CN114448659A - Yellow river dam bank monitoring Internet of things access control optimization method based on attribute exploration - Google Patents

Yellow river dam bank monitoring Internet of things access control optimization method based on attribute exploration Download PDF

Info

Publication number
CN114448659A
CN114448659A CN202111541089.9A CN202111541089A CN114448659A CN 114448659 A CN114448659 A CN 114448659A CN 202111541089 A CN202111541089 A CN 202111541089A CN 114448659 A CN114448659 A CN 114448659A
Authority
CN
China
Prior art keywords
alarm information
flood
access control
flood situation
situation alarm
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111541089.9A
Other languages
Chinese (zh)
Other versions
CN114448659B (en
Inventor
谢毅
张芃
沈夏炯
左宪禹
张磊
葛强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Henan University
Original Assignee
Henan University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Henan University filed Critical Henan University
Priority to CN202111541089.9A priority Critical patent/CN114448659B/en
Publication of CN114448659A publication Critical patent/CN114448659A/en
Application granted granted Critical
Publication of CN114448659B publication Critical patent/CN114448659B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • GPHYSICS
    • G08SIGNALLING
    • G08BSIGNALLING OR CALLING SYSTEMS; ORDER TELEGRAPHS; ALARM SYSTEMS
    • G08B21/00Alarms responsive to a single specified undesired or abnormal condition and not otherwise provided for
    • G08B21/02Alarms for ensuring the safety of persons
    • G08B21/10Alarms for ensuring the safety of persons responsive to calamitous events, e.g. tornados or earthquakes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0823Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/145Network analysis or design involving simulating, designing, planning or modelling of a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02ATECHNOLOGIES FOR ADAPTATION TO CLIMATE CHANGE
    • Y02A10/00TECHNOLOGIES FOR ADAPTATION TO CLIMATE CHANGE at coastal zones; at river basins
    • Y02A10/40Controlling or monitoring, e.g. of flood or hurricane; Forecasting, e.g. risk assessment or mapping
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02ATECHNOLOGIES FOR ADAPTATION TO CLIMATE CHANGE
    • Y02A50/00TECHNOLOGIES FOR ADAPTATION TO CLIMATE CHANGE in human health protection, e.g. against extreme weather

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Environmental & Geological Engineering (AREA)
  • General Life Sciences & Earth Sciences (AREA)
  • Geology (AREA)
  • Business, Economics & Management (AREA)
  • Emergency Management (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Alarm Systems (AREA)

Abstract

The invention relates to the field of access control, in particular to an attribute exploration-based access control optimization method for a yellow river dam bank monitoring Internet of things. The method comprises the following steps: obtaining access control logs of each management module of the yellow river flood condition warning system to obtain flood condition warning information example data and all flood condition warning information sets; analyzing the flood situation alarm information example data and the flood situation alarm information set, and establishing a first redundancy-free set of the access control example to obtain a first flood situation alarm information inclusion relation set and a first flood situation alarm information connotation set; if the management module finds that the establishment is wrong in the process of establishing the access control strategy, the management module modifies the access control strategy; and after the management modules establish respective dam bank monitoring access strategy authority models, the final establishment of the yellow river dam bank monitoring access strategy is completed through fusion. The invention improves the establishing efficiency and the establishing precision of the access control strategy of the Internet of things for monitoring the yellow river bank.

Description

基于属性探索的黄河坝岸监测物联网访问控制优化方法Optimization method of Internet of Things access control for Yellow River dam bank monitoring based on attribute exploration

技术领域technical field

本发明涉及访问控制技术领域,具体涉及一种基于属性探索的黄河坝岸监测物联网访问控制优化方法。The invention relates to the technical field of access control, in particular to a method for optimizing access control of the Internet of Things for dam bank monitoring of the Yellow River based on attribute exploration.

背景技术Background technique

防汛是治理黄河最重要的任务之一。目前已经形成了一套完整的采集、上报防洪工程数据高度可视化的管理界面系统。目前现有的黄河汛情告警系统涉及物联网领域的多种技术,其中包括通信、传感器等技术。由于防汛工程涉及人员和设备众多,各人员与设备通过告警系统对黄河汛情的机密数据能访问访问汛情报警信息。为了有效而安全的防止坝岸险情的发生,发展一种基于汛情报警信息探索的物联网访问控制方法已经成为黄河治理信息化体系的必要手段之一。Flood control is one of the most important tasks in managing the Yellow River. At present, a complete set of highly visual management interface system for collecting and reporting flood control project data has been formed. The current Yellow River flood warning system involves a variety of technologies in the field of Internet of Things, including communications, sensors and other technologies. As the flood control project involves a large number of personnel and equipment, each personnel and equipment can access the flood alarm information through the alarm system to the confidential data of the Yellow River flood conditions. In order to effectively and safely prevent the occurrence of dangerous dam banks, the development of an Internet of Things access control method based on flood alarm information exploration has become one of the necessary means for the Yellow River governance information system.

作为一种新的体系架构,物联网将现实世界与网络集成在一起,实现了物品与物品,以及物品与人之间的信息交换与分发。在这样的环境下,大量的数据被产生,这些数据中又包含了大量的用户隐私,保障这些隐私的安全性是物联网环境下的重中之重。访问控制作为信息安全的基本原理之一,能够有效的保障数据的安全,是物联网时代下的重要研究内容。As a new architecture, the Internet of Things integrates the real world and the network, and realizes the exchange and distribution of information between objects and objects, as well as between objects and people. In such an environment, a large amount of data is generated, and this data contains a large amount of user privacy. The security of this privacy is the top priority in the Internet of Things environment. As one of the basic principles of information security, access control can effectively ensure the security of data, and is an important research content in the era of the Internet of Things.

早期访问控制又分为强制访问控制和自主访问控制,随着信息时代的发展,访问控制技术朝着更多的层次发展,先后出现了多种访问控制模型,其中基于角色的访问控制因其良好的灵活性与安全性,在访问控制领域获得了广泛的研究和应用。Early access control is further divided into mandatory access control and autonomous access control. With the development of the information age, access control technology is developing towards more levels, and a variety of access control models have appeared successively. Among them, role-based access control is a good choice. It has been widely researched and applied in the field of access control.

但传统的基于角色的访问控制,在面对现如今物联网环境时,有粒度较大,容易出现角色爆炸等问题,无法很好的适应物联网环境,相比而言,基于汛情报警信息的访问控制,将主体和客体的汛情报警信息,作为基本的决策要素,不需要手动分配,在管理上相对简单,能够更好的适应于物联网环境。因此现如今,在物联网环境下,更多的模型使用基于汛情报警信息的访问控制。其中,访问策略是访问控制中非常重要的一环。建立一个有效的访问策略,能够有效的保障信息的安全,节省时间空间。如何建立一个有效的访问策略,是建立访问控制机制的重要开始。However, the traditional role-based access control, in the face of today's IoT environment, has large granularity and is prone to problems such as role explosion, which cannot be well adapted to the IoT environment. Access control takes the flood alarm information of the subject and the object as the basic decision-making element, does not require manual allocation, is relatively simple in management, and can be better adapted to the Internet of Things environment. Therefore, nowadays, in the IoT environment, more models use access control based on flood alarm information. Among them, access policy is a very important part of access control. Establishing an effective access strategy can effectively protect the security of information and save time and space. How to establish an effective access policy is an important beginning of establishing an access control mechanism.

人工建立一个坝岸监测访问策略,不仅存在冗余度高的问题,且存在不完整的缺点。Manual establishment of a dam bank monitoring access strategy not only has the problem of high redundancy, but also has the shortcomings of incompleteness.

发明内容SUMMARY OF THE INVENTION

为了解决上述技术问题,本发明的目的在于提供一种基于属性探索的黄河坝岸监测物联网访问控制优化方法,所采用的技术方案具体如下:In order to solve the above-mentioned technical problems, the purpose of the present invention is to provide a kind of Internet of Things access control optimization method based on attribute exploration, and the technical scheme adopted is as follows:

一种基于属性探索的黄河坝岸监测物联网访问控制优化方法,该方法包括:An optimization method for Internet of Things access control for Yellow River dam bank monitoring based on attribute exploration, the method includes:

获取黄河汛情告警系统各个管理模块的访问控制日志,对访问日志控制记录进行处理,得到无冗余的汛情报警信息实例数据、所有汛情报警信息集合;Obtain the access control logs of each management module of the Yellow River flood warning system, process the access log control records, and obtain the instance data of the flood warning information without redundancy and the collection of all the flood warning information;

通过对汛情报警信息实例数据和所有汛情报警信息集合进行分析,建立访问控制实例的第一无冗余集合,得到第一汛情报警信息蕴含关系集合、第一汛情报警信息内涵集合;如果管理模块在建立坝岸监测访问控制模型过程中发现建立失误,则建立执行点提出修改请求并进行修改;By analyzing the flood alarm information instance data and all the flood alarm information sets, the first non-redundant set of access control instances is established, and the first flood alarm information connotation relationship set and the first flood alarm information connotation set are obtained; if the management module is in If errors are found during the establishment of the dam bank monitoring access control model, an execution point is established to make a modification request and make the modification;

多个管理模块建立各自的坝岸监测访问控制模型后,通过融合完成最终坝岸监测访问策略的建立。After multiple management modules establish their own dam bank monitoring access control models, the final dam bank monitoring access strategy is established through integration.

进一步地,所述进行修改包括:Further, the modification includes:

获取待修改角色以及待修改角色对应的待修改汛情报警信息;将第一无冗余集合中待修改角色的汛情报警信息修改为输入的汛情报警信息,得到访问控制实例的第二无冗余集合,并初始化第二汛情报警信息蕴涵关系集合、第二汛情报警信息内涵集合;Obtain the role to be modified and the flood alarm information to be modified corresponding to the role to be modified; modify the flood alarm information of the role to be modified in the first non-redundant set to the input flood alarm information to obtain a second non-redundant set of access control instances , and initialize the second flood alarm information implication relationship set and the second flood alarm information connotation set;

计算第一汛情报警信息蕴涵关系集合和第一汛情报警信息内涵集合中的前件汛情报警信息集合在第二无冗余集合中的后件相比于在第一无冗余集合中的后件是否增加或减少;Calculate the first flood warning information implication relationship set and the antecedents in the first flood warning information connotation set. The consequent in the second non-redundant set is compared to the consequent in the first non-redundant set. whether to increase or decrease;

根据是否增加或减少的计算结果,更新第二汛情报警信息蕴涵关系集合、第二汛情报警信息内涵集合。According to the calculation result of whether to increase or decrease, the second flood warning information implication relationship set and the second flood warning information connotation set are updated.

进一步地,所述根据是否增加或减少的判断结果,更新第二汛情报警信息蕴涵关系集合、第二汛情报警信息内涵集合包括:Further, according to the judgment result of whether to increase or decrease, updating the second flood warning information implication relationship set and the second flood warning information connotation set includes:

若前件汛情报警信息集合在第二无冗余集合中的后件没有增加也没有减少,那么如果该前件汛情报警信息集合属于第一汛情报警信息蕴涵关系集合,则也属于第二汛情报警信息蕴涵关系集合,如果该前件汛情报警信息集合属于第一汛情报警内涵集合,则也属于第二汛情报警信息内涵关系集合;If the subsequent event of the previous flood alarm information set in the second non-redundant set does not increase or decrease, then if the previous flood alarm information set belongs to the first flood alarm information implication relationship set, it also belongs to the second flood alarm information set. The set of information implication relationships, if the preceding flood alarm information set belongs to the first flood alarm connotation set, it also belongs to the second flood alarm information connotation relationship set;

若前件汛情报警信息集合在第二无冗余集合中的后件增加,则将该前件汛情报警信息集合以及后件放入第二汛情报警信息蕴涵关系集合中;If the antecedent flood alarm information set is added in the second non-redundant set, the former flood alarm information set and the subsequent event are put into the second flood alarm information implication relationship set;

若前件汛情报警信息集合在第二无冗余集合中的后件减少且后件为空,则将该前件汛情报警信息集合加入第二汛情报警信息内涵集合中;If the consequent of the preceding flood warning information set in the second non-redundant set is reduced and the consequent is empty, then the preceding flood warning information set is added to the second flood warning information connotation set;

若前件汛情报警信息集合在第二无冗余集合中的后件减少且后件不为空,则将该前件汛情报警信息集合记为第一汛情报警信息集合,将第一汛情报警信息集合放入第二汛情报警信息蕴涵关系集合中;然后获取新建集合,所述新建集合中包括第二无冗余集合上所有前件为单个汛情报警信息的蕴涵式,进一步从新建集合中获取前件构成第二汛情报警信息集合,所述第二汛情报警信息集合中的汛情报警信息集合满足:包含第一汛情报警信息集合在第一无冗余集合中的前件、不包含第一汛情报警信息集合在第一无冗余集合中的后件且包含第一汛情报警信息集合在第二无冗余集合中的后件;将第二汛情报警集合中的汛情报警信息集合进行组合后放入待加入集合;对待加入集合中的汛情报警信息集合进行相关性判断,对于符合相关性条件的汛情报警信息集合,若在第二无冗余集合中的后件为空则放入第二汛情报警信息内涵集合,若后件不为空则放入第二汛情报警信息蕴涵关系集合。If the consequent of the preceding flood alarm information set in the second non-redundant set decreases and the consequent is not empty, the preceding flood alarm information set is recorded as the first flood alarm information set, and the first flood alarm information The set is put into the second flood alarm information implication relationship set; then a new set is obtained, and the new set includes the implication that all the antecedents on the second non-redundant set are a single flood alarm information, and further obtained from the new set. The second flood alarm information set constitutes a second flood alarm information set, and the flood alarm information set in the second flood alarm information set satisfies: the antecedents of the first flood alarm information set in the first non-redundant set are included, and the first flood alarm information set does not include the first flood alarm information. The consequent of the information set in the first non-redundant set includes the consequent of the first flood alarm information set in the second non-redundant set; the flood alarm information set in the second flood alarm set is combined and put into To be added to the set; to perform correlation judgment on the flood alarm information set to be added to the set, for the flood alarm information set that meets the correlation conditions, if the consequent in the second non-redundant set is empty, put it into the second flood alarm information The information connotation set, if the consequent is not empty, it is put into the second flood warning information connotation relation set.

进一步地,所述汛情报警信息包括黄河河段的汛情报警信息、汛情监控设备的汛情报警信息。Further, the flood alarm information includes the flood alarm information of the Yellow River section and the flood alarm information of the flood monitoring equipment.

进一步地,在将该前件汛情报警信息集合以及新增后件放入第二汛情报警信息蕴涵关系集合中之后还包括:在第一汛情报警信息蕴涵关系集合和第一汛情报警信息内涵集合中找出不包含新增后件的前件汛情报警信息集合记为待删除报警信息集合,从第一汛情报警信息蕴涵关系集合和第一汛情报警信息内涵关系集合中删除待删除报警信息集合。Further, after putting the former flood alarm information set and the newly added post-item into the second flood alarm information implication relationship set, it also includes: in the first flood alarm information implication relationship set and the first flood alarm information connotation set. Find out the previous flood alarm information set that does not contain the newly added consequent items and record it as the alarm information set to be deleted, and delete the alarm information set to be deleted from the first flood alarm information connotation relationship set and the first flood alarm information connotation relationship set.

进一步地,所述角色包括管理模块、物联网设备。Further, the roles include management modules and IoT devices.

进一步地,所述方法还包括:通过黄河汛情管理小组确定管理模块,由黄河汛情报警系统的根用户为管理模块分配管理权限。Further, the method further includes: determining a management module through the Yellow River flood situation management team, and assigning management authority to the management module by the root user of the Yellow River flood situation alarm system.

进一步地,所述管理模块通过与专家交流咨询的方式获取访问汛情报警信息的基础知识。Further, the management module obtains the basic knowledge of accessing the flood warning information by communicating and consulting with experts.

有益效果:Beneficial effects:

本发明能很好的解决人工建立坝岸监测访问策略冗余度高且不完整的问题,且所提修改机制,快速对错误的决策模型进行修改,提高了角色权限修改时的访问控制模型精度。The invention can well solve the problem of high redundancy and incompleteness in manually establishing the monitoring access strategy of the dam bank, and the proposed modification mechanism can quickly modify the wrong decision-making model and improve the accuracy of the access control model when the role authority is modified. .

附图说明Description of drawings

图1是本发明提供的一种基于属性探索的黄河坝岸监测物联网访问控制方法示意图。FIG. 1 is a schematic diagram of an Internet of Things access control method for dam bank monitoring of the Yellow River based on attribute exploration provided by the present invention.

具体实施方式Detailed ways

为了更进一步阐述本发明为达成预定发明目的所采取的技术手段及功效,以下结合较佳实施例,对依据本发明提出的一种基于属性探索的黄河坝岸监测物联网访问控制优化方法,其具体实施方式、结构、特征及其功效,详细说明如下。在下述说明中,不同的“一个实施例”或“另一个实施例”指的不一定是同一实施例。此外,一或多个实施例中的特定特征、结构、或特点可由任何合适形式组合。In order to further illustrate the technical means and effects adopted by the present invention to achieve the predetermined purpose of the invention, the following describes a method for optimizing the access control of the Internet of Things for dam bank monitoring of the Yellow River based on attribute exploration proposed by the present invention in conjunction with the preferred embodiments. The specific embodiments, structures, features and effects thereof are described in detail as follows. In the following description, different "one embodiment" or "another embodiment" are not necessarily referring to the same embodiment. Furthermore, the particular features, structures, or characteristics in one or more embodiments may be combined in any suitable form.

除非另有定义,本文所使用的所有的技术和科学术语与属于本发明的技术领域的技术人员通常理解的含义相同。Unless otherwise defined, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs.

本发明基于汛情报警信息探索构建了黄河坝岸险情告警系统访问控制模型,可以快速、准确的对整个黄河汛情物联网系统构建一个访问控制模型,可以根据汛情变化相应的动态调整访问控制机制,一定程度上降低了人为地维护系统访问控制权限的成本。管理模块申请建立一个坝岸监测访问策略,系统接收到这一请求之后,为该管理模块分配一个访问权限建立执行点。根据汛情报警信息探索方法,首先建立一个空的坝岸监测访问背景,并根据用户所需要访问的客体汛情报警信息,环境汛情报警信息以及操作,向其中添加汛情报警信息。而后通过算法查找下一个需要询问管理模块的汛情报警信息蕴涵关系,反复与管理模块交互,获得主体汛情报警信息,以及主体汛情报警信息在何种环境汛情报警信息下,能够对客体汛情报警信息所作的操作。若管理模块在建立过程中发现前期建立失误,可随时向访问权限建立执行点提出修改请求。本发明所提修改机制,可快速对错误的决策模型进行修改。最后,当多个管理模块建立各自的坝岸监测访问策略权限模型后,可对各决策进行融合,完成最终坝岸监测访问策略的建立。如图1所示,本发明告警系统示意图下面结合实施例具体说明本发明所提供的一种基于属性探索的黄河坝岸监测物联网访问控制优化方法,其中,管理员即管理模块,通过交互询问的方式获取访问汛情报警信息的基础知识并获取访问控制日志,根据修改请求调用修改机制进行访问控制模型的修改,最后通过融合得到最终的坝岸检测访问策略。The invention explores and constructs an access control model of the Yellow River dam bank danger alarm system based on the flood situation alarm information, can quickly and accurately construct an access control model for the entire Yellow River flood situation Internet of Things system, and can dynamically adjust the access control mechanism according to the flood situation changes. To a certain extent, the cost of manually maintaining system access control rights is reduced. The management module applies for establishing a dam bank monitoring access policy. After the system receives this request, it assigns an access authority to the management module to establish an execution point. According to the flood alarm information exploration method, first establish an empty dam bank monitoring access background, and add flood alarm information to it according to the object flood alarm information, environmental flood alarm information and operations that the user needs to access. Then, find the implication relationship of the next flood alarm information that needs to ask the management module through the algorithm, and repeatedly interact with the management module to obtain the main flood alarm information, and under what kind of environment flood alarm information, the subject flood alarm information can be made to the object flood alarm information. operation. If the management module finds an early establishment error during the establishment process, it can submit a modification request to the access authority establishment execution point at any time. The modification mechanism proposed by the invention can quickly modify the wrong decision model. Finally, after multiple management modules have established their own dam bank monitoring access policy authority models, various decisions can be integrated to complete the establishment of the final dam bank monitoring access policy. As shown in FIG. 1, the schematic diagram of the alarm system of the present invention is described below in conjunction with the embodiment to specifically describe a method for optimizing the access control of the Yellow River dam and bank monitoring Internet of Things based on attribute exploration provided by the present invention. The basic knowledge of accessing flood alarm information and access control logs are obtained by means of the method, and the modification mechanism is invoked to modify the access control model according to the modification request. Finally, the final access policy for dam bank detection is obtained through fusion.

本实施例提供一种基于属性探索的黄河坝岸监测物联网访问控制优化方法,包括以下步骤:This embodiment provides a method for optimizing the access control of the Internet of Things for monitoring the Yellow River dam bank based on attribute exploration, which includes the following steps:

步骤1,获取黄河汛情告警系统各个管理模块的访问控制日志,对访问日志控制记录进行处理,得到汛情报警信息实例数据、所有汛情报警信息集合。Step 1: Obtain access control logs of each management module of the Yellow River flood warning system, process the access log control records, and obtain flood warning information instance data and a collection of all flood warning information.

通过黄河汛情管理小组确定管理模块,由告警系统的root用户为管理模块分配管理权限。The management module is determined by the Yellow River flood situation management team, and the root user of the alarm system assigns management authority to the management module.

获取访问控制日志进行分析。管理模块甲在8月10日操作黄河A段汛情数据成功,则系统管理模块甲具有操作黄河A段汛情数据的权限,将该权限记为1;管理模块甲在8月11日操作黄河B段汛情数据失败,则记录管理模块甲不具有操作黄河B段汛情数据的权限,将该权限记为0;如果在告警系统中黄河A段汛情监控设备1在8月10日访问黄河A段汛情监控设备2采集的数据成功,则系统记录黄河A段汛情监控设备1具有访问黄河A段汛情监控设备2的权限,将该权限记为1;如果在告警系统中黄河A段汛情监控设备1在8月10日访问黄河A段汛情监控设备2采集的数据失败,则系统记录黄河A段汛情监控设备1不具有访问黄河A段汛情监控设备2的权限,将该权限记为0。Obtain access control logs for analysis. Management Module A successfully operates the flood data of Section A of the Yellow River on August 10, then System Management Module A has the authority to operate the flood data of Section A of the Yellow River, and this authority is recorded as 1; Management Module A operates Section B of the Yellow River on August 11. If the flood situation data fails, the record management module A does not have the authority to operate the flood situation data of the Yellow River section B, and this authority is recorded as 0; The data collected by the device 2 is successful, then the system records that the flood monitoring device 1 of the section A of the Yellow River has the permission to access the flood monitoring device 2 of the section A of the Yellow River, and this permission is recorded as 1; If the access to the data collected by the flood monitoring equipment 2 in Section A of the Yellow River fails on January 10, the system records that the flood monitoring equipment 1 in Section A of the Yellow River does not have the authority to access the flood monitoring equipment 2 in Section A of the Yellow River, and this authority is recorded as 0.

按照以上分析方法,对所获取的所有的访问控制日志记录进行处理,得到汛情报警信息实例数据Data0,同时得到所有汛情报警信息集合M;汛情报警信息实例数据Data0可以以表的形式呈现,如表1所示为汛情报警信息实例数据的示例。所有汛情报警信息M=(a,b,c,d,e,f,g,h,i),其中a、b、···、i分别表示不同的汛情报警信息,包括黄河A段汛情报警信息、黄河B段汛情报警信息、黄河A段汛情监控设备1汛情报警信息、黄河A段汛情监控设备2汛情报警信息。According to the above analysis method, all the obtained access control log records are processed to obtain the flood alarm information instance data Data 0 , and all the flood alarm information sets M are obtained at the same time; the flood alarm information instance data Data 0 can be presented in the form of a table, Table 1 shows an example of flood alarm information instance data. All flood alarm information M=(a, b, c, d, e, f, g, h, i), where a, b, ..., i represent different flood alarm information, including flood alarm in Section A of the Yellow River Information, flood alarm information of section B of the Yellow River, flood alarm information of section A flood monitoring equipment of the Yellow River, and flood alarm information of flood monitoring equipment of section A of the Yellow River.

表1Table 1

Figure BDA0003414192120000041
Figure BDA0003414192120000041

Figure BDA0003414192120000051
Figure BDA0003414192120000051

步骤2,通过无冗余的汛情报警信息实例数据和汛情报警信息集合进行分析,建立访问控制实例的第一无冗余集合,得到第一汛情报警信息蕴含关系集合、第一汛情报警信息内涵集合。Step 2, analyze the flood alarm information instance data without redundancy and the flood alarm information set, establish the first non-redundant set of access control instances, and obtain the first flood alarm information implication relationship set and the first flood alarm information connotation set. .

基于汛情报警信息探索方法,对于无冗余的汛情报警信息实例数据Data0和所有汛情报警信息集合M进行分析,建立访问控制实例的第一无冗余集合KS1,得到第一汛情报警信息蕴涵关系集合J1以第一汛情报警信息内涵集合C1,并将访问控制背景中的汛情报警信息按角色赋予用户。具体地,首先建立访问控制实例的第一无冗余集合,第一无冗余集合可以通过坝岸监测访问背景实现,坝岸监测访问背景中没有冗余的访问控制信息。然后根据集合之间的蕴涵关系以及内涵建立第一汛情报警信息关系集合和第一汛情报警信息内涵集合。Based on the flood alarm information exploration method, analyze the non-redundant flood alarm information instance data Data 0 and all the flood alarm information sets M, establish the first non-redundant set K S1 of the access control instance, and obtain the first flood alarm information implication The relationship set J 1 contains the set C 1 with the first flood warning information, and assigns the flood warning information in the access control background to users according to roles. Specifically, a first non-redundant set of access control instances is first established. The first non-redundant set can be implemented through the dam bank monitoring and access background, and there is no redundant access control information in the dam bank monitoring and access background. Then, the first flood warning information relation set and the first flood warning information connotation set are established according to the implication relationship and connotation between the sets.

在构建访问控制模型的过程中用到的概念如下:The concepts used in building the access control model are as follows:

(1)一个坝岸监测访问背景K=(U,M,I)是由两个集合U和M以及U与M间的关系I组成,U的元素称为访问主体,M的元素称为汛情报警信息。(u,m)∈I或者(uIm)表示访问主体u能访问汛情报警信息m。我们用

Figure BDA0003414192120000056
或者
Figure BDA0003414192120000052
表示访问主体u不能访问汛情报警信息m。在告警系统中,U对应告警系统中包含的物联网设备的访问方,M对应告警系统中包含的物联网设备的受访问方,I对应告警系统中访问方和受访问方的关系。(1) A dam bank monitoring access background K=(U, M, I) is composed of two sets U and M and the relationship I between U and M. The element of U is called the access subject, and the element of M is called the flood situation Alarm information. (u, m)∈I or (uIm) means that the access subject u can access the flood warning information m. we use
Figure BDA0003414192120000056
or
Figure BDA0003414192120000052
Indicates that the access subject u cannot access the flood alarm information m. In the alarm system, U corresponds to the access party of the IoT device included in the alarm system, M corresponds to the accessed party of the IoT device included in the alarm system, and I corresponds to the relationship between the access party and the accessed party in the alarm system.

设K=(U,M,I)是一个坝岸监测访问背景,若

Figure BDA0003414192120000058
令Let K=(U, M, I) be the background of a dam bank monitoring visit, if
Figure BDA0003414192120000058
make

Figure BDA0003414192120000053
Figure BDA0003414192120000053

Figure BDA0003414192120000054
Figure BDA0003414192120000054

(2)如果A,B满足f(A)=B,g(B)=A,则我们称二元组(A,B)是一个概念。A是概念(A,B)的外延,B是概念(A,B)的内涵。(2) If A, B satisfy f(A)=B, g(B)=A, then we call the binary group (A, B) a concept. A is the extension of the concept (A, B), and B is the connotation of the concept (A, B).

(3)设K=(U,M,I)是一个坝岸监测访问背景,Y1

Figure BDA0003414192120000059
Figure BDA00034141921200000510
则称在K中Y2值依赖于Y1,记作Y1->Y2,也称蕴涵式Y1->Y2在K中成立。(3) Let K=(U, M, I) be a background of dam bank monitoring visit, Y 1 ,
Figure BDA0003414192120000059
like
Figure BDA00034141921200000510
Then the value of Y 2 in K is said to depend on Y 1 , denoted as Y 1 ->Y 2 , and it is also said that the implication Y 1 -> Y 2 holds in K.

(4)给定坝岸监测访问背景K=(U,M,I),蕴涵式集合J(K),蕴涵式C->D∈J(K)。若汛情报警信息集合

Figure BDA00034141921200000511
当且仅当
Figure BDA0003414192120000057
Figure BDA00034141921200000512
时,则称T与C->D相关。若T与J(K)中所有的蕴涵式都相关,则称T与J(K)相关。(4) Given the background K=(U, M, I) for monitoring and visiting the bank, the implication set J(K), the implication C->D∈J(K). If the flood alarm information collection
Figure BDA00034141921200000511
if and only if
Figure BDA0003414192120000057
or
Figure BDA00034141921200000512
, then T is said to be related to C->D. T is said to be related to J(K) if T is related to all the implication in J(K).

(5)设K=(U,M,I)是一个坝岸监测访问背景,M={m1,m2···mn},M中的汛情报警信息满足基本线性序关系(m1<m2<··<mn),则对任意的Y1

Figure BDA00034141921200000515
当且仅当存在mi∈Y2-Y1且Y1∩{m1,···,mi-1}=Y2∩{m1,···,mi-1}时,称汛情报警信息集合Y1的字典序小于汛情报警信息集合Y2的字典序,记作Y1<Y2。(5) Let K=(U, M, I) be a background of dam bank monitoring visit, M={m 1 , m 2 ··· m n }, the flood warning information in M satisfies the basic linear sequence relationship (m 1 <m 2 <··<m n ), then for any Y 1 ,
Figure BDA00034141921200000515
If and only if there is m i ∈ Y 2 -Y 1 and Y 1 ∩{m 1 ,...,m i-1 }=Y2∩{m 1 ,...,m i-1 }, it is called flood situation The lexicographic order of the alarm information set Y 1 is smaller than the lexicographic order of the flood alarm information set Y 2 , denoted as Y 1 <Y 2 .

(6)对于坝岸监测访问背景

Figure BDA0003414192120000055
Figure BDA00034141921200000513
有P≠f(g(P)),且对每一个伪内涵
Figure BDA00034141921200000514
且Q≠P,都有
Figure BDA0003414192120000069
那么我们称P是一个伪内涵。(6) Background of dam bank monitoring visit
Figure BDA0003414192120000055
Figure BDA00034141921200000513
There is P≠f(g(P)), and for each pseudo-intension
Figure BDA00034141921200000514
and Q≠P, both
Figure BDA0003414192120000069
Then we call P a pseudo-intension.

(7)若

Figure BDA0003414192120000061
为一个坝岸监测访问背景,蕴涵集合{P→f(g(P))-P|P是K的伪内涵},称之为K的主基。(7) If
Figure BDA0003414192120000061
It is a background of dam bank monitoring and visit, the implication set {P→f(g(P))-P|P is the pseudo-intension of K}, which is called the main basis of K.

(8)设

Figure BDA0003414192120000062
是一个坝岸监测访问背景,
Figure BDA0003414192120000064
Figure BDA0003414192120000063
上的蕴涵式集合,
Figure BDA00034141921200000610
蕴涵式
Figure BDA0003414192120000066
Figure BDA0003414192120000065
Figure BDA00034141921200000611
则称T与A→B相关。若T与
Figure BDA0003414192120000068
中所有的蕴涵式都相关,则称T与
Figure BDA0003414192120000067
相关。(8) set
Figure BDA0003414192120000062
It is a background of dam bank monitoring visit,
Figure BDA0003414192120000064
for
Figure BDA0003414192120000063
The implication set on ,
Figure BDA00034141921200000610
implication
Figure BDA0003414192120000066
like
Figure BDA0003414192120000065
or
Figure BDA00034141921200000611
Then T is said to be related to A→B. If T and
Figure BDA0003414192120000068
All the implications in are related, then T is said to be related to
Figure BDA0003414192120000067
related.

如果管理模块在建立访问控制策略过程中发现建立失误,则建立执行点提出修改请求并进行修改。本发明所指建立失误包括:角色的权限出现错误,需要对角色能够访问的汛情报警信息进行修改。例如,当前访问控制模型中角色能够访问第一汛情报警信息,但是经检查发现错误,需要将能够访问的第一汛情报警信息修改为第二汛情报警信息。If the management module finds an establishment error in the process of establishing the access control policy, the establishment execution point puts forward a modification request and makes the modification. The establishment errors referred to in the present invention include: an error occurs in the authority of the role, and it is necessary to modify the flood alarm information that the role can access. For example, a role in the current access control model can access the first flood alarm information, but an error is found after inspection, and the accessible first flood alarm information needs to be modified to the second flood alarm information.

对于待修改的角色r以及角色r所对应的汛情报警信息A1,根据确定的访问控制实例的第一无冗余集合KS1、第一汛情报警信息蕴涵关系集合J1以及第一汛情报警信息内涵集合C1,将访问控制实例的无冗余集合KS1中角色r中的汛情报警信息A1修改为输入的汛情报警信息A2,得到访问控制实例的第二无冗余集合KS2。然后计算第一汛情报警信息蕴涵关系集合J1以及第一汛情报警信息内涵集合C1中的前件汛情报警信息集合在访问控制实例的第二无冗余集合KS2中的后件(相比于在KS1中的后件)是否存在增加或减少;若存在某一汛情报警信息集合b1的后件没有增加也没有减少,那么如果该汛情报警信息集合b1属于第一汛情报警信息蕴涵关系集合J1,则也属于第二汛情报警信息蕴涵关系集合J2,如果该汛情报警信息集合b1属于第一汛情报警信息内涵集合C1,则也属于第二汛情报警信息内涵集合C2。优选地,初始化的第二汛情报警信息蕴涵关系集合和第二汛情报警信息内涵集合为空。若b1的后件没有增加也没有减少,那么,根据b1与第一汛情报警信息蕴涵关系集合以及第一汛情报警信息内涵集合的包含关系,将b1及其后件放入第一汛情报警信息蕴涵关系集合或第一汛情报警信息内涵集合。For the role r to be modified and the flood alarm information A 1 corresponding to the role r, according to the determined first non-redundant set K S1 of the access control instance, the first flood alarm information implication relationship set J 1 and the first flood alarm information In the connotation set C 1 , the flood alarm information A 1 in the role r in the non-redundant set K S1 of the access control instance is modified to the input flood alarm information A 2 to obtain the second non-redundant set K S2 of the access control instance. Then calculate the first flood warning information implication relationship set J 1 and the consequent of the antecedent flood warning information set in the first flood warning information connotation set C 1 in the second non-redundant set K S2 of the access control instance (compared to Whether there is an increase or decrease in the consequent in K S1 ); if there is a consequent of a certain flood alarm information set b 1 that neither increases nor decreases, then if the flood alarm information set b 1 belongs to the first flood alarm information implication The relation set J 1 also belongs to the second flood warning information implication relation set J 2 . If the flood warning information set b 1 belongs to the first flood warning information connotation set C 1 , it also belongs to the second flood warning information connotation set C 2 . . Preferably, the initialized second flood warning information implication relationship set and the second flood warning information connotation set are empty. If the consequent of b 1 does not increase or decrease, then, according to the inclusion relationship between b 1 and the first flood warning information connotation set and the first flood warning information connotation set, put b 1 and its consequent into the first flood condition. The alarm information implication relationship set or the first flood alarm information connotation collection.

若存在某一汛情报警信息集合b2的后件有增加,那么将这个汛情报警信息集合b2与其在第二无冗余集合上的后件构成蕴含式,放入新的汛情报警信息蕴涵关系集合J2中。进一步地,可以在汛情报警信息蕴涵关系集合J1以及汛情报警信息内涵集合C1中,找出所有前件不包含该新增后件的汛情报警信息集合,然后在第一汛情报警信息蕴涵关系集合J1以及第一汛情报警信息内涵集合C1中删除这些汛情报警信息集合。If there is an increase in the consequent of a certain flood alarm information set b 2 , then this flood alarm information set b 2 and its consequent on the second non-redundant set constitute an implication, and put it into a new flood alarm information implication relationship Collection J 2 . Further, in the flood warning information implication relationship set J 1 and the flood warning information connotation set C 1 , find out all the flood warning information sets whose antecedents do not contain the newly added subsequent event, and then find the first flood warning information implication relationship. These sets of flood warning information are deleted from the set J 1 and the first flood warning information connotation set C 1 .

若存在某一汛情报警信息集合b3的后件有减少,那么若该汛情报警信息集合后件为空则将这个汛情报警信息集合放入新的汛情报警信息内涵集合C2中。If there is a decrease in the consequent of a flood alarm information set b3, then if the consequent of the flood alarm information set is empty, the flood alarm information set is put into a new flood alarm information connotation set C2 .

若b3的后件有减少且在KS2后件不为空,则将这个汛情报警信息集合b3放入新的汛情报警信息蕴涵关系集合J2中,根据修改后的访问控制实例的无冗余集合KS2,计算所有前件为单个汛情报警信息的蕴涵式,并放入新建集合IMPs中。从新建集合中找出所有包含该汛情报警信息集合b3在KS1中的前件、不包含该汛情报警信息集合b3在KS1中的后件且包含该汛情报警信息集合b3在KS2中的后件的汛情报警信息集合,具体方法如下:找出新建集合IMPs中前件不包含

Figure BDA0003414192120000071
且前件与后件的并集中不含
Figure BDA0003414192120000072
的所有汛情报警信息集合。并将找出的这些汛情报警信息集合进行排列组合(按照组合方法随机取至少一个集合构成新的集合,如此可得2n-1个集合),去掉重复放入的汛情报警信息后放入待加入集合。对待加入集合中的汛情报警信息集合进行相关性判断,对符合相关性条件的汛情报警信息集合,若在第二无冗余集合后件为空则放入新的汛情报警信息内涵集合C2中,若在KS2后件不为空则放入新的汛情报警信息蕴涵关系集合J2;最终得到修改后的访问控制实例的无冗余集合KS2、新的汛情报警信息蕴涵关系集合J2以及新的汛情报警信息内涵集合C2;其中角色r包括:告警系统中的管理模块或者物联网设备。对于物联网设备,采样与步骤2同样的访问控制模型建立方法和修改机制集合得到物联网设备的访问控制模型。If the consequent of b3 is reduced and the consequent is not empty in K S2 , put this flood warning information set b3 into a new flood warning information implication set J2, according to the modified access control instance's non- existence . Redundant set K S2 , calculates the implication that all antecedents are a single flood alarm information, and put it into the new set IMPs. Find out all the antecedents that contain the flood warning information set b3 in K S1 from the newly created set, the consequences that do not contain the flood warning information set b3 in K S1 and contain the flood warning information set b3 in K S1 The flood alarm information set of the consequent items in S2 , the specific method is as follows: find out that the antecedents in the newly created set IMPs do not contain
Figure BDA0003414192120000071
And the union of the antecedent and the consequent does not contain
Figure BDA0003414192120000072
A collection of all flood alarm information. Arrange and combine the found sets of flood alarm information (at least one set is randomly selected to form a new set according to the combination method, so that 2 n -1 sets can be obtained), remove the repeated flood alarm information and put it into the waiting list. Join the collection. Perform correlation judgment on the flood alarm information set to be added to the set, and put the flood alarm information set that meets the correlation conditions, if the second non-redundant set consequent is empty, put it into a new flood alarm information connotation set C 2 , if the latter is not empty in K S2 , then a new flood warning information implication relation set J 2 is put into it; finally, a non-redundant set K S2 of the modified access control instance and a new flood warning information implication relation set J 2 are obtained. and a new connotation set C 2 of flood alarm information; the role r includes: a management module in an alarm system or an Internet of Things device. For IoT devices, sample the same access control model establishment method and modification mechanism set as in step 2 to obtain the access control model of IoT devices.

通过本专利提出的汛情报警信息上述修改机制进行修改,最终可以得到新的汛情报警信息蕴涵关系集合和新的汛情报警信息内涵集合,从而可以得到整个告警系统的访问控制关系。By modifying the above-mentioned modification mechanism of the flood alarm information proposed in this patent, a new flood alarm information implication relationship set and a new flood alarm information connotation set can finally be obtained, so that the access control relationship of the entire alarm system can be obtained.

步骤3,多个管理模块建立各自的坝岸监测访问控制模型后,通过融合完成最终坝岸监测访问策略的建立。即对多个访问控制模型依据蕴涵关系进行融合得到一个完整的访问控制模型。每个管理模块的坝岸监测访问控制模型包括其对应的访问控制实例的无冗余集合、汛情报警信息蕴涵关系集合以及汛情报警信息内涵集合。将多个管理模块的访问控制模型融合即可得到最终的坝岸监测访问策略。融合的时候是对管理模块最新的访问控制模型进行融合。Step 3, after multiple management modules establish their own dam bank monitoring access control models, the establishment of the final dam bank monitoring access strategy is completed through fusion. That is, a complete access control model is obtained by fusing multiple access control models according to the implication relationship. The dam bank monitoring access control model of each management module includes its corresponding non-redundant set of access control instances, a set of flood alarm information implication relationships, and a flood alarm information connotation set. The final dam bank monitoring access strategy can be obtained by integrating the access control models of multiple management modules. The integration is to integrate the latest access control model of the management module.

需要说明的是:上述本发明实施例先后顺序仅仅为了描述,不代表实施例的优劣。且上述对本说明书特定实施例进行了描述。其它实施例在所附权利要求书的范围内。在一些情况下,在权利要求书中记载的动作或步骤可以按照不同于实施例中的顺序来执行并且仍然可以实现期望的结果。在某些实施方式中,多任务处理和并行处理也是可以的或者可能是有利的。It should be noted that: the above-mentioned order of the embodiments of the present invention is only for description, and does not represent the advantages and disadvantages of the embodiments. And the foregoing describes specific embodiments of the present specification. Other embodiments are within the scope of the appended claims. In some cases, the actions or steps recited in the claims can be performed in an order different from that in the embodiments and still achieve desirable results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.

本说明书中的各个实施例均采用递进的方式描述,各个实施例之间相同相似的部分互相参见即可,每个实施例重点说明的都是与其他实施例的不同之处。Each embodiment in this specification is described in a progressive manner, and the same and similar parts between the various embodiments may be referred to each other, and each embodiment focuses on the differences from other embodiments.

以上所述仅为本发明的较佳实施例,并不用以限制本发明,凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。The above descriptions are only preferred embodiments of the present invention, and are not intended to limit the present invention. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention shall be included in the protection of the present invention. within the range.

Claims (8)

1. An attribute exploration-based access control optimization method for monitoring Internet of things on a yellow river bank is characterized by comprising the following steps:
acquiring access control logs of each management module of the yellow river flood condition warning system, and processing access log control records to obtain non-redundant flood condition warning information example data and all flood condition warning information sets;
analyzing the flood situation alarm information example data and all flood situation alarm information sets, establishing a first redundancy-free set of the access control example, and obtaining a first flood situation alarm information inclusion relation set and a first flood situation alarm information connotation set; if the management module finds that the building is wrong in the process of building the dam bank monitoring access control model, an execution point is built to provide a modification request and modify the modification request;
and after the management modules establish respective dam bank monitoring access control models, the final establishment of a dam bank monitoring access strategy is completed through fusion.
2. The method for optimizing access control of the monitoring internet of things on the yellow river bank based on attribute exploration according to claim 1, wherein the modifying comprises:
acquiring a role to be modified and flood condition alarm information to be modified corresponding to the role to be modified; modifying the flood condition alarm information of the role to be modified in the first redundancy-free set into input flood condition alarm information to obtain a second redundancy-free set of the access control example, and initializing a second flood condition alarm information implication relation set and a second flood condition alarm information implication set;
calculating whether the number of the back pieces of the front piece flood condition alarm information sets in the first flood condition alarm information implication relation set and the first flood condition alarm information implication set in the second redundancy-free set is increased or decreased compared with the number of the back pieces in the first redundancy-free set;
and updating the second flood situation alarm information implication relation set and the second flood situation alarm information implication set according to the calculation result of whether the number of the second flood situation alarm information is increased or decreased.
3. The method for optimizing the access control of the internet of things for monitoring the yellow river bank based on the attribute exploration, according to the judgment result of whether the content is increased or decreased, as claimed in claim 1, wherein the updating of the inclusion relation set of the second flood situation alarm information and the inclusion set of the second flood situation alarm information comprises:
if the front piece flood situation alarm information set is not increased or reduced in the rear piece in the second non-redundant set, if the front piece flood situation alarm information set belongs to the first flood situation alarm information implication relation set, the front piece flood situation alarm information set also belongs to the second flood situation alarm information implication relation set, and if the front piece flood situation alarm information set belongs to the first flood situation alarm implication set, the front piece flood situation alarm information set also belongs to the second flood situation alarm information implication relation set;
if the front piece flood situation alarm information set is added to the rear piece in the second redundancy-free set, placing the front piece flood situation alarm information set and the rear piece into a second flood situation alarm information implication relation set;
if the number of the front piece flood situation alarm information sets in the second redundancy-free set is reduced and the rear pieces are empty, adding the front piece flood situation alarm information sets into a second flood situation alarm information connotation set;
if the number of the front piece flood situation alarm information sets in the second redundancy-free set is reduced and the rear pieces are not empty, recording the front piece flood situation alarm information sets as first flood situation alarm information sets, and putting the first flood situation alarm information sets into a second flood situation alarm information implication relation set; then, a new set is obtained, wherein the new set comprises an implication formula that all front pieces on a second non-redundant set are single flood situation alarm information, the front pieces are further obtained from the new set to form a second flood situation alarm information set, and the flood situation alarm information set in the second flood situation alarm information set meets the following requirements: the first flood condition alarm information set comprises a front piece of the first flood condition alarm information set in the first redundancy-free set, a back piece of the first flood condition alarm information set in the first redundancy-free set is not included, and a back piece of the first flood condition alarm information set in the second redundancy-free set is included; combining the flood condition alarm information sets in the second flood condition alarm set and then putting the combined flood condition alarm information sets into a set to be added; and performing relevance judgment on the flood situation alarm information sets to be added into the sets, and for the flood situation alarm information sets meeting the relevance conditions, putting a second flood situation alarm information inclusion set if the back pieces in the second redundancy-free set are empty, and putting a second flood situation alarm information inclusion relation set if the back pieces are not empty.
4. The method for optimizing the access control of the internet of things for monitoring the yellow river bank based on the attribute exploration, according to claim 1, wherein the step of placing the front piece of flood condition alarm information set and the back piece of flood condition alarm information into the second flood condition alarm information implication relationship set further comprises the steps of: finding out a front piece flood situation alarm information set which does not contain the newly added back piece from the first flood situation alarm information implication relation set and the first flood situation alarm information implication set, recording the front piece flood situation alarm information set as an alarm information set to be deleted, and deleting the alarm information set to be deleted from the first flood situation alarm information implication relation set and the first flood situation alarm information implication relation set.
5. The property exploration-based access control optimization method for the Internet of things for monitoring the yellow river banks as claimed in claim 1, wherein the flood situation alarm information comprises flood situation alarm information of yellow river reach and flood situation alarm information of flood situation monitoring equipment.
6. The method for optimizing access control of the internet of things for monitoring the yellow river bank based on the attribute exploration as claimed in claim 3, wherein the roles comprise a management module and internet of things equipment.
7. The method for optimizing access control of the internet of things for monitoring the yellow river bank based on attribute exploration according to claim 1, wherein the method further comprises the following steps: and determining a management module by a yellow river flood management group, and distributing management rights for the management module by root users of the yellow river flood warning system.
8. The property exploration-based access control optimization method for the Internet of things for monitoring the yellow river bank is characterized in that the management module obtains basic knowledge of the access flood situation alarm information in a mode of exchanging and consulting with experts.
CN202111541089.9A 2021-12-16 2021-12-16 Yellow river dam bank monitoring Internet of things access control optimization method based on attribute exploration Active CN114448659B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111541089.9A CN114448659B (en) 2021-12-16 2021-12-16 Yellow river dam bank monitoring Internet of things access control optimization method based on attribute exploration

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111541089.9A CN114448659B (en) 2021-12-16 2021-12-16 Yellow river dam bank monitoring Internet of things access control optimization method based on attribute exploration

Publications (2)

Publication Number Publication Date
CN114448659A true CN114448659A (en) 2022-05-06
CN114448659B CN114448659B (en) 2022-10-11

Family

ID=81362995

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111541089.9A Active CN114448659B (en) 2021-12-16 2021-12-16 Yellow river dam bank monitoring Internet of things access control optimization method based on attribute exploration

Country Status (1)

Country Link
CN (1) CN114448659B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114268649A (en) * 2021-12-21 2022-04-01 河南大学 A method for modifying RBAC permissions for the Internet of Things

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106529323A (en) * 2016-01-21 2017-03-22 华南师范大学 Multilevel security model access control data fusion method
CN106940765A (en) * 2017-02-15 2017-07-11 江苏大学 A kind of access rights dynamic control method
CN108765878A (en) * 2018-06-05 2018-11-06 安徽赛洋信息科技开发咨询有限公司 A kind of rural area flood control forecasting and warning system based on Internet of Things cloud platform
CN109831327A (en) * 2019-01-28 2019-05-31 国家电网有限公司信息通信分公司 IMS full service network based on big data analysis monitors intelligent operation support system
CN110135722A (en) * 2019-05-09 2019-08-16 苏州嘉奕晟中小企业科技咨询有限公司 Smart city flood processing system based on geographical integrated information
CN111783043A (en) * 2020-07-06 2020-10-16 河南大学 A Multi-department Collaborative Interactive RBAC Role Construction Method Based on Attribute Exploration
CN111818059A (en) * 2020-07-09 2020-10-23 公安部第三研究所 A system and method for automatically constructing access control policies for high-level information systems
CN111967034A (en) * 2020-08-30 2020-11-20 河南大学 RBAC role fault tolerance auxiliary construction method based on attribute exploration
CN113472729A (en) * 2020-03-31 2021-10-01 瞻博网络公司 Role-based access control policy automatic generation

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106529323A (en) * 2016-01-21 2017-03-22 华南师范大学 Multilevel security model access control data fusion method
CN106940765A (en) * 2017-02-15 2017-07-11 江苏大学 A kind of access rights dynamic control method
CN108765878A (en) * 2018-06-05 2018-11-06 安徽赛洋信息科技开发咨询有限公司 A kind of rural area flood control forecasting and warning system based on Internet of Things cloud platform
CN109831327A (en) * 2019-01-28 2019-05-31 国家电网有限公司信息通信分公司 IMS full service network based on big data analysis monitors intelligent operation support system
CN110135722A (en) * 2019-05-09 2019-08-16 苏州嘉奕晟中小企业科技咨询有限公司 Smart city flood processing system based on geographical integrated information
CN113472729A (en) * 2020-03-31 2021-10-01 瞻博网络公司 Role-based access control policy automatic generation
CN111783043A (en) * 2020-07-06 2020-10-16 河南大学 A Multi-department Collaborative Interactive RBAC Role Construction Method Based on Attribute Exploration
CN111818059A (en) * 2020-07-09 2020-10-23 公安部第三研究所 A system and method for automatically constructing access control policies for high-level information systems
CN111967034A (en) * 2020-08-30 2020-11-20 河南大学 RBAC role fault tolerance auxiliary construction method based on attribute exploration

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114268649A (en) * 2021-12-21 2022-04-01 河南大学 A method for modifying RBAC permissions for the Internet of Things

Also Published As

Publication number Publication date
CN114448659B (en) 2022-10-11

Similar Documents

Publication Publication Date Title
WO2021077642A1 (en) Network space security threat detection method and system based on heterogeneous graph embedding
US10545945B2 (en) Change monitoring spanning graph queries
Tulli Enhancing Software Architecture Recovery: A Fuzzy Clustering Approach
US11228595B2 (en) Evaluating security of data access statements
CN109842628A (en) A kind of anomaly detection method and device
CN109992982A (en) Big data access authorization method, device and big data platform
Li et al. AI-Enhanced Security for Large-Scale Kubernetes Clusters: Advanced Defense and Authentication for National Cloud Infrastructure
US11799890B2 (en) Detecting anomalous downloads
CN109522742A (en) A kind of batch processing method of computer big data
US11023835B2 (en) System for decommissioning information technology assets using solution data modelling
Zhang Global behavior of a computer virus propagation model on multilayer networks
CN118626811A (en) Industrial chain analysis method and system based on knowledge graph
CN114448659B (en) Yellow river dam bank monitoring Internet of things access control optimization method based on attribute exploration
Liu et al. Social group query based on multi-fuzzy-constrained strong simulation
CN115840738A (en) Data migration method and device, electronic equipment and storage medium
CN119766522A (en) A network security situation awareness prediction method based on knowledge graph
CN116668105A (en) An attack path reasoning system combined with industrial control security knowledge graph
CN114936929A (en) Method and device for building banking service system
CN114900364A (en) Advanced persistent threat detection method based on traceability graph and heterogeneous graph neural network
US10977283B2 (en) System for mitigating intentional and unintentional exposure using solution data modelling
US10970406B2 (en) System for mitigating exposure associated with identified unmanaged devices in a network using solution data modelling
Yang Logistics dynamic information retrieval based on blockchain data security model
Deng et al. [Retracted] Security Risk and Preventive Measures of Multimedia Database System under Remote Control of Network Robot
Shang [Retracted] Integrated Energy Security Defense Monitoring Software Based on Cloud Computing
CN112765661B (en) Privacy protection method for maintaining topological characteristics of workflow

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant