CN114448659A - Yellow river dam bank monitoring Internet of things access control optimization method based on attribute exploration - Google Patents
Yellow river dam bank monitoring Internet of things access control optimization method based on attribute exploration Download PDFInfo
- Publication number
- CN114448659A CN114448659A CN202111541089.9A CN202111541089A CN114448659A CN 114448659 A CN114448659 A CN 114448659A CN 202111541089 A CN202111541089 A CN 202111541089A CN 114448659 A CN114448659 A CN 114448659A
- Authority
- CN
- China
- Prior art keywords
- alarm information
- flood
- access control
- flood situation
- situation alarm
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000012544 monitoring process Methods 0.000 title claims abstract description 52
- 238000000034 method Methods 0.000 title claims abstract description 35
- 238000005457 optimization Methods 0.000 title claims abstract description 7
- 230000008569 process Effects 0.000 claims abstract description 6
- 230000004927 fusion Effects 0.000 claims abstract description 4
- 238000012986 modification Methods 0.000 claims description 15
- 230000004048 modification Effects 0.000 claims description 15
- 238000004364 calculation method Methods 0.000 claims description 2
- 238000012545 processing Methods 0.000 claims description 2
- 230000003247 decreasing effect Effects 0.000 claims 3
- 238000011217 control strategy Methods 0.000 abstract 3
- 230000007423 decrease Effects 0.000 description 9
- 230000007246 mechanism Effects 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 3
- 238000004458 analytical method Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 235000013902 inosinic acid Nutrition 0.000 description 2
- 230000010354 integration Effects 0.000 description 2
- 238000012806 monitoring device Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 230000007613 environmental effect Effects 0.000 description 1
- 238000004880 explosion Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- G—PHYSICS
- G08—SIGNALLING
- G08B—SIGNALLING OR CALLING SYSTEMS; ORDER TELEGRAPHS; ALARM SYSTEMS
- G08B21/00—Alarms responsive to a single specified undesired or abnormal condition and not otherwise provided for
- G08B21/02—Alarms for ensuring the safety of persons
- G08B21/10—Alarms for ensuring the safety of persons responsive to calamitous events, e.g. tornados or earthquakes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
- H04L41/0823—Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/145—Network analysis or design involving simulating, designing, planning or modelling of a network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02A—TECHNOLOGIES FOR ADAPTATION TO CLIMATE CHANGE
- Y02A10/00—TECHNOLOGIES FOR ADAPTATION TO CLIMATE CHANGE at coastal zones; at river basins
- Y02A10/40—Controlling or monitoring, e.g. of flood or hurricane; Forecasting, e.g. risk assessment or mapping
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02A—TECHNOLOGIES FOR ADAPTATION TO CLIMATE CHANGE
- Y02A50/00—TECHNOLOGIES FOR ADAPTATION TO CLIMATE CHANGE in human health protection, e.g. against extreme weather
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Life Sciences & Earth Sciences (AREA)
- Environmental & Geological Engineering (AREA)
- General Life Sciences & Earth Sciences (AREA)
- Geology (AREA)
- Business, Economics & Management (AREA)
- Emergency Management (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Alarm Systems (AREA)
Abstract
Description
技术领域technical field
本发明涉及访问控制技术领域,具体涉及一种基于属性探索的黄河坝岸监测物联网访问控制优化方法。The invention relates to the technical field of access control, in particular to a method for optimizing access control of the Internet of Things for dam bank monitoring of the Yellow River based on attribute exploration.
背景技术Background technique
防汛是治理黄河最重要的任务之一。目前已经形成了一套完整的采集、上报防洪工程数据高度可视化的管理界面系统。目前现有的黄河汛情告警系统涉及物联网领域的多种技术,其中包括通信、传感器等技术。由于防汛工程涉及人员和设备众多,各人员与设备通过告警系统对黄河汛情的机密数据能访问访问汛情报警信息。为了有效而安全的防止坝岸险情的发生,发展一种基于汛情报警信息探索的物联网访问控制方法已经成为黄河治理信息化体系的必要手段之一。Flood control is one of the most important tasks in managing the Yellow River. At present, a complete set of highly visual management interface system for collecting and reporting flood control project data has been formed. The current Yellow River flood warning system involves a variety of technologies in the field of Internet of Things, including communications, sensors and other technologies. As the flood control project involves a large number of personnel and equipment, each personnel and equipment can access the flood alarm information through the alarm system to the confidential data of the Yellow River flood conditions. In order to effectively and safely prevent the occurrence of dangerous dam banks, the development of an Internet of Things access control method based on flood alarm information exploration has become one of the necessary means for the Yellow River governance information system.
作为一种新的体系架构,物联网将现实世界与网络集成在一起,实现了物品与物品,以及物品与人之间的信息交换与分发。在这样的环境下,大量的数据被产生,这些数据中又包含了大量的用户隐私,保障这些隐私的安全性是物联网环境下的重中之重。访问控制作为信息安全的基本原理之一,能够有效的保障数据的安全,是物联网时代下的重要研究内容。As a new architecture, the Internet of Things integrates the real world and the network, and realizes the exchange and distribution of information between objects and objects, as well as between objects and people. In such an environment, a large amount of data is generated, and this data contains a large amount of user privacy. The security of this privacy is the top priority in the Internet of Things environment. As one of the basic principles of information security, access control can effectively ensure the security of data, and is an important research content in the era of the Internet of Things.
早期访问控制又分为强制访问控制和自主访问控制,随着信息时代的发展,访问控制技术朝着更多的层次发展,先后出现了多种访问控制模型,其中基于角色的访问控制因其良好的灵活性与安全性,在访问控制领域获得了广泛的研究和应用。Early access control is further divided into mandatory access control and autonomous access control. With the development of the information age, access control technology is developing towards more levels, and a variety of access control models have appeared successively. Among them, role-based access control is a good choice. It has been widely researched and applied in the field of access control.
但传统的基于角色的访问控制,在面对现如今物联网环境时,有粒度较大,容易出现角色爆炸等问题,无法很好的适应物联网环境,相比而言,基于汛情报警信息的访问控制,将主体和客体的汛情报警信息,作为基本的决策要素,不需要手动分配,在管理上相对简单,能够更好的适应于物联网环境。因此现如今,在物联网环境下,更多的模型使用基于汛情报警信息的访问控制。其中,访问策略是访问控制中非常重要的一环。建立一个有效的访问策略,能够有效的保障信息的安全,节省时间空间。如何建立一个有效的访问策略,是建立访问控制机制的重要开始。However, the traditional role-based access control, in the face of today's IoT environment, has large granularity and is prone to problems such as role explosion, which cannot be well adapted to the IoT environment. Access control takes the flood alarm information of the subject and the object as the basic decision-making element, does not require manual allocation, is relatively simple in management, and can be better adapted to the Internet of Things environment. Therefore, nowadays, in the IoT environment, more models use access control based on flood alarm information. Among them, access policy is a very important part of access control. Establishing an effective access strategy can effectively protect the security of information and save time and space. How to establish an effective access policy is an important beginning of establishing an access control mechanism.
人工建立一个坝岸监测访问策略,不仅存在冗余度高的问题,且存在不完整的缺点。Manual establishment of a dam bank monitoring access strategy not only has the problem of high redundancy, but also has the shortcomings of incompleteness.
发明内容SUMMARY OF THE INVENTION
为了解决上述技术问题,本发明的目的在于提供一种基于属性探索的黄河坝岸监测物联网访问控制优化方法,所采用的技术方案具体如下:In order to solve the above-mentioned technical problems, the purpose of the present invention is to provide a kind of Internet of Things access control optimization method based on attribute exploration, and the technical scheme adopted is as follows:
一种基于属性探索的黄河坝岸监测物联网访问控制优化方法,该方法包括:An optimization method for Internet of Things access control for Yellow River dam bank monitoring based on attribute exploration, the method includes:
获取黄河汛情告警系统各个管理模块的访问控制日志,对访问日志控制记录进行处理,得到无冗余的汛情报警信息实例数据、所有汛情报警信息集合;Obtain the access control logs of each management module of the Yellow River flood warning system, process the access log control records, and obtain the instance data of the flood warning information without redundancy and the collection of all the flood warning information;
通过对汛情报警信息实例数据和所有汛情报警信息集合进行分析,建立访问控制实例的第一无冗余集合,得到第一汛情报警信息蕴含关系集合、第一汛情报警信息内涵集合;如果管理模块在建立坝岸监测访问控制模型过程中发现建立失误,则建立执行点提出修改请求并进行修改;By analyzing the flood alarm information instance data and all the flood alarm information sets, the first non-redundant set of access control instances is established, and the first flood alarm information connotation relationship set and the first flood alarm information connotation set are obtained; if the management module is in If errors are found during the establishment of the dam bank monitoring access control model, an execution point is established to make a modification request and make the modification;
多个管理模块建立各自的坝岸监测访问控制模型后,通过融合完成最终坝岸监测访问策略的建立。After multiple management modules establish their own dam bank monitoring access control models, the final dam bank monitoring access strategy is established through integration.
进一步地,所述进行修改包括:Further, the modification includes:
获取待修改角色以及待修改角色对应的待修改汛情报警信息;将第一无冗余集合中待修改角色的汛情报警信息修改为输入的汛情报警信息,得到访问控制实例的第二无冗余集合,并初始化第二汛情报警信息蕴涵关系集合、第二汛情报警信息内涵集合;Obtain the role to be modified and the flood alarm information to be modified corresponding to the role to be modified; modify the flood alarm information of the role to be modified in the first non-redundant set to the input flood alarm information to obtain a second non-redundant set of access control instances , and initialize the second flood alarm information implication relationship set and the second flood alarm information connotation set;
计算第一汛情报警信息蕴涵关系集合和第一汛情报警信息内涵集合中的前件汛情报警信息集合在第二无冗余集合中的后件相比于在第一无冗余集合中的后件是否增加或减少;Calculate the first flood warning information implication relationship set and the antecedents in the first flood warning information connotation set. The consequent in the second non-redundant set is compared to the consequent in the first non-redundant set. whether to increase or decrease;
根据是否增加或减少的计算结果,更新第二汛情报警信息蕴涵关系集合、第二汛情报警信息内涵集合。According to the calculation result of whether to increase or decrease, the second flood warning information implication relationship set and the second flood warning information connotation set are updated.
进一步地,所述根据是否增加或减少的判断结果,更新第二汛情报警信息蕴涵关系集合、第二汛情报警信息内涵集合包括:Further, according to the judgment result of whether to increase or decrease, updating the second flood warning information implication relationship set and the second flood warning information connotation set includes:
若前件汛情报警信息集合在第二无冗余集合中的后件没有增加也没有减少,那么如果该前件汛情报警信息集合属于第一汛情报警信息蕴涵关系集合,则也属于第二汛情报警信息蕴涵关系集合,如果该前件汛情报警信息集合属于第一汛情报警内涵集合,则也属于第二汛情报警信息内涵关系集合;If the subsequent event of the previous flood alarm information set in the second non-redundant set does not increase or decrease, then if the previous flood alarm information set belongs to the first flood alarm information implication relationship set, it also belongs to the second flood alarm information set. The set of information implication relationships, if the preceding flood alarm information set belongs to the first flood alarm connotation set, it also belongs to the second flood alarm information connotation relationship set;
若前件汛情报警信息集合在第二无冗余集合中的后件增加,则将该前件汛情报警信息集合以及后件放入第二汛情报警信息蕴涵关系集合中;If the antecedent flood alarm information set is added in the second non-redundant set, the former flood alarm information set and the subsequent event are put into the second flood alarm information implication relationship set;
若前件汛情报警信息集合在第二无冗余集合中的后件减少且后件为空,则将该前件汛情报警信息集合加入第二汛情报警信息内涵集合中;If the consequent of the preceding flood warning information set in the second non-redundant set is reduced and the consequent is empty, then the preceding flood warning information set is added to the second flood warning information connotation set;
若前件汛情报警信息集合在第二无冗余集合中的后件减少且后件不为空,则将该前件汛情报警信息集合记为第一汛情报警信息集合,将第一汛情报警信息集合放入第二汛情报警信息蕴涵关系集合中;然后获取新建集合,所述新建集合中包括第二无冗余集合上所有前件为单个汛情报警信息的蕴涵式,进一步从新建集合中获取前件构成第二汛情报警信息集合,所述第二汛情报警信息集合中的汛情报警信息集合满足:包含第一汛情报警信息集合在第一无冗余集合中的前件、不包含第一汛情报警信息集合在第一无冗余集合中的后件且包含第一汛情报警信息集合在第二无冗余集合中的后件;将第二汛情报警集合中的汛情报警信息集合进行组合后放入待加入集合;对待加入集合中的汛情报警信息集合进行相关性判断,对于符合相关性条件的汛情报警信息集合,若在第二无冗余集合中的后件为空则放入第二汛情报警信息内涵集合,若后件不为空则放入第二汛情报警信息蕴涵关系集合。If the consequent of the preceding flood alarm information set in the second non-redundant set decreases and the consequent is not empty, the preceding flood alarm information set is recorded as the first flood alarm information set, and the first flood alarm information The set is put into the second flood alarm information implication relationship set; then a new set is obtained, and the new set includes the implication that all the antecedents on the second non-redundant set are a single flood alarm information, and further obtained from the new set. The second flood alarm information set constitutes a second flood alarm information set, and the flood alarm information set in the second flood alarm information set satisfies: the antecedents of the first flood alarm information set in the first non-redundant set are included, and the first flood alarm information set does not include the first flood alarm information. The consequent of the information set in the first non-redundant set includes the consequent of the first flood alarm information set in the second non-redundant set; the flood alarm information set in the second flood alarm set is combined and put into To be added to the set; to perform correlation judgment on the flood alarm information set to be added to the set, for the flood alarm information set that meets the correlation conditions, if the consequent in the second non-redundant set is empty, put it into the second flood alarm information The information connotation set, if the consequent is not empty, it is put into the second flood warning information connotation relation set.
进一步地,所述汛情报警信息包括黄河河段的汛情报警信息、汛情监控设备的汛情报警信息。Further, the flood alarm information includes the flood alarm information of the Yellow River section and the flood alarm information of the flood monitoring equipment.
进一步地,在将该前件汛情报警信息集合以及新增后件放入第二汛情报警信息蕴涵关系集合中之后还包括:在第一汛情报警信息蕴涵关系集合和第一汛情报警信息内涵集合中找出不包含新增后件的前件汛情报警信息集合记为待删除报警信息集合,从第一汛情报警信息蕴涵关系集合和第一汛情报警信息内涵关系集合中删除待删除报警信息集合。Further, after putting the former flood alarm information set and the newly added post-item into the second flood alarm information implication relationship set, it also includes: in the first flood alarm information implication relationship set and the first flood alarm information connotation set. Find out the previous flood alarm information set that does not contain the newly added consequent items and record it as the alarm information set to be deleted, and delete the alarm information set to be deleted from the first flood alarm information connotation relationship set and the first flood alarm information connotation relationship set.
进一步地,所述角色包括管理模块、物联网设备。Further, the roles include management modules and IoT devices.
进一步地,所述方法还包括:通过黄河汛情管理小组确定管理模块,由黄河汛情报警系统的根用户为管理模块分配管理权限。Further, the method further includes: determining a management module through the Yellow River flood situation management team, and assigning management authority to the management module by the root user of the Yellow River flood situation alarm system.
进一步地,所述管理模块通过与专家交流咨询的方式获取访问汛情报警信息的基础知识。Further, the management module obtains the basic knowledge of accessing the flood warning information by communicating and consulting with experts.
有益效果:Beneficial effects:
本发明能很好的解决人工建立坝岸监测访问策略冗余度高且不完整的问题,且所提修改机制,快速对错误的决策模型进行修改,提高了角色权限修改时的访问控制模型精度。The invention can well solve the problem of high redundancy and incompleteness in manually establishing the monitoring access strategy of the dam bank, and the proposed modification mechanism can quickly modify the wrong decision-making model and improve the accuracy of the access control model when the role authority is modified. .
附图说明Description of drawings
图1是本发明提供的一种基于属性探索的黄河坝岸监测物联网访问控制方法示意图。FIG. 1 is a schematic diagram of an Internet of Things access control method for dam bank monitoring of the Yellow River based on attribute exploration provided by the present invention.
具体实施方式Detailed ways
为了更进一步阐述本发明为达成预定发明目的所采取的技术手段及功效,以下结合较佳实施例,对依据本发明提出的一种基于属性探索的黄河坝岸监测物联网访问控制优化方法,其具体实施方式、结构、特征及其功效,详细说明如下。在下述说明中,不同的“一个实施例”或“另一个实施例”指的不一定是同一实施例。此外,一或多个实施例中的特定特征、结构、或特点可由任何合适形式组合。In order to further illustrate the technical means and effects adopted by the present invention to achieve the predetermined purpose of the invention, the following describes a method for optimizing the access control of the Internet of Things for dam bank monitoring of the Yellow River based on attribute exploration proposed by the present invention in conjunction with the preferred embodiments. The specific embodiments, structures, features and effects thereof are described in detail as follows. In the following description, different "one embodiment" or "another embodiment" are not necessarily referring to the same embodiment. Furthermore, the particular features, structures, or characteristics in one or more embodiments may be combined in any suitable form.
除非另有定义,本文所使用的所有的技术和科学术语与属于本发明的技术领域的技术人员通常理解的含义相同。Unless otherwise defined, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs.
本发明基于汛情报警信息探索构建了黄河坝岸险情告警系统访问控制模型,可以快速、准确的对整个黄河汛情物联网系统构建一个访问控制模型,可以根据汛情变化相应的动态调整访问控制机制,一定程度上降低了人为地维护系统访问控制权限的成本。管理模块申请建立一个坝岸监测访问策略,系统接收到这一请求之后,为该管理模块分配一个访问权限建立执行点。根据汛情报警信息探索方法,首先建立一个空的坝岸监测访问背景,并根据用户所需要访问的客体汛情报警信息,环境汛情报警信息以及操作,向其中添加汛情报警信息。而后通过算法查找下一个需要询问管理模块的汛情报警信息蕴涵关系,反复与管理模块交互,获得主体汛情报警信息,以及主体汛情报警信息在何种环境汛情报警信息下,能够对客体汛情报警信息所作的操作。若管理模块在建立过程中发现前期建立失误,可随时向访问权限建立执行点提出修改请求。本发明所提修改机制,可快速对错误的决策模型进行修改。最后,当多个管理模块建立各自的坝岸监测访问策略权限模型后,可对各决策进行融合,完成最终坝岸监测访问策略的建立。如图1所示,本发明告警系统示意图下面结合实施例具体说明本发明所提供的一种基于属性探索的黄河坝岸监测物联网访问控制优化方法,其中,管理员即管理模块,通过交互询问的方式获取访问汛情报警信息的基础知识并获取访问控制日志,根据修改请求调用修改机制进行访问控制模型的修改,最后通过融合得到最终的坝岸检测访问策略。The invention explores and constructs an access control model of the Yellow River dam bank danger alarm system based on the flood situation alarm information, can quickly and accurately construct an access control model for the entire Yellow River flood situation Internet of Things system, and can dynamically adjust the access control mechanism according to the flood situation changes. To a certain extent, the cost of manually maintaining system access control rights is reduced. The management module applies for establishing a dam bank monitoring access policy. After the system receives this request, it assigns an access authority to the management module to establish an execution point. According to the flood alarm information exploration method, first establish an empty dam bank monitoring access background, and add flood alarm information to it according to the object flood alarm information, environmental flood alarm information and operations that the user needs to access. Then, find the implication relationship of the next flood alarm information that needs to ask the management module through the algorithm, and repeatedly interact with the management module to obtain the main flood alarm information, and under what kind of environment flood alarm information, the subject flood alarm information can be made to the object flood alarm information. operation. If the management module finds an early establishment error during the establishment process, it can submit a modification request to the access authority establishment execution point at any time. The modification mechanism proposed by the invention can quickly modify the wrong decision model. Finally, after multiple management modules have established their own dam bank monitoring access policy authority models, various decisions can be integrated to complete the establishment of the final dam bank monitoring access policy. As shown in FIG. 1, the schematic diagram of the alarm system of the present invention is described below in conjunction with the embodiment to specifically describe a method for optimizing the access control of the Yellow River dam and bank monitoring Internet of Things based on attribute exploration provided by the present invention. The basic knowledge of accessing flood alarm information and access control logs are obtained by means of the method, and the modification mechanism is invoked to modify the access control model according to the modification request. Finally, the final access policy for dam bank detection is obtained through fusion.
本实施例提供一种基于属性探索的黄河坝岸监测物联网访问控制优化方法,包括以下步骤:This embodiment provides a method for optimizing the access control of the Internet of Things for monitoring the Yellow River dam bank based on attribute exploration, which includes the following steps:
步骤1,获取黄河汛情告警系统各个管理模块的访问控制日志,对访问日志控制记录进行处理,得到汛情报警信息实例数据、所有汛情报警信息集合。Step 1: Obtain access control logs of each management module of the Yellow River flood warning system, process the access log control records, and obtain flood warning information instance data and a collection of all flood warning information.
通过黄河汛情管理小组确定管理模块,由告警系统的root用户为管理模块分配管理权限。The management module is determined by the Yellow River flood situation management team, and the root user of the alarm system assigns management authority to the management module.
获取访问控制日志进行分析。管理模块甲在8月10日操作黄河A段汛情数据成功,则系统管理模块甲具有操作黄河A段汛情数据的权限,将该权限记为1;管理模块甲在8月11日操作黄河B段汛情数据失败,则记录管理模块甲不具有操作黄河B段汛情数据的权限,将该权限记为0;如果在告警系统中黄河A段汛情监控设备1在8月10日访问黄河A段汛情监控设备2采集的数据成功,则系统记录黄河A段汛情监控设备1具有访问黄河A段汛情监控设备2的权限,将该权限记为1;如果在告警系统中黄河A段汛情监控设备1在8月10日访问黄河A段汛情监控设备2采集的数据失败,则系统记录黄河A段汛情监控设备1不具有访问黄河A段汛情监控设备2的权限,将该权限记为0。Obtain access control logs for analysis. Management Module A successfully operates the flood data of Section A of the Yellow River on August 10, then System Management Module A has the authority to operate the flood data of Section A of the Yellow River, and this authority is recorded as 1; Management Module A operates Section B of the Yellow River on August 11. If the flood situation data fails, the record management module A does not have the authority to operate the flood situation data of the Yellow River section B, and this authority is recorded as 0; The data collected by the device 2 is successful, then the system records that the flood monitoring device 1 of the section A of the Yellow River has the permission to access the flood monitoring device 2 of the section A of the Yellow River, and this permission is recorded as 1; If the access to the data collected by the flood monitoring equipment 2 in Section A of the Yellow River fails on January 10, the system records that the flood monitoring equipment 1 in Section A of the Yellow River does not have the authority to access the flood monitoring equipment 2 in Section A of the Yellow River, and this authority is recorded as 0.
按照以上分析方法,对所获取的所有的访问控制日志记录进行处理,得到汛情报警信息实例数据Data0,同时得到所有汛情报警信息集合M;汛情报警信息实例数据Data0可以以表的形式呈现,如表1所示为汛情报警信息实例数据的示例。所有汛情报警信息M=(a,b,c,d,e,f,g,h,i),其中a、b、···、i分别表示不同的汛情报警信息,包括黄河A段汛情报警信息、黄河B段汛情报警信息、黄河A段汛情监控设备1汛情报警信息、黄河A段汛情监控设备2汛情报警信息。According to the above analysis method, all the obtained access control log records are processed to obtain the flood alarm information instance data Data 0 , and all the flood alarm information sets M are obtained at the same time; the flood alarm information instance data Data 0 can be presented in the form of a table, Table 1 shows an example of flood alarm information instance data. All flood alarm information M=(a, b, c, d, e, f, g, h, i), where a, b, ..., i represent different flood alarm information, including flood alarm in Section A of the Yellow River Information, flood alarm information of section B of the Yellow River, flood alarm information of section A flood monitoring equipment of the Yellow River, and flood alarm information of flood monitoring equipment of section A of the Yellow River.
表1Table 1
步骤2,通过无冗余的汛情报警信息实例数据和汛情报警信息集合进行分析,建立访问控制实例的第一无冗余集合,得到第一汛情报警信息蕴含关系集合、第一汛情报警信息内涵集合。Step 2, analyze the flood alarm information instance data without redundancy and the flood alarm information set, establish the first non-redundant set of access control instances, and obtain the first flood alarm information implication relationship set and the first flood alarm information connotation set. .
基于汛情报警信息探索方法,对于无冗余的汛情报警信息实例数据Data0和所有汛情报警信息集合M进行分析,建立访问控制实例的第一无冗余集合KS1,得到第一汛情报警信息蕴涵关系集合J1以第一汛情报警信息内涵集合C1,并将访问控制背景中的汛情报警信息按角色赋予用户。具体地,首先建立访问控制实例的第一无冗余集合,第一无冗余集合可以通过坝岸监测访问背景实现,坝岸监测访问背景中没有冗余的访问控制信息。然后根据集合之间的蕴涵关系以及内涵建立第一汛情报警信息关系集合和第一汛情报警信息内涵集合。Based on the flood alarm information exploration method, analyze the non-redundant flood alarm information instance data Data 0 and all the flood alarm information sets M, establish the first non-redundant set K S1 of the access control instance, and obtain the first flood alarm information implication The relationship set J 1 contains the set C 1 with the first flood warning information, and assigns the flood warning information in the access control background to users according to roles. Specifically, a first non-redundant set of access control instances is first established. The first non-redundant set can be implemented through the dam bank monitoring and access background, and there is no redundant access control information in the dam bank monitoring and access background. Then, the first flood warning information relation set and the first flood warning information connotation set are established according to the implication relationship and connotation between the sets.
在构建访问控制模型的过程中用到的概念如下:The concepts used in building the access control model are as follows:
(1)一个坝岸监测访问背景K=(U,M,I)是由两个集合U和M以及U与M间的关系I组成,U的元素称为访问主体,M的元素称为汛情报警信息。(u,m)∈I或者(uIm)表示访问主体u能访问汛情报警信息m。我们用或者表示访问主体u不能访问汛情报警信息m。在告警系统中,U对应告警系统中包含的物联网设备的访问方,M对应告警系统中包含的物联网设备的受访问方,I对应告警系统中访问方和受访问方的关系。(1) A dam bank monitoring access background K=(U, M, I) is composed of two sets U and M and the relationship I between U and M. The element of U is called the access subject, and the element of M is called the flood situation Alarm information. (u, m)∈I or (uIm) means that the access subject u can access the flood warning information m. we use or Indicates that the access subject u cannot access the flood alarm information m. In the alarm system, U corresponds to the access party of the IoT device included in the alarm system, M corresponds to the accessed party of the IoT device included in the alarm system, and I corresponds to the relationship between the access party and the accessed party in the alarm system.
设K=(U,M,I)是一个坝岸监测访问背景,若令Let K=(U, M, I) be the background of a dam bank monitoring visit, if make
(2)如果A,B满足f(A)=B,g(B)=A,则我们称二元组(A,B)是一个概念。A是概念(A,B)的外延,B是概念(A,B)的内涵。(2) If A, B satisfy f(A)=B, g(B)=A, then we call the binary group (A, B) a concept. A is the extension of the concept (A, B), and B is the connotation of the concept (A, B).
(3)设K=(U,M,I)是一个坝岸监测访问背景,Y1,若则称在K中Y2值依赖于Y1,记作Y1->Y2,也称蕴涵式Y1->Y2在K中成立。(3) Let K=(U, M, I) be a background of dam bank monitoring visit, Y 1 , like Then the value of Y 2 in K is said to depend on Y 1 , denoted as Y 1 ->Y 2 , and it is also said that the implication Y 1 -> Y 2 holds in K.
(4)给定坝岸监测访问背景K=(U,M,I),蕴涵式集合J(K),蕴涵式C->D∈J(K)。若汛情报警信息集合当且仅当或时,则称T与C->D相关。若T与J(K)中所有的蕴涵式都相关,则称T与J(K)相关。(4) Given the background K=(U, M, I) for monitoring and visiting the bank, the implication set J(K), the implication C->D∈J(K). If the flood alarm information collection if and only if or , then T is said to be related to C->D. T is said to be related to J(K) if T is related to all the implication in J(K).
(5)设K=(U,M,I)是一个坝岸监测访问背景,M={m1,m2···mn},M中的汛情报警信息满足基本线性序关系(m1<m2<··<mn),则对任意的Y1,当且仅当存在mi∈Y2-Y1且Y1∩{m1,···,mi-1}=Y2∩{m1,···,mi-1}时,称汛情报警信息集合Y1的字典序小于汛情报警信息集合Y2的字典序,记作Y1<Y2。(5) Let K=(U, M, I) be a background of dam bank monitoring visit, M={m 1 , m 2 ··· m n }, the flood warning information in M satisfies the basic linear sequence relationship (m 1 <m 2 <··<m n ), then for any Y 1 , If and only if there is m i ∈ Y 2 -Y 1 and Y 1 ∩{m 1 ,...,m i-1 }=Y2∩{m 1 ,...,m i-1 }, it is called flood situation The lexicographic order of the alarm information set Y 1 is smaller than the lexicographic order of the flood alarm information set Y 2 , denoted as Y 1 <Y 2 .
(6)对于坝岸监测访问背景 有P≠f(g(P)),且对每一个伪内涵且Q≠P,都有那么我们称P是一个伪内涵。(6) Background of dam bank monitoring visit There is P≠f(g(P)), and for each pseudo-intension and Q≠P, both Then we call P a pseudo-intension.
(7)若为一个坝岸监测访问背景,蕴涵集合{P→f(g(P))-P|P是K的伪内涵},称之为K的主基。(7) If It is a background of dam bank monitoring and visit, the implication set {P→f(g(P))-P|P is the pseudo-intension of K}, which is called the main basis of K.
(8)设是一个坝岸监测访问背景,为上的蕴涵式集合,蕴涵式若或则称T与A→B相关。若T与中所有的蕴涵式都相关,则称T与相关。(8) set It is a background of dam bank monitoring visit, for The implication set on , implication like or Then T is said to be related to A→B. If T and All the implications in are related, then T is said to be related to related.
如果管理模块在建立访问控制策略过程中发现建立失误,则建立执行点提出修改请求并进行修改。本发明所指建立失误包括:角色的权限出现错误,需要对角色能够访问的汛情报警信息进行修改。例如,当前访问控制模型中角色能够访问第一汛情报警信息,但是经检查发现错误,需要将能够访问的第一汛情报警信息修改为第二汛情报警信息。If the management module finds an establishment error in the process of establishing the access control policy, the establishment execution point puts forward a modification request and makes the modification. The establishment errors referred to in the present invention include: an error occurs in the authority of the role, and it is necessary to modify the flood alarm information that the role can access. For example, a role in the current access control model can access the first flood alarm information, but an error is found after inspection, and the accessible first flood alarm information needs to be modified to the second flood alarm information.
对于待修改的角色r以及角色r所对应的汛情报警信息A1,根据确定的访问控制实例的第一无冗余集合KS1、第一汛情报警信息蕴涵关系集合J1以及第一汛情报警信息内涵集合C1,将访问控制实例的无冗余集合KS1中角色r中的汛情报警信息A1修改为输入的汛情报警信息A2,得到访问控制实例的第二无冗余集合KS2。然后计算第一汛情报警信息蕴涵关系集合J1以及第一汛情报警信息内涵集合C1中的前件汛情报警信息集合在访问控制实例的第二无冗余集合KS2中的后件(相比于在KS1中的后件)是否存在增加或减少;若存在某一汛情报警信息集合b1的后件没有增加也没有减少,那么如果该汛情报警信息集合b1属于第一汛情报警信息蕴涵关系集合J1,则也属于第二汛情报警信息蕴涵关系集合J2,如果该汛情报警信息集合b1属于第一汛情报警信息内涵集合C1,则也属于第二汛情报警信息内涵集合C2。优选地,初始化的第二汛情报警信息蕴涵关系集合和第二汛情报警信息内涵集合为空。若b1的后件没有增加也没有减少,那么,根据b1与第一汛情报警信息蕴涵关系集合以及第一汛情报警信息内涵集合的包含关系,将b1及其后件放入第一汛情报警信息蕴涵关系集合或第一汛情报警信息内涵集合。For the role r to be modified and the flood alarm information A 1 corresponding to the role r, according to the determined first non-redundant set K S1 of the access control instance, the first flood alarm information implication relationship set J 1 and the first flood alarm information In the connotation set C 1 , the flood alarm information A 1 in the role r in the non-redundant set K S1 of the access control instance is modified to the input flood alarm information A 2 to obtain the second non-redundant set K S2 of the access control instance. Then calculate the first flood warning information implication relationship set J 1 and the consequent of the antecedent flood warning information set in the first flood warning information connotation set C 1 in the second non-redundant set K S2 of the access control instance (compared to Whether there is an increase or decrease in the consequent in K S1 ); if there is a consequent of a certain flood alarm information set b 1 that neither increases nor decreases, then if the flood alarm information set b 1 belongs to the first flood alarm information implication The relation set J 1 also belongs to the second flood warning information implication relation set J 2 . If the flood warning information set b 1 belongs to the first flood warning information connotation set C 1 , it also belongs to the second flood warning information connotation set C 2 . . Preferably, the initialized second flood warning information implication relationship set and the second flood warning information connotation set are empty. If the consequent of b 1 does not increase or decrease, then, according to the inclusion relationship between b 1 and the first flood warning information connotation set and the first flood warning information connotation set, put b 1 and its consequent into the first flood condition. The alarm information implication relationship set or the first flood alarm information connotation collection.
若存在某一汛情报警信息集合b2的后件有增加,那么将这个汛情报警信息集合b2与其在第二无冗余集合上的后件构成蕴含式,放入新的汛情报警信息蕴涵关系集合J2中。进一步地,可以在汛情报警信息蕴涵关系集合J1以及汛情报警信息内涵集合C1中,找出所有前件不包含该新增后件的汛情报警信息集合,然后在第一汛情报警信息蕴涵关系集合J1以及第一汛情报警信息内涵集合C1中删除这些汛情报警信息集合。If there is an increase in the consequent of a certain flood alarm information set b 2 , then this flood alarm information set b 2 and its consequent on the second non-redundant set constitute an implication, and put it into a new flood alarm information implication relationship Collection J 2 . Further, in the flood warning information implication relationship set J 1 and the flood warning information connotation set C 1 , find out all the flood warning information sets whose antecedents do not contain the newly added subsequent event, and then find the first flood warning information implication relationship. These sets of flood warning information are deleted from the set J 1 and the first flood warning information connotation set C 1 .
若存在某一汛情报警信息集合b3的后件有减少,那么若该汛情报警信息集合后件为空则将这个汛情报警信息集合放入新的汛情报警信息内涵集合C2中。If there is a decrease in the consequent of a flood alarm information set b3, then if the consequent of the flood alarm information set is empty, the flood alarm information set is put into a new flood alarm information connotation set C2 .
若b3的后件有减少且在KS2后件不为空,则将这个汛情报警信息集合b3放入新的汛情报警信息蕴涵关系集合J2中,根据修改后的访问控制实例的无冗余集合KS2,计算所有前件为单个汛情报警信息的蕴涵式,并放入新建集合IMPs中。从新建集合中找出所有包含该汛情报警信息集合b3在KS1中的前件、不包含该汛情报警信息集合b3在KS1中的后件且包含该汛情报警信息集合b3在KS2中的后件的汛情报警信息集合,具体方法如下:找出新建集合IMPs中前件不包含且前件与后件的并集中不含的所有汛情报警信息集合。并将找出的这些汛情报警信息集合进行排列组合(按照组合方法随机取至少一个集合构成新的集合,如此可得2n-1个集合),去掉重复放入的汛情报警信息后放入待加入集合。对待加入集合中的汛情报警信息集合进行相关性判断,对符合相关性条件的汛情报警信息集合,若在第二无冗余集合后件为空则放入新的汛情报警信息内涵集合C2中,若在KS2后件不为空则放入新的汛情报警信息蕴涵关系集合J2;最终得到修改后的访问控制实例的无冗余集合KS2、新的汛情报警信息蕴涵关系集合J2以及新的汛情报警信息内涵集合C2;其中角色r包括:告警系统中的管理模块或者物联网设备。对于物联网设备,采样与步骤2同样的访问控制模型建立方法和修改机制集合得到物联网设备的访问控制模型。If the consequent of b3 is reduced and the consequent is not empty in K S2 , put this flood warning information set b3 into a new flood warning information implication set J2, according to the modified access control instance's non- existence . Redundant set K S2 , calculates the implication that all antecedents are a single flood alarm information, and put it into the new set IMPs. Find out all the antecedents that contain the flood warning information set b3 in K S1 from the newly created set, the consequences that do not contain the flood warning information set b3 in K S1 and contain the flood warning information set b3 in K S1 The flood alarm information set of the consequent items in S2 , the specific method is as follows: find out that the antecedents in the newly created set IMPs do not contain And the union of the antecedent and the consequent does not contain A collection of all flood alarm information. Arrange and combine the found sets of flood alarm information (at least one set is randomly selected to form a new set according to the combination method, so that 2 n -1 sets can be obtained), remove the repeated flood alarm information and put it into the waiting list. Join the collection. Perform correlation judgment on the flood alarm information set to be added to the set, and put the flood alarm information set that meets the correlation conditions, if the second non-redundant set consequent is empty, put it into a new flood alarm information connotation set C 2 , if the latter is not empty in K S2 , then a new flood warning information implication relation set J 2 is put into it; finally, a non-redundant set K S2 of the modified access control instance and a new flood warning information implication relation set J 2 are obtained. and a new connotation set C 2 of flood alarm information; the role r includes: a management module in an alarm system or an Internet of Things device. For IoT devices, sample the same access control model establishment method and modification mechanism set as in step 2 to obtain the access control model of IoT devices.
通过本专利提出的汛情报警信息上述修改机制进行修改,最终可以得到新的汛情报警信息蕴涵关系集合和新的汛情报警信息内涵集合,从而可以得到整个告警系统的访问控制关系。By modifying the above-mentioned modification mechanism of the flood alarm information proposed in this patent, a new flood alarm information implication relationship set and a new flood alarm information connotation set can finally be obtained, so that the access control relationship of the entire alarm system can be obtained.
步骤3,多个管理模块建立各自的坝岸监测访问控制模型后,通过融合完成最终坝岸监测访问策略的建立。即对多个访问控制模型依据蕴涵关系进行融合得到一个完整的访问控制模型。每个管理模块的坝岸监测访问控制模型包括其对应的访问控制实例的无冗余集合、汛情报警信息蕴涵关系集合以及汛情报警信息内涵集合。将多个管理模块的访问控制模型融合即可得到最终的坝岸监测访问策略。融合的时候是对管理模块最新的访问控制模型进行融合。Step 3, after multiple management modules establish their own dam bank monitoring access control models, the establishment of the final dam bank monitoring access strategy is completed through fusion. That is, a complete access control model is obtained by fusing multiple access control models according to the implication relationship. The dam bank monitoring access control model of each management module includes its corresponding non-redundant set of access control instances, a set of flood alarm information implication relationships, and a flood alarm information connotation set. The final dam bank monitoring access strategy can be obtained by integrating the access control models of multiple management modules. The integration is to integrate the latest access control model of the management module.
需要说明的是:上述本发明实施例先后顺序仅仅为了描述,不代表实施例的优劣。且上述对本说明书特定实施例进行了描述。其它实施例在所附权利要求书的范围内。在一些情况下,在权利要求书中记载的动作或步骤可以按照不同于实施例中的顺序来执行并且仍然可以实现期望的结果。在某些实施方式中,多任务处理和并行处理也是可以的或者可能是有利的。It should be noted that: the above-mentioned order of the embodiments of the present invention is only for description, and does not represent the advantages and disadvantages of the embodiments. And the foregoing describes specific embodiments of the present specification. Other embodiments are within the scope of the appended claims. In some cases, the actions or steps recited in the claims can be performed in an order different from that in the embodiments and still achieve desirable results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.
本说明书中的各个实施例均采用递进的方式描述,各个实施例之间相同相似的部分互相参见即可,每个实施例重点说明的都是与其他实施例的不同之处。Each embodiment in this specification is described in a progressive manner, and the same and similar parts between the various embodiments may be referred to each other, and each embodiment focuses on the differences from other embodiments.
以上所述仅为本发明的较佳实施例,并不用以限制本发明,凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。The above descriptions are only preferred embodiments of the present invention, and are not intended to limit the present invention. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention shall be included in the protection of the present invention. within the range.
Claims (8)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111541089.9A CN114448659B (en) | 2021-12-16 | 2021-12-16 | Yellow river dam bank monitoring Internet of things access control optimization method based on attribute exploration |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111541089.9A CN114448659B (en) | 2021-12-16 | 2021-12-16 | Yellow river dam bank monitoring Internet of things access control optimization method based on attribute exploration |
Publications (2)
Publication Number | Publication Date |
---|---|
CN114448659A true CN114448659A (en) | 2022-05-06 |
CN114448659B CN114448659B (en) | 2022-10-11 |
Family
ID=81362995
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202111541089.9A Active CN114448659B (en) | 2021-12-16 | 2021-12-16 | Yellow river dam bank monitoring Internet of things access control optimization method based on attribute exploration |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114448659B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114268649A (en) * | 2021-12-21 | 2022-04-01 | 河南大学 | A method for modifying RBAC permissions for the Internet of Things |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106529323A (en) * | 2016-01-21 | 2017-03-22 | 华南师范大学 | Multilevel security model access control data fusion method |
CN106940765A (en) * | 2017-02-15 | 2017-07-11 | 江苏大学 | A kind of access rights dynamic control method |
CN108765878A (en) * | 2018-06-05 | 2018-11-06 | 安徽赛洋信息科技开发咨询有限公司 | A kind of rural area flood control forecasting and warning system based on Internet of Things cloud platform |
CN109831327A (en) * | 2019-01-28 | 2019-05-31 | 国家电网有限公司信息通信分公司 | IMS full service network based on big data analysis monitors intelligent operation support system |
CN110135722A (en) * | 2019-05-09 | 2019-08-16 | 苏州嘉奕晟中小企业科技咨询有限公司 | Smart city flood processing system based on geographical integrated information |
CN111783043A (en) * | 2020-07-06 | 2020-10-16 | 河南大学 | A Multi-department Collaborative Interactive RBAC Role Construction Method Based on Attribute Exploration |
CN111818059A (en) * | 2020-07-09 | 2020-10-23 | 公安部第三研究所 | A system and method for automatically constructing access control policies for high-level information systems |
CN111967034A (en) * | 2020-08-30 | 2020-11-20 | 河南大学 | RBAC role fault tolerance auxiliary construction method based on attribute exploration |
CN113472729A (en) * | 2020-03-31 | 2021-10-01 | 瞻博网络公司 | Role-based access control policy automatic generation |
-
2021
- 2021-12-16 CN CN202111541089.9A patent/CN114448659B/en active Active
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106529323A (en) * | 2016-01-21 | 2017-03-22 | 华南师范大学 | Multilevel security model access control data fusion method |
CN106940765A (en) * | 2017-02-15 | 2017-07-11 | 江苏大学 | A kind of access rights dynamic control method |
CN108765878A (en) * | 2018-06-05 | 2018-11-06 | 安徽赛洋信息科技开发咨询有限公司 | A kind of rural area flood control forecasting and warning system based on Internet of Things cloud platform |
CN109831327A (en) * | 2019-01-28 | 2019-05-31 | 国家电网有限公司信息通信分公司 | IMS full service network based on big data analysis monitors intelligent operation support system |
CN110135722A (en) * | 2019-05-09 | 2019-08-16 | 苏州嘉奕晟中小企业科技咨询有限公司 | Smart city flood processing system based on geographical integrated information |
CN113472729A (en) * | 2020-03-31 | 2021-10-01 | 瞻博网络公司 | Role-based access control policy automatic generation |
CN111783043A (en) * | 2020-07-06 | 2020-10-16 | 河南大学 | A Multi-department Collaborative Interactive RBAC Role Construction Method Based on Attribute Exploration |
CN111818059A (en) * | 2020-07-09 | 2020-10-23 | 公安部第三研究所 | A system and method for automatically constructing access control policies for high-level information systems |
CN111967034A (en) * | 2020-08-30 | 2020-11-20 | 河南大学 | RBAC role fault tolerance auxiliary construction method based on attribute exploration |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114268649A (en) * | 2021-12-21 | 2022-04-01 | 河南大学 | A method for modifying RBAC permissions for the Internet of Things |
Also Published As
Publication number | Publication date |
---|---|
CN114448659B (en) | 2022-10-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2021077642A1 (en) | Network space security threat detection method and system based on heterogeneous graph embedding | |
Tulli | Enhancing Software Architecture Recovery: A Fuzzy Clustering Approach | |
US11228595B2 (en) | Evaluating security of data access statements | |
CN109842628A (en) | A kind of anomaly detection method and device | |
EP3532949A1 (en) | Change monitoring spanning graph queries | |
CN109992982A (en) | Big data access authorization method, device and big data platform | |
US11799890B2 (en) | Detecting anomalous downloads | |
CN109522742A (en) | A kind of batch processing method of computer big data | |
KR102086936B1 (en) | User data sharing method and device | |
Zhang | Global behavior of a computer virus propagation model on multilayer networks | |
US20190347596A1 (en) | System for decommissioning information technology assets using solution data modelling | |
CN116628360A (en) | Social network histogram issuing method and device based on differential privacy | |
CN114448659B (en) | Yellow river dam bank monitoring Internet of things access control optimization method based on attribute exploration | |
Liu et al. | Social group query based on multi-fuzzy-constrained strong simulation | |
Zheng et al. | Secure sharing of industrial IoT data based on distributed trust management and trusted execution environments: a federated learning approach | |
Zhang et al. | DPNM: A Differential Private Notary Mechanism for Privacy Preservation in Cross-chain Transactions | |
CN115840738A (en) | Data migration method and device, electronic equipment and storage medium | |
CN119766522A (en) | A network security situation awareness prediction method based on knowledge graph | |
Yang | Logistics dynamic information retrieval based on blockchain data security model | |
CN116668105A (en) | An attack path reasoning system combined with industrial control security knowledge graph | |
Menandas et al. | Data mining with parallel processing technique for complexity reduction and characterization of big data | |
Fu et al. | Hesitant fuzzy β-covering (T, I) rough set models: An application to multi-attribute decision-making | |
US10977283B2 (en) | System for mitigating intentional and unintentional exposure using solution data modelling | |
US10970406B2 (en) | System for mitigating exposure associated with identified unmanaged devices in a network using solution data modelling | |
Balavivekanandhan et al. | Creating A Resilient Blockchain Framework To Enhance The Efficiency And Security Of Data Management Within Internet Of Things Networks |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |