources) such as general video files and real-time news videos.
For the role of the auditor for the broadcast program of the fusion media, the work is to audit and ensure the safety, the correctness and the like of the broadcast file, and the work of the role is very important for the fusion media platform, so the role has higher safety level and can be endowed with higher safety level; in a specific implementation, the security level may be set to 10, and the higher security level is greater than or equal to 7. For example, as shown in table 1, in the converged media cloud platform, a generic registered user role is assigned a security level of 3; as shown in table 1.
Table 1 role security level assignment table example
Character Level of security
Generic registered user 3
In step S1021, after the user initiates an access request to the media resource, it is obtained whether the user has an access right to the media resource according to the obtained role information of the user, specifically according to the role principal and the role attribute corresponding to the user, and according to a preset access control policy. The access control policy may specifically include: the permissions existing in the permission set of the role body have access permissions for the user, as shown in step S1022; the authority which does not exist in the authority set of the role body is that the user does not have access authority, and the user is refused to access. If the user does not have the right to access the media resource on the premise of risk-free calculation, directly returning to the access refusing request (step S104); otherwise, risk calculation is required.
In the converged media cloud platform, media resources of different security levels have different security requirements for confidentiality, integrity and availability. Therefore, the present application divides the security level according to the importance of the media resource object in advance, and sets the corresponding weight values according to different requirements of the media resource object for Confidentiality (C), integrity (I), and Availability (a), as shown in table 2. When a user initiates an access request to a cloud platform object media resource in different context environments, the influences on C, I, and a of the media resource are different, as shown in table 3.
Table 2 example security levels and C, I, a weights for media asset objects
Figure GDA0003905118620000091
Figure GDA0003905118620000101
Table 3 example C, I, a impact risk value of media asset in environment where main body is located
Context environment Privacy risk Risk of integrity Risk of availability
Case 1 (context 1) 0 0 0
Case 2 (context 2) 2 1 1
For convenience of description, some symbols of the present embodiment are explained as follows:
role principal security level: subject Security Rank, abbreviated as SSR;
media resource security level: resource Security Rank, abbreviated RSR;
weight requirements of media resource object for confidentiality: resource Confidentiality Weight, abbreviated RW C
Weight requirement of media resource object for integrity: resource integration Weight, abbreviated RW I
Weight requirement of media resource object for availability: resource Availability Weight, abbreviated RW A
Subject environment information: subject Environment Information, abbreviated SEI;
risk value of subject environment information for confidentiality of media resource: subject Environment Confidentiality Risk, abbreviated SER C
Risk value of subject context information for media resource integrity: subject Environment integration Risk, abbreviated SER I
Risk value of subject context information for availability of media resources: subject Environment Availability Risk, abbreviated SER A
When the user is determined to have the access right to the media resource, the security level of the access request to the media resource C, I and A is calculated according to the context environment where the current user is located and the security level of the user role, meanwhile, the security level requirements of the access request to the media resource C, I and A are calculated according to the security level of the media resource and the weight of the media resource C, I and A, and then whether the user can access the object media resource in the current context environment is judged.
Determining risk information of the user accessing the media resource according to the role information and the context environment information, wherein the risk information comprises the following steps:
s1023, determining the security level of the role body corresponding to the user according to the acquired role information of the user; acquiring the weight requirements of the media resources on confidentiality, integrity and availability; acquiring the risk values of the confidentiality, integrity and availability of the context environment to the media resources according to the acquired context environment information;
and S1024, respectively determining a security level, an integrity security level and an availability security level according to the security level, the weight requirement and the risk value.
Wherein the context information may be obtained from the access request, or after determining that the user has the access right, obtaining the detected context information. The security level of the role body can be searched and obtained from the corresponding security level table. The risk values for confidentiality, integrity and availability may be looked up from the corresponding environmental risk table.
Specifically, the security level of the confidentiality of the role body for the media resource to be accessed under the current environment is determined according to the following formula (1):
Figure GDA0003905118620000111
wherein SSR is role principal Security level, RW C Is the weight requirement of the media resource object for confidentiality, n is the number of the environment information of the subject which needs to be considered under the fusion media,
Figure GDA0003905118620000112
a risk value representing the confidentiality of the media resource by the i-context information, the i-context information representing the i-th element in the context information.
Determining the integrity security level of the role body to the media resource to be accessed under the current environment according to the following formula (2):
Figure GDA0003905118620000113
wherein SSR is role principal Security level, RW I Is the weight requirement of the media resource object for confidentiality, n is the number of the environment information of the subject which needs to be considered under the fusion media,
Figure GDA0003905118620000114
representing the risk value of i environment information to the integrity of the media asset.
The security level of the availability of the character principal to access the media resource under the current environment is determined according to the following formula (3):
Figure GDA0003905118620000121
wherein SSR is role principal Security level, RW A Is the weight requirement of the media resource object for confidentiality, n is the number of the environment information of the subject which needs to be considered under the fusion media,
Figure GDA0003905118620000122
a risk value representing the availability of the i environment information to the media resource.
Accordingly, step S103 may include:
s1031, respectively determining the security level requirement, the integrity security level requirement and the availability security level requirement of the media resource according to the security level of the acquired media resource and the weight requirements of the media resource on the security, the integrity and the availability;
s1032, when the confidentiality security level is larger than or equal to the confidentiality security level requirement, the integrity security level is larger than or equal to the integrity security level requirement, and the availability security level is larger than or equal to the availability security level requirement, allowing the user to access the media resources under the current context environment;
the method further comprises the following steps:
and S105, when the security level is less than the security level requirement, or the integrity security level is less than the integrity security level requirement, or the availability security level is less than the availability security level requirement, denying the user to access the media resource.
Wherein, the security level of the media resource can be searched and obtained from the corresponding security level table.
In step S1031, the confidentiality security level requirement R of the media resource is determined according to the following formula C
R C =RSR×RW C (ii) a Formula (4)
Determining an integrity security level requirement R for a media asset according to the following formula I
R I =RSR×RW I (ii) a Formula (5)
Determining an availability security level requirement R for a media resource according to the following formula A
R A =RSR×RW A (ii) a Formula (6)
Wherein RSR represents a security level of the media resource; RW (R-W) C A weight requirement for confidentiality representing the media resource object; RW (R-W) I A weight requirement for integrity of the media asset object is represented; RW (R-W) A Representing the weight requirements of the media resource object for availability.
Then, comparing the result of formula (1) with the result of formula (4); comparing the result of formula (2) with the result of formula (5); the result of equation (3) is compared with the result of equation (6).
And judging whether the user is allowed to orient the media resource under the current context environment according to the comparison result. When the confidentiality security level is greater than or equal to the confidentiality security level requirement, the integrity security level is greater than or equal to the integrity security level requirement, and the availability security level is greater than or equal to the availability security level requirement, allowing the user to access the media resources under the current context environment; as shown in step S1032. Otherwise, the user is denied access to the media resource. That is, when the security level is less than the security level requirement, or the integrity level is less than the integrity level requirement, or the availability level is less than the availability level requirement, the user is denied access to the media resource; as shown in step S105.
According to the embodiment, firstly, the security levels are divided for the media resources of the converged media cloud platform, and corresponding weights are distributed according to different requirements of the media resources on confidentiality, integrity and availability, so that the media resources are classified, stored and managed according to the fine-grained security levels. In the embodiment, the role is taken as the center, and the attribute is taken as the auxiliary to define the access control strategy of the converged media cloud, so as to realize the fine-grained authority division of the converged media cloud user. In addition, under the media resource access authority owned by the subject role, the risk value calculation of the real-time environment where the subject is located is added, whether the cloud user can access the media resource object file or not is judged by comprehensively matching the security level of the subject, the security level of the media resource with different confidentiality, integrity and availability requirements and the risk generated by the context environment of the subject, and finally, the self-adaptive access control is realized in the converged media cloud platform.
The following describes an implementation procedure of the present embodiment with reference to a specific example.
As shown in fig. 4, the architecture of the apparatus corresponding to the method of the present embodiment is first illustrated. The device corresponding to the method of the embodiment comprises an access control module and a risk determination module; the access control module includes: the system comprises a policy execution point, a policy decision point, a policy management point, a context information point and a policy processor. The parts in fig. 4 are explained:
role body (Subject, abbreviated as S): a visitor requesting to perform an operation on a certain type of media resource represents a converged media cloud user.
Media Resource (Media Resource, abbreviated MR): the converged media cloud platform provides cloud application services, video picture resource files and the like for the role master body to execute operations;
policy Enforcement Point (Policy Enforcement Point, abbreviated as PEP): receiving an access request of a user, and releasing or forbidding the information interaction between the converged media cloud user and the media resources according to a result fed back by the strategy decision point;
policy Handler (Policy Handler, abbreviated PH): converting the format of the access request and the returned decision result into a unified format (such as XACML) of an access control module, acquiring the role attribute of the user and the corresponding context environment information from a context information point, and sending the user role attribute and the corresponding context environment information to the PDP;
context Information Point (CIP): the integrated media cloud platform is responsible for collecting and managing role attribute information including role main bodies and media resources, context environment information (networks, equipment, positions and the like) related to main body users and the like;
policy Decision Point (Policy Decision Point, abbreviated PDP): judging whether the cloud user request is allowed or not, and deciding whether the user has the permission to access the media resources or not according to the risk value of the environment where the user is located, the user role attribute and the access control strategy of the media resources in the converged media cloud platform 5);
policy Administration Point (Policy Administration Point, abbreviated PAP): creating, maintaining and managing an access control strategy of media resources in the converged media cloud platform;
access Policy Information (Access Policy Information, abbreviated API): storing and maintaining an access control strategy set of media resource files in a converged media cloud platform;
role Permission table (Role Permission, abbreviated RP): the system is used for storing the authority possessed by each role after role clustering;
body/media Resource Rank table (Subject/Resource Rank, abbreviated SR/RR): a security level table for storing role host and object resources;
risk determination module (Risk Calculation, abbreviated as RC): calculating the risk value of the access behavior by combining a role main body/media resource grade table (SR/RR) and a user context environment through a certain algorithm;
environmental Risk table (environmental Risk Rank, abbreviated ERR): and storing a risk value table of different environments where the role body is located.
The implementation process based on the above architecture is exemplified: the main body initiates an access request to a PEP of the access control module; the PEP initiates a request to the policy processor according to the access request; the strategy processor requests the PDP to judge whether the user has the access right to the media resource, if so, the PDP sends a request for acquiring the context information to the strategy processor; the policy handler sends the request for obtaining the context information to the CIP; the CIP acquires context information of the current environment of the user and returns the context information to the policy processor; the policy processor returns the context information to the PDP; PDP sends request for obtaining strategy information to PAP; the PAP returns corresponding policy information to the PDP to return a corresponding access control policy to the PDP, wherein the access control policy may include: the user has the access right to the media resource and initiates the calculation of the risk information; the PDP sends a risk calculation request (namely a request for determining risk information) to a risk determination module according to the access control strategy; the risk determining module obtains corresponding risk value information and security level information from the corresponding environment information table and level table, the risk determining module determines the risk value (also called security level) of the media resource accessed by the user in the current environment, and returns the determined risk value to the PDP, the PDP judges whether the risk value meets the corresponding security level requirement, and returns the judgment result to the policy processor, the policy processor returns the judgment result to the policy executing point, and the policy executing point returns the information of refusing access to the main body or returns the obtained media resource to the main body.
In specific implementation, the Security level (SSR) of each role is shown in table 4. Media Resource Security level (RSR) and weight on confidentiality (C), integrity (I) and availability (a) requirements, as shown in table 5.
TABLE 4 Security level of roles
Main body Level of security
General users 3
Video editing person A 5
Video auditor 6
Converged media manager 8
Table 5 media resource security level and weighting table for confidentiality, integrity and availability requirements:
Figure GDA0003905118620000161
the context environment where the user is actually located includes the following three parts: a Network Context Environment (NCI), a Device Context Environment (DCI), and a Location Context Environment (LCI); the network context environment is specifically IP identification and the like, the device context environment is specifically device number and the like, and the location context environment is specifically GPS positioning and the like. The risk correspondence for each environmental element is shown in tables 6-8.
TABLE 6 risks of NCI impact on C, I, A of media resources
Figure GDA0003905118620000162
TABLE 7 risks of DCI impact on C, I, A of media resources
Device information Privacy risk Risk of integrity Risk of availability
Cloud platform registered device 0 0 0
Cloud platform unregistered equipment 3 1 1
Table 8 risk table of LCI impact on C, I, a of media resources:
Figure GDA0003905118620000171
referring to fig. 3, when a video clipmaker a accesses a syndicated media real-time news video B using a collaborative unit's machine (registered device) in an office building of a collaborative unit C, the method includes the steps of:
step 1: after the video editing personnel A is authenticated, an access request is initiated through a client;
step 2: after an access control module receives an access request initiated by a user, a Policy Decision Point (PDP) obtains attributes of a subject user (S) and an object resource (R), role authority information (RP) and Access Policy Information (API) from a Context Information Point (CIP) and a policy management point (PAP) through a policy Processor (PH), then judges the authority of a video cutting person A, and if the roles and the attributes owned by the video cutting person A comprise the authority of accessing a news video B, the PDP sends the subject user information, the object resource information and the context environment information where the user is located, which are obtained from the CIP, to a risk calculation module;
and step 3: after receiving the relevant information sent in step 2, the risk calculation module firstly queries a subject/resource level table (SR/RR) and an environmental risk table (ERR) to obtain the security level of a subject user, the security level of an object resource and a risk value of the current environment on the object resource;
specifically, the safety level SSR of the frequency cutting person a is 5; security level, RW, for real-time news video B C 、RW I 、RW A 3, 0.2, 0.3 and 0.5 in sequence; the confidentiality risk value, the integrity risk value and the availability risk value corresponding to the NCI are all 1; the confidentiality risk value, the integrity risk value and the availability risk value corresponding to the DCI are all 0; the confidentiality risk value, the integrity risk value and the availability risk value corresponding to the DCI are all 1.
And 4, step 4: after the Risk Calculation (RC) in the risk calculation module obtains the corresponding information in the step 4, calculating the security level of the confidentiality, the integrity and the availability of the object resource to be accessed of the subject user under the current environment through the formulas (1), (2) and (3);
and in addition, the security level requirements of confidentiality, integrity and availability of the object media resources are calculated through (4), (5) and (6).
On the premise that the role of A has the authority to access B, the risk information is as follows:
the security level of the security of the video clippers A in the office building of the cooperative entity C for accessing the news video B using the machines of the cooperative entity is:
SC=5*0.2–1*0.2-0*0.2–1*0.2=0.6。
the integrity security level of the video clippers a accessing the news video B using the collaboration unit's machine in the collaboration unit C office building is:
SI=5*0.3–1*0.3–0*0.3–1*0.3=0.9;
the confidentiality and security level requirements of the fusion media real-time news video B are as follows: RC =3 × 0.2=0.6;
integrity security level requirements for the fusion media real-time news video B: RI =3 × 0.3=0.9;
the availability security level requirements of the fusion media real-time news video B are as follows: RA =3 × 0.5=1.5.
And 5: after the risk calculation module performs the risk calculation in the step 5, the risk value is returned to the PDP;
step 6: the PDP determines that (SC (0.6) ≧ RC (0.6)) AND (SI (0.9) ≧ RI (0.9)) AND (SA (1.5) ≧ RA (1.5)) holds, determines that the video clippers A are allowed to access the syndicated media live news video B at the office building of the collaboration C, AND the PEP in the access control module returns the syndicated media live news video B to the user.
The present embodiment further provides a converged media cloud adaptive access control device, which corresponds to the foregoing method embodiment, and is the same as the foregoing embodiment, and further description is omitted in this embodiment.
The converged media cloud adaptive access control device provided by the embodiment includes:
an access control module 11, configured to receive an access request for accessing a media resource, where the access request is initiated by a user; and allowing the user to access the media resource under the current context environment when the risk information meets the preset condition
And the risk determining module 12 is configured to determine risk information of the user accessing the media resource according to the role information and the acquired context environment information when it is determined that the user has the access right according to the acquired role information of the user.
In one possible implementation manner, the access control module 11 is specifically configured to:
determining an authority set of a role main body corresponding to a user according to the role information of the user;
and when the access right of the media resource exists in the right set of the role body, determining that the user has the access right.
In one possible implementation manner, the access control module 11 is further configured to:
when the access right of the media resource does not exist in the right set of the role body, determining that the user has no access right;
the user is denied access to the media resource.
In one possible implementation, the risk determining module 12 is specifically configured to:
determining the security level of a role main body corresponding to the user according to the acquired role information of the user; acquiring the weight requirements of the media resources on confidentiality, integrity and availability; acquiring the risk values of the confidentiality, integrity and availability of the context environment to the media resources according to the acquired context environment information;
and respectively determining a security level, an integrity security level and an availability security level according to the security level, the weight requirement and the risk value.
In one possible implementation, the risk determining module 12 is specifically configured to:
determining a security level S according to the following formula C
Figure GDA0003905118620000191
Determining an integrity security level S according to the following formula I
Figure GDA0003905118620000192
Determining an availability security level S according to the following formula A
Figure GDA0003905118620000193
Wherein, the SSR represents the security level of the role body;RW C a weight requirement for confidentiality representing the media resource object; RW (R-W) I A weight requirement for integrity of the media asset object is represented; RW (R-W) A Representing a weight requirement of the media resource object for availability; n represents the number of the environment information of the main body which needs to be considered under the fusion media;
Figure GDA0003905118620000201
a risk value representing i confidentiality of the environment information to the media resource; />
Figure GDA0003905118620000202
A risk value representing i the environment information versus the integrity of the media asset;
Figure GDA0003905118620000203
a risk value representing the availability of the i environment information to the media resource.
In one possible implementation manner, the access control module 11 is specifically configured to:
respectively determining the security level requirement, the integrity security level requirement and the availability security level requirement of the media resources according to the security level of the acquired media resources and the weight requirements of the media resources on the security, the integrity and the availability;
the user is allowed to access the media resource in the current context when the confidentiality security level is greater than or equal to the confidentiality security level requirement, the integrity security level is greater than or equal to the integrity security level requirement, and the availability security level is greater than or equal to the availability security level requirement.
In one possible implementation manner, the access control module 11 is specifically configured to:
determining a security level requirement R for a media resource according to the following formula C
R C =RSR×RW C
Determining an integrity security level requirement R for a media asset according to the following formula I
R I =RSR×RW I
Determining an availability security level requirement R for a media resource according to the following formula A
R A =RSR×RW A
Wherein, RSR represents the security level of the media resource; RW (R-W) C A weight requirement representing the media resource object for privacy; RW (R-W) I A weight requirement for integrity of the media asset object is represented; RW (R-W) A Representing the weight requirements of the media resource object for availability.
In one possible implementation manner, the access control module 11 is further configured to:
and when the security level is less than the security level requirement, or the integrity security level is less than the integrity security level requirement, or the availability security level is less than the availability security level requirement, the user is refused to access the media resource.
The present embodiment provides a terminal device, including:
a memory;
a processor; and
a computer program;
wherein the computer program is stored in the memory and configured to be executed by the processor to implement the respective method.
The memory is used for storing a computer program, and the processor executes the computer program after receiving the execution instruction, and the method executed by the apparatus defined by the flow process disclosed in the foregoing corresponding embodiments can be applied to or implemented by the processor.
The Memory may comprise a Random Access Memory (RAM) and may also include a non-volatile Memory, such as at least one disk Memory. The memory can implement communication connection between the system network element and at least one other network element through at least one communication interface (which may be wired or wireless), and the internet, a wide area network, a local network, a metropolitan area network, and the like can be used.
The processor may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the method disclosed in the first embodiment may be implemented by hardware integrated logic circuits in a processor or instructions in the form of software. The Processor may be a general-purpose Processor, and includes a Central Processing Unit (CPU), a Network Processor (NP), and the like; but may also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components. The corresponding methods, steps, and logic blocks disclosed in the embodiments of the present invention may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The steps of the method disclosed in connection with the embodiments of the present invention may be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software elements in the decoding processor. The software elements may be located in ram, flash, rom, prom, or eprom, registers, among other storage media that are well known in the art. The storage medium is located in a memory, and a processor reads information in the memory and completes the steps of the method in combination with hardware of the processor.
The present embodiment provides a computer-readable storage medium having stored thereon a computer program; the computer program is executed by a processor in a corresponding method. For specific implementation, reference may be made to the method embodiments, which are not described herein again.
It should be noted that: unless specifically stated otherwise, the relative steps, numerical expressions, and values of the components and steps set forth in these embodiments do not limit the scope of the present invention. In all examples shown and described herein, unless otherwise specified, any particular value should be construed as merely illustrative, and not restrictive, and thus other examples of example embodiments may have different values.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a unit, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While the preferred embodiments of the present application have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including the preferred embodiment and all changes and modifications that fall within the scope of the present application.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.

Claims (16)

1. A converged media cloud adaptive access control method is characterized by comprising the following steps:
receiving an access request for accessing media resources, which is initiated by a user;
when the user is determined to have the access right according to the acquired role information of the user, determining risk information of the user accessing the media resource according to the role information and the acquired context environment information;
when the risk information meets a preset condition, allowing the user to access the media resource in the current context environment;
determining risk information of the user accessing the media resource according to the acquired role information and context environment information, wherein the risk information comprises:
determining the security level of a role main body corresponding to the user according to the role information of the user; acquiring the weight requirements of the media resources on confidentiality, integrity and availability; acquiring the risk values of the confidentiality, integrity and availability of the context environment to the media resources according to context environment information acquired by multi-round evaluation;
respectively determining a security level, an integrity security level and an availability security level according to the security level, the weight requirement and the risk value;
the respectively determining the security level, the integrity security level and the availability security level according to the security level, the weight requirement and the risk value comprises the following steps:
determining a security level S according to the following formula C
Figure FDA0003905118610000011
Determining an integrity security level S according to the following formula I
Figure FDA0003905118610000012
Determining an availability security level S according to the following formula A
Figure FDA0003905118610000013
Wherein, the SSR represents the security level of the role body; RW (R-W) C A weight requirement for confidentiality representing the media resource object; RW (R-W) I A weight requirement for integrity of the media asset object is represented; RW (R-W) A Representing a weight requirement of the media resource object for availability; n represents the number of the environment information of the main body which needs to be considered under the fusion media;
Figure FDA0003905118610000021
a risk value representing the confidentiality of the i environment information for the media resource;
Figure FDA0003905118610000022
a risk value representing i the environment information versus the integrity of the media asset;
Figure FDA0003905118610000023
a risk value representing the availability of the i environment information to the media resource.
2. The method of claim 1, wherein determining that the user has access rights according to the obtained user role information comprises:
determining an authority set of a role main body corresponding to the user according to the acquired role information of the user;
and when the access right of the media resource exists in the right set of the role main body, determining that the user has the access right.
3. The method of claim 2, further comprising:
and when the access right of the media resource does not exist in the authority set of the role main body, determining that the user has no access right, and refusing the user to access the media resource.
4. The method of claim 1, wherein allowing the user to access the media resource in a current context when the risk information satisfies a preset condition comprises:
respectively determining the security level requirement, the integrity security level requirement and the availability security level requirement of the media resource according to the obtained security level of the media resource and the weight requirements of the media resource on the security, the integrity and the availability;
allowing the user to access the media resource in the current context when the confidentiality security level is greater than or equal to a confidentiality security level requirement, an integrity security level is greater than or equal to an integrity security level requirement, and an availability security level is greater than or equal to an availability security level requirement.
5. The method of claim 4, wherein determining the security level requirements for confidentiality, integrity and availability of the media resource comprises:
determining a security level requirement R for said media resource according to the following formula C
R C =RSR×RW C
Determining an integrity security level requirement R of said media resource according to the following formula I
R I =RSR×RW I
Determining an availability security level requirement R for the media resource according to the following formula A
R A =RSR×RW A
Wherein RSR represents a security level of the media resource; RW (R-W) C A weight requirement for confidentiality representing the media resource object; RW (R-W) I A weight requirement for integrity of the media asset object is represented; RW (R-W) A Representing the weight requirements of the media resource object for availability.
6. The method of claim 4, further comprising:
denying the user access to the media resource when the confidentiality security level is less than a confidentiality security level requirement, or the integrity security level is less than an integrity security level requirement, or the availability security level is less than an availability security level requirement.
7. The method of any of claims 1-6, wherein the contextual information comprises at least one of: a network context environment, a location context environment, a device context environment, a time context environment.
8. A converged media cloud adaptive access control device, comprising:
the access control module is used for receiving an access request for accessing the media resource, which is initiated by a user; the system is also used for allowing the user to access the media resource under the current context environment when the risk information meets a preset condition;
the risk determining module is used for determining risk information of the user accessing the media resource according to the role information and the acquired context environment information when the user is determined to have the access right according to the acquired role information of the user;
the risk determination module is specifically configured to:
determining the security level of a role main body corresponding to the user according to the role information of the user; acquiring the weight requirements of the media resources on confidentiality, integrity and availability; acquiring the risk values of the confidentiality, integrity and availability of the context environment to the media resources according to the acquired context environment information;
respectively determining a security level, an integrity security level and an availability security level according to the security level, the weight requirement and the risk value;
the risk determination module is specifically configured to:
determining a security level S according to the following formula C
Figure FDA0003905118610000041
Determining an integrity security level S according to the following formula I
Figure FDA0003905118610000042
Determining an availability security level S according to the following formula A
Figure FDA0003905118610000043
Wherein, the SSR represents the security level of the role body; RW (RW) C A weight requirement for confidentiality representing the media resource object; RW (R-W) I A weight requirement for integrity of the media asset object is represented; RW (RW) A Representing a weight requirement of the media resource object for availability; n represents the number of the environment information of the main body which needs to be considered under the fusion media;
Figure FDA0003905118610000044
a risk value representing i confidentiality of the environment information to the media resource;
Figure FDA0003905118610000045
a risk value representing i the environment information versus the integrity of the media asset;
Figure FDA0003905118610000046
a risk value representing the availability of the i environment information to the media resource.
9. The apparatus of claim 8, wherein the access control module is specifically configured to:
determining an authority set of a role main body corresponding to the user according to the acquired role information of the user;
and when the access right of the media resource exists in the right set of the role main body, determining that the user has the access right.
10. The apparatus of claim 9, wherein the access control module is further configured to:
determining that the user has no access right when the access right of the media resource does not exist in the right set of the role body; denying the user access to the media resource.
11. The apparatus of claim 8, wherein the access control module is specifically configured to:
respectively determining the security level requirement, the integrity security level requirement and the availability security level requirement of the media resource according to the obtained security level of the media resource and the weight requirements of the media resource on the security, the integrity and the availability;
and when the confidentiality security level is greater than or equal to the confidentiality security level requirement, the integrity security level is greater than or equal to the integrity security level requirement, and the availability security level is greater than or equal to the availability security level requirement, allowing the user to access the media resource under the current context environment.
12. The apparatus of claim 11, wherein the access control module is specifically configured to:
determining a security level requirement R for said media resource according to the following formula C
R C =RSR×RW C
Determining an integrity security level requirement R of said media resource according to the following formula I
R I =RSR×RW I
Determining an availability security level requirement R for the media resource according to the following formula A
R A =RSR×RW A
Wherein, RSR represents the security level of the media resource; RW (R-W) C A weight requirement for confidentiality representing the media resource object; RW (R-W) I A weight requirement for integrity of the media asset object is represented; RW (R-W) A Representing media asset objects for availabilityThe weight requirement of (2).
13. The apparatus of claim 11, wherein the access control module is further configured to:
denying the user access to the media resource when the confidentiality security level is less than a confidentiality security level requirement, or the integrity security level is less than an integrity security level requirement, or the availability security level is less than an availability security level requirement.
14. The apparatus according to any of claims 8-13, wherein the contextual information comprises at least one of: a network context environment, a location context environment, a device context environment, a time context environment.
15. A terminal, comprising:
a memory;
a processor; and
a computer program;
wherein the computer program is stored in the memory and configured to be executed by the processor to implement the method of any one of claims 1-7.
16. A computer-readable storage medium, having stored thereon a computer program; the computer program is executed by a processor to implement the method of any one of claims 1-7.
CN202010876532.7A 2020-08-27 2020-08-27 Fusion media cloud self-adaptive access control method, device, terminal and medium Active CN112134848B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010876532.7A CN112134848B (en) 2020-08-27 2020-08-27 Fusion media cloud self-adaptive access control method, device, terminal and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010876532.7A CN112134848B (en) 2020-08-27 2020-08-27 Fusion media cloud self-adaptive access control method, device, terminal and medium

Publications (2)

Publication Number Publication Date
CN112134848A CN112134848A (en) 2020-12-25
CN112134848B true CN112134848B (en) 2023-03-24

Family

ID=73847366

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010876532.7A Active CN112134848B (en) 2020-08-27 2020-08-27 Fusion media cloud self-adaptive access control method, device, terminal and medium

Country Status (1)

Country Link
CN (1) CN112134848B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114826636B (en) * 2021-01-29 2023-09-01 华为技术有限公司 Access control system and related methods and apparatus
CN113660235B (en) * 2021-08-10 2023-04-28 中和易茂科技服务(北京)有限公司 Data security sharing method, memory and processor
CN114039755B (en) * 2021-10-29 2024-03-22 中国银联股份有限公司 Authority control method and device, electronic equipment and storage medium

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106302334A (en) * 2015-05-22 2017-01-04 中兴通讯股份有限公司 Access role acquisition methods, Apparatus and system

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200076818A1 (en) * 2013-10-03 2020-03-05 The Board Of Regents Of The University Of Texas System Risk-aware sessions in role based access control systems and methods of use
US9703952B2 (en) * 2014-07-07 2017-07-11 University Of Ontario Institute Of Technology Device and method for providing intent-based access control
CN109918924A (en) * 2019-02-02 2019-06-21 北京奇安信科技有限公司 The control method and system of dynamic access permission

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106302334A (en) * 2015-05-22 2017-01-04 中兴通讯股份有限公司 Access role acquisition methods, Apparatus and system

Also Published As

Publication number Publication date
CN112134848A (en) 2020-12-25

Similar Documents

Publication Publication Date Title
CN112134848B (en) Fusion media cloud self-adaptive access control method, device, terminal and medium
US20180314845A1 (en) Environmental security controls to prevent unauthorized access to files, programs, and objects
US9332019B2 (en) Establishment of a trust index to enable connections from unknown devices
CN108259422B (en) Multi-tenant access control method and device
US7568218B2 (en) Selective cross-realm authentication
US11089028B1 (en) Tokenization federation service
CN105827645B (en) Method, equipment and system for access control
WO2020156135A1 (en) Method and device for processing access control policy and computer-readable storage medium
Salman et al. Multi-level security for the 5G/IoT ubiquitous network
CN112187800B (en) Attribute-based access control method with anonymous access capability
CN113114656A (en) Infrastructure layout method based on edge cloud computing
CN116418568A (en) Data security access control method, system and storage medium based on dynamic trust evaluation
US8739245B2 (en) Flexible supplicant access control
Vijayalakshmi et al. A priority-based approach for detection of anomalies in ABAC policies using clustering technique
US8726335B2 (en) Consigning authentication method
US9467448B2 (en) Consigning authentication method
CN116708037B (en) Cloud platform access right control method and system
CN106713228A (en) Cloud platform key management method and system
KR20070076342A (en) User Group Role / Permission Management System and Access Control Methods in a Grid Environment
Katsikogiannis et al. An identity and access management approach for SOA
US20220255970A1 (en) Deploying And Maintaining A Trust Store To Dynamically Manage Web Browser Extensions On End User Computing Devices
CN109818731B (en) Method for reinforcing DSoD strategy by stream protocol
CN109861970B (en) System based on credible strategy
US11418515B2 (en) Multi-vendor support for network access control policies
Chandrasekaran et al. Distributed access control in cloud computing systems

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant