CN114448659A - Yellow river dam bank monitoring Internet of things access control optimization method based on attribute exploration - Google Patents

Yellow river dam bank monitoring Internet of things access control optimization method based on attribute exploration Download PDF

Info

Publication number
CN114448659A
CN114448659A CN202111541089.9A CN202111541089A CN114448659A CN 114448659 A CN114448659 A CN 114448659A CN 202111541089 A CN202111541089 A CN 202111541089A CN 114448659 A CN114448659 A CN 114448659A
Authority
CN
China
Prior art keywords
alarm information
flood
flood situation
situation alarm
access control
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111541089.9A
Other languages
Chinese (zh)
Other versions
CN114448659B (en
Inventor
谢毅
张芃
沈夏炯
左宪禹
张磊
葛强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Henan University
Original Assignee
Henan University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Henan University filed Critical Henan University
Priority to CN202111541089.9A priority Critical patent/CN114448659B/en
Publication of CN114448659A publication Critical patent/CN114448659A/en
Application granted granted Critical
Publication of CN114448659B publication Critical patent/CN114448659B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • GPHYSICS
    • G08SIGNALLING
    • G08BSIGNALLING OR CALLING SYSTEMS; ORDER TELEGRAPHS; ALARM SYSTEMS
    • G08B21/00Alarms responsive to a single specified undesired or abnormal condition and not otherwise provided for
    • G08B21/02Alarms for ensuring the safety of persons
    • G08B21/10Alarms for ensuring the safety of persons responsive to calamitous events, e.g. tornados or earthquakes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0823Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/145Network analysis or design involving simulating, designing, planning or modelling of a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02ATECHNOLOGIES FOR ADAPTATION TO CLIMATE CHANGE
    • Y02A10/00TECHNOLOGIES FOR ADAPTATION TO CLIMATE CHANGE at coastal zones; at river basins
    • Y02A10/40Controlling or monitoring, e.g. of flood or hurricane; Forecasting, e.g. risk assessment or mapping
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02ATECHNOLOGIES FOR ADAPTATION TO CLIMATE CHANGE
    • Y02A50/00TECHNOLOGIES FOR ADAPTATION TO CLIMATE CHANGE in human health protection, e.g. against extreme weather

Landscapes

  • Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • Emergency Management (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Business, Economics & Management (AREA)
  • Geology (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • General Life Sciences & Earth Sciences (AREA)
  • Environmental & Geological Engineering (AREA)
  • Alarm Systems (AREA)

Abstract

The invention relates to the field of access control, in particular to an attribute exploration-based access control optimization method for a yellow river dam bank monitoring Internet of things. The method comprises the following steps: obtaining access control logs of each management module of the yellow river flood condition warning system to obtain flood condition warning information example data and all flood condition warning information sets; analyzing the flood situation alarm information example data and the flood situation alarm information set, and establishing a first redundancy-free set of the access control example to obtain a first flood situation alarm information inclusion relation set and a first flood situation alarm information connotation set; if the management module finds that the establishment is wrong in the process of establishing the access control strategy, the management module modifies the access control strategy; and after the management modules establish respective dam bank monitoring access strategy authority models, the final establishment of the yellow river dam bank monitoring access strategy is completed through fusion. The invention improves the establishing efficiency and the establishing precision of the access control strategy of the Internet of things for monitoring the yellow river bank.

Description

Yellow river dam bank monitoring Internet of things access control optimization method based on attribute exploration
Technical Field
The invention relates to the technical field of access control, in particular to an attribute exploration-based access control optimization method for a yellow river dam bank monitoring internet of things.
Background
Flood prevention is one of the most important tasks for controlling the yellow river. At present, a set of complete management interface system for collecting and reporting flood control project data in highly visual mode is formed. The existing yellow river flood condition warning system relates to various technologies in the field of Internet of things, wherein the technologies comprise communication, sensors and the like. As the flood prevention project involves a plurality of personnel and equipment, the personnel and the equipment can access the flood situation alarm information to the confidential data of the yellow river flood situation through the alarm system. In order to effectively and safely prevent the dam bank dangerous case from happening, the development of an internet of things access control method based on flood situation alarm information exploration becomes one of necessary means of a yellow river management information system.
As a new system architecture, the Internet of things integrates the real world with the network, and realizes information exchange and distribution between objects and between the objects and people. Under the environment, a large amount of data is generated, the data contains a large amount of user privacy, and the security of the privacy is important in the environment of the internet of things. The access control is one of basic principles of information security, can effectively guarantee the security of data, and is an important research content in the era of the internet of things.
The early access control is divided into mandatory access control and autonomous access control, along with the development of the information era, the access control technology develops towards more levels, and various access control models appear in sequence, wherein the role-based access control is widely researched and applied in the access control field due to good flexibility and safety.
However, in the traditional role-based access control, when the current internet of things environment is faced, the problems of large granularity, easy role explosion and the like are caused, and the traditional role-based access control cannot be well adapted to the internet of things environment. Therefore, at present, in the environment of the internet of things, more models use access control based on flood situation alarm information. Among them, the access policy is a very important ring in access control. An effective access strategy is established, so that the safety of information can be effectively guaranteed, and the time and the space are saved. How to establish an effective access policy is an important starting point for establishing an access control mechanism.
The dam bank monitoring access strategy is established manually, so that the problem of high redundancy is solved, and the defect of incompleteness is overcome.
Disclosure of Invention
In order to solve the technical problems, the invention aims to provide an attribute exploration-based access control optimization method for monitoring the internet of things on the yellow river bank, and the adopted technical scheme is as follows:
an attribute exploration-based access control optimization method for monitoring Internet of things on a yellow river bank comprises the following steps:
acquiring access control logs of each management module of the yellow river flood condition warning system, and processing access log control records to obtain non-redundant flood condition warning information example data and all flood condition warning information sets;
analyzing the flood situation alarm information example data and all flood situation alarm information sets, establishing a first redundancy-free set of the access control example, and obtaining a first flood situation alarm information inclusion relation set and a first flood situation alarm information connotation set; if the management module finds that the building is wrong in the process of building the dam bank monitoring access control model, an execution point is built to provide a modification request and modify the modification request;
and after the management modules establish respective dam bank monitoring access control models, the final establishment of a dam bank monitoring access strategy is completed through fusion.
Further, the modifying comprises:
acquiring a role to be modified and flood condition alarm information to be modified corresponding to the role to be modified; modifying the flood condition alarm information of the role to be modified in the first redundancy-free set into input flood condition alarm information to obtain a second redundancy-free set of the access control example, and initializing a second flood condition alarm information implication relation set and a second flood condition alarm information implication set;
calculating whether the quantity of the back pieces of the front piece flood situation alarm information sets in the first flood situation alarm information implication relation set and the second flood situation alarm information implication set is increased or reduced in the second redundancy-free set compared with the quantity of the back pieces in the first redundancy-free set;
and updating the second flood situation alarm information implication relation set and the second flood situation alarm information implication set according to the calculation result of whether the number of the second flood situation alarm information is increased or decreased.
Further, updating the second flood condition alarm information implication relation set and the second flood condition alarm information implication set according to the judgment result of whether the information is increased or decreased comprises the following steps:
if the front piece flood situation alarm information set is not increased or reduced in the rear piece in the second non-redundant set, if the front piece flood situation alarm information set belongs to the first flood situation alarm information implication relation set, the front piece flood situation alarm information set also belongs to the second flood situation alarm information implication relation set, and if the front piece flood situation alarm information set belongs to the first flood situation alarm implication set, the front piece flood situation alarm information set also belongs to the second flood situation alarm information implication relation set;
if the front piece flood situation alarm information set is added to the rear piece in the second redundancy-free set, placing the front piece flood situation alarm information set and the rear piece into a second flood situation alarm information implication relation set;
if the rear part of the front part flood situation alarm information set in the second redundancy-free set is reduced and the rear part is empty, adding the front part flood situation alarm information set into a second flood situation alarm information content set;
if the rear part of the front part flood situation alarm information set in the second redundancy-free set is reduced and the rear part is not empty, recording the front part flood situation alarm information set as a first flood situation alarm information set, and putting the first flood situation alarm information set into a second flood situation alarm information implication relation set; then, a new set is obtained, wherein the new set comprises an implication formula that all front pieces on a second non-redundant set are single flood situation alarm information, the front pieces are further obtained from the new set to form a second flood situation alarm information set, and the flood situation alarm information set in the second flood situation alarm information set meets the following requirements: the first flood condition alarm information set comprises a front piece of the first flood condition alarm information set in the first redundancy-free set, a back piece of the first flood condition alarm information set in the first redundancy-free set is not included, and a back piece of the first flood condition alarm information set in the second redundancy-free set is included; combining the flood condition alarm information sets in the second flood condition alarm set and then putting the combined flood condition alarm information sets into a set to be added; and performing relevance judgment on the flood situation alarm information sets to be added into the sets, and for the flood situation alarm information sets meeting the relevance conditions, putting a second flood situation alarm information inclusion set if the back pieces in the second redundancy-free set are empty, and putting a second flood situation alarm information inclusion relation set if the back pieces are not empty.
Further, the flood condition alarm information comprises flood condition alarm information of the yellow river reach and flood condition alarm information of the flood condition monitoring equipment.
Further, after putting the front piece flood situation alarm information set and the newly added back piece into the second flood situation alarm information implication relation set, the method further comprises the following steps: finding out a front piece flood situation alarm information set which does not contain the newly added back piece from the first flood situation alarm information implication relation set and the first flood situation alarm information implication set, recording the front piece flood situation alarm information set as an alarm information set to be deleted, and deleting the alarm information set to be deleted from the first flood situation alarm information implication relation set and the first flood situation alarm information implication relation set.
Further, the roles comprise a management module and an internet of things device.
Further, the method further comprises: and determining a management module by a yellow river flood management group, and distributing management rights for the management module by root users of the yellow river flood warning system.
Further, the management module acquires basic knowledge for accessing the flood condition alarm information in a mode of exchanging and consulting with an expert.
Has the advantages that:
the method can well solve the problems of high redundancy and incompleteness of the dam bank monitoring access strategy established manually, and the provided modification mechanism can rapidly modify the wrong decision model, thereby improving the accuracy of the access control model when the role authority is modified.
Drawings
Fig. 1 is a schematic diagram of an access control method for monitoring the internet of things on the yellow river bank based on attribute exploration.
Detailed Description
To further illustrate the technical means and effects of the present invention adopted to achieve the predetermined invention purpose, the following detailed description, structure, features and effects of the method for monitoring the access control of the internet of things on the yellow river bank based on the attribute exploration, which is provided by the present invention, are provided in connection with the preferred embodiments. In the following description, different "one embodiment" or "another embodiment" refers to not necessarily the same embodiment. Furthermore, the particular features, structures, or characteristics may be combined in any suitable manner in one or more embodiments.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs.
According to the method, the access control model of the yellow river dam bank emergency warning system is constructed based on the flood situation alarm information exploration, the access control model can be quickly and accurately constructed for the whole yellow river flood situation Internet of things system, the access control mechanism can be dynamically adjusted according to the flood situation change, and the cost for manually maintaining the access control authority of the system is reduced to a certain extent. The management module applies for establishing a dam bank monitoring access strategy, and after the system receives the request, the system distributes an access authority establishment execution point for the management module. According to the flood situation alarm information exploration method, firstly, an empty dam bank monitoring access background is established, and flood situation alarm information is added to the object flood situation alarm information, the environment flood situation alarm information and the operation which need to be accessed by a user. And then searching the implication relation of the next flood situation alarm information needing inquiring the management module through an algorithm, repeatedly interacting with the management module to obtain the main flood situation alarm information and the operation of the main flood situation alarm information on the object flood situation alarm information under which environment flood situation alarm information. If the management module finds the early-stage building error in the building process, a modification request can be sent to the access authority building execution point at any time. The modification mechanism provided by the invention can rapidly modify the wrong decision model. And finally, after the management modules establish respective dam bank monitoring access strategy authority models, all the decisions can be fused to complete the establishment of the dam bank monitoring access strategy. As shown in fig. 1, the following description of an alarm system schematic diagram of the present invention, with reference to an embodiment, specifically describes an attribute exploration-based access control optimization method for a yellow river bank monitoring internet of things, where an administrator, i.e., a management module, obtains basic knowledge of access flood situation alarm information and an access control log in an interactive query manner, invokes a modification mechanism according to a modification request to modify an access control model, and finally obtains a final bank detection access policy through fusion.
The embodiment provides an attribute exploration-based access control optimization method for a yellow river bank monitoring internet of things, which comprises the following steps:
step 1, obtaining access control logs of each management module of the yellow river flood situation warning system, and processing access log control records to obtain flood situation warning information example data and a flood situation warning information set.
And determining a management module by a yellow river flood management group, and distributing management authority to the management module by a root user of the alarm system.
And acquiring an access control log for analysis. If the management module A successfully operates the flood condition data of the yellow river segment A in 8 months and 10 days, the system management module A has the authority to operate the flood condition data of the yellow river segment A, and the authority is marked as 1; if the management module A fails to operate the flood condition data of the yellow river segment B in 11 days in 8 months, recording that the management module A does not have the authority to operate the flood condition data of the yellow river segment B, and recording the authority as 0; if the yellow river segment A flood situation monitoring equipment 1 in the alarm system successfully accesses the data acquired by the yellow river segment A flood situation monitoring equipment 2 in 8 months and 10 days, the system records that the yellow river segment A flood situation monitoring equipment 1 has the right to access the yellow river segment A flood situation monitoring equipment 2, and the right is marked as 1; if the data collected by the yellow river segment A flood monitoring equipment 2 accessed by the yellow river segment A flood monitoring equipment 1 in the alarm system in 8, 10 days fails, the system records that the yellow river segment A flood monitoring equipment 1 does not have the authority to access the yellow river segment A flood monitoring equipment 2, and the authority is recorded as 0.
According to the analysis method, all the obtained access control log records are processed to obtain flood situation alarm information example Data0Simultaneously obtaining all flood situation alarm information sets M; flood situation alarm information example Data0The flood situation warning information data can be presented in a form of a table, and as shown in table 1, the example data of the flood situation warning information is shown. All flood situation alarm information M is (a, B, c, d, e, f, g, h, i), wherein a, B,. cndot, i respectively represent different flood situation alarm information, including flood situation alarm information of the yellow river A section, flood situation alarm information of the yellow river B section, flood situation alarm information of the yellow river A section monitoring device 1 and flood situation alarm information of the yellow river A section monitoring device 2.
TABLE 1
Figure BDA0003414192120000041
Figure BDA0003414192120000051
And 2, analyzing the non-redundant flood condition alarm information example data and the flood condition alarm information set, establishing a first non-redundant set of the access control example, and obtaining a first flood condition alarm information inclusion relation set and a first flood condition alarm information connotation set.
For non-redundant flood situation alarm information example Data based on flood situation alarm information exploration method0Analyzing all flood situation alarm information sets M to establish a first redundancy-free set K of the access control instanceS1Obtaining a first flood situation alarm information implication relation set J1Alarm by first flood conditionInformation connotation set C1And endowing the flood situation alarm information in the access control background to the user according to roles. Specifically, a first redundancy-free set of the access control instance is established first, the first redundancy-free set can be realized by a dam bank monitoring access background, and the dam bank monitoring access background has no redundant access control information. And then establishing a first flood situation alarm information relation set and a first flood situation alarm information connotation set according to the connotation relation and the connotation between the sets.
The concepts used in building the access control model are as follows:
(1) one dam bank monitoring access background K is composed of two sets U and M and a relation I between U and M, wherein an element of U is called an access main body, and an element of M is called flood situation alarm information. And (u, m) epsilon I or (uIm) shows that the access subject u can access the flood situation warning information m. We use
Figure BDA0003414192120000056
Or
Figure BDA0003414192120000052
And indicating that the access subject u cannot access the flood situation alarm information m. In the alarm system, U corresponds to an access party of the Internet of things equipment contained in the alarm system, M corresponds to an accessed party of the Internet of things equipment contained in the alarm system, and I corresponds to the relationship between the access party and the accessed party in the alarm system.
Let K be (U, M, I) a dam bank monitoring access background if
Figure BDA0003414192120000058
Order to
Figure BDA0003414192120000053
Figure BDA0003414192120000054
(2) If a, B satisfies f (a) ═ B, g (B) ═ a, we call the doublet (a, B) a concept. A is an extension of concept (A, B), and B is a connotation of concept (A, B).
(3) Let K be (U, M, I) a dam bank monitoring access background, Y1
Figure BDA0003414192120000059
If it is
Figure BDA00034141921200000510
Then it is called Y in K2The value depends on Y1Recorded as Y1->Y2Also known as intrinsic Y1->Y2This is true for K.
(4) Given dam bank monitoring access background K ═ U, M, I, implication set J (K), implication C->D ∈ J (K). Flood situation alarm information set
Figure BDA00034141921200000511
If and only if
Figure BDA0003414192120000057
Or
Figure BDA00034141921200000512
When it is called T and C->And D, correlating. If T is related to all implications in J (K), T is said to be related to J (K).
(5) Let K be (U, M, I) a dam bank monitoring access background, M be { M }1,m2···mnAnd (5) the flood situation alarm information in the M meets the basic linear sequence relation (M)1<m2<··<mn) For any Y1
Figure BDA00034141921200000515
If and only if m is presenti∈Y2-Y1And Y is1∩{m1,···,mi-1}=Y2∩{m1,···,mi-1When the flood situation is detected, a flood situation alarm information set Y is called1The dictionary sequence is less than the flood situation alarm information set Y2In the dictionary sequence of (1), denoted as Y1<Y2
(6) Monitoring access background to dam bank
Figure BDA0003414192120000055
Figure BDA00034141921200000513
Has P ≠ f (g (P)), and for each pseudo-connotation
Figure BDA00034141921200000514
And Q ≠ P, all have
Figure BDA0003414192120000069
We call P a pseudo-connotation.
(7) If it is
Figure BDA0003414192120000061
For a bank monitoring access background, the set of implications { P → f (g (P)) -P | P is a pseudo-implication of K }, called the primary basis of K.
(8) Is provided with
Figure BDA0003414192120000062
Is a dam bank monitoring access background,
Figure BDA0003414192120000064
is composed of
Figure BDA0003414192120000063
The implication type set of the above is that,
Figure BDA00034141921200000610
culvert type
Figure BDA0003414192120000066
If it is
Figure BDA0003414192120000065
Or
Figure BDA00034141921200000611
T is said to be associated with A → B. If T is equal to
Figure BDA0003414192120000068
All implications are related, then T is said to be
Figure BDA0003414192120000067
And (4) correlating.
If the management module finds the error in the process of establishing the access control strategy, the establishing execution point puts forward a modification request and modifies the request. The establishing errors of the invention include: and if the authority of the role is wrong, the flood situation alarm information which can be accessed by the role needs to be modified. For example, a role in the current access control model can access the first flood situation alarm information, but the first flood situation alarm information which can be accessed needs to be modified into the second flood situation alarm information if an error is found through inspection.
For the role r to be modified and the flood situation alarm information A corresponding to the role r1According to the determined first redundancy-free set K of access control instancesS1First flood situation alarm information implication relation set J1And a first flood situation alarm information connotation set C1Accessing a non-redundant set of control instances KS1Flood situation alarm information A in middle role r1Flood situation alarm information A modified to be input2Obtaining a second non-redundant set K of access control instancesS2. Then, calculating a first flood situation alarm information implication relation set J1And a first flood situation alarm information connotation set C1The front piece flood situation alarm information set in the second non-redundant set K of the access control exampleS2Rear part of (compare at K)S1The back piece of (d) whether there is an increase or decrease; if a certain flood situation alarm information set b exists1If the back part is not increased or reduced, the flood situation alarm information set b is set1Belongs to a first flood situation alarm information implication relation set J1And then also belongs to a second flood situation alarm information implication relation set J2If the flood situation alarm information set b1Belongs to a first flood situation alarm information connotation set C1And then belongs to a second flood situation alarm information connotation set C2. Preferably, the initialized second flood condition alarm information implication relation set and the second flood condition alarm information implication set are empty. If b is1Is not increased or decreased, then according to b1B, the inclusion relation between the first flood condition alarm information implication relation set and the inclusion relation of the first flood condition alarm information implication set1And putting the first flood condition alarm information implication relation set or the first flood condition alarm information implication set into the background part.
If a certain flood situation alarm information set b exists2If the number of the back pieces is increased, the flood situation alarm information set b is collected2Forming an implication formula with a back piece of the flood situation alarm information implication relation set J on the second non-redundant set2In (1). Further, a containment relation J can be collected in the flood situation alarm information1And flood situation alarm information connotation set C1In the method, a flood situation alarm information set with all front pieces not containing the newly added back pieces is found, and then a first flood situation alarm information implication relation set J is used1And a first flood situation alarm information connotation set C1And deleting the flood situation alarm information sets.
If a certain flood situation alarm information set b exists3If the rear part of the flood situation alarm information set is empty, putting the flood situation alarm information set into a new flood situation alarm information content set C2In (1).
If b is3Has a reduction in the back-part and is at KS2If the back part is not empty, the flood situation alarm information set b is collected3Putting a new flood situation alarm information implication relation set J2According to the modified access control instance, a non-redundant set KS2And calculating the implication formula of all the front pieces as single flood situation alarm information, and putting the implication formula into the newly-built set IMPs. Finding out all sets b containing the flood condition alarm information from the newly-built sets3At KS1Front piece in the flood situation warning information collection b is not contained3At KS1The back part in (1) and the set b containing the flood situation alarm information3At KS2The specific method for gathering the flood situation alarm information of the back part comprises the following steps: find new set IMThe precursor in Ps does not contain
Figure BDA0003414192120000071
And the union of the front part and the back part does not contain
Figure BDA0003414192120000072
And all the flood situation alarm information is collected. And the found flood situation alarm information sets are arranged and combined (at least one set is randomly selected according to a combination method to form a new set, so that 2 can be obtainedn-1 set), removing the repeatedly put flood situation alarm information and putting the set to be added. Carrying out relevance judgment on the flood situation alarm information set to be added into the set, putting a new flood situation alarm information content set C into the flood situation alarm information set meeting relevance conditions if the second redundancy-free set is empty2In, if at KS2Putting a new flood situation alarm information implication relation set J into the case that the back part is not empty2(ii) a Finally obtaining the non-redundancy collection K of the modified access control exampleS2New flood situation alarm information implication relation set J2And a new flood situation alarm information connotation set C2(ii) a Wherein the role r includes: a management module in the alarm system or an internet of things device. And (3) for the Internet of things equipment, sampling the same access control model establishing method and modification mechanism set as those in the step (2) to obtain the access control model of the Internet of things equipment.
Through the flood situation alarm information modification mechanism provided by the patent, a new flood situation alarm information implication relation set and a new flood situation alarm information implication set can be finally obtained, and therefore the access control relation of the whole alarm system can be obtained.
And 3, after the management modules establish respective dam bank monitoring access control models, the final establishment of a dam bank monitoring access strategy is completed through fusion. Namely, a plurality of access control models are fused according to implication relations to obtain a complete access control model. The dam bank monitoring access control model of each management module comprises a non-redundant set, a flood situation alarm information implication relation set and a flood situation alarm information implication set of the corresponding access control instance. And fusing the access control models of the management modules to obtain a final dam bank monitoring access strategy. And fusing the latest access control model of the management module during fusion.
It should be noted that: the precedence order of the above embodiments of the present invention is only for description, and does not represent the merits of the embodiments. And specific embodiments thereof have been described above. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.

Claims (8)

1. An attribute exploration-based access control optimization method for monitoring Internet of things on a yellow river bank is characterized by comprising the following steps:
acquiring access control logs of each management module of the yellow river flood condition warning system, and processing access log control records to obtain non-redundant flood condition warning information example data and all flood condition warning information sets;
analyzing the flood situation alarm information example data and all flood situation alarm information sets, establishing a first redundancy-free set of the access control example, and obtaining a first flood situation alarm information inclusion relation set and a first flood situation alarm information connotation set; if the management module finds that the building is wrong in the process of building the dam bank monitoring access control model, an execution point is built to provide a modification request and modify the modification request;
and after the management modules establish respective dam bank monitoring access control models, the final establishment of a dam bank monitoring access strategy is completed through fusion.
2. The method for optimizing access control of the monitoring internet of things on the yellow river bank based on attribute exploration according to claim 1, wherein the modifying comprises:
acquiring a role to be modified and flood condition alarm information to be modified corresponding to the role to be modified; modifying the flood condition alarm information of the role to be modified in the first redundancy-free set into input flood condition alarm information to obtain a second redundancy-free set of the access control example, and initializing a second flood condition alarm information implication relation set and a second flood condition alarm information implication set;
calculating whether the number of the back pieces of the front piece flood condition alarm information sets in the first flood condition alarm information implication relation set and the first flood condition alarm information implication set in the second redundancy-free set is increased or decreased compared with the number of the back pieces in the first redundancy-free set;
and updating the second flood situation alarm information implication relation set and the second flood situation alarm information implication set according to the calculation result of whether the number of the second flood situation alarm information is increased or decreased.
3. The method for optimizing the access control of the internet of things for monitoring the yellow river bank based on the attribute exploration, according to the judgment result of whether the content is increased or decreased, as claimed in claim 1, wherein the updating of the inclusion relation set of the second flood situation alarm information and the inclusion set of the second flood situation alarm information comprises:
if the front piece flood situation alarm information set is not increased or reduced in the rear piece in the second non-redundant set, if the front piece flood situation alarm information set belongs to the first flood situation alarm information implication relation set, the front piece flood situation alarm information set also belongs to the second flood situation alarm information implication relation set, and if the front piece flood situation alarm information set belongs to the first flood situation alarm implication set, the front piece flood situation alarm information set also belongs to the second flood situation alarm information implication relation set;
if the front piece flood situation alarm information set is added to the rear piece in the second redundancy-free set, placing the front piece flood situation alarm information set and the rear piece into a second flood situation alarm information implication relation set;
if the number of the front piece flood situation alarm information sets in the second redundancy-free set is reduced and the rear pieces are empty, adding the front piece flood situation alarm information sets into a second flood situation alarm information connotation set;
if the number of the front piece flood situation alarm information sets in the second redundancy-free set is reduced and the rear pieces are not empty, recording the front piece flood situation alarm information sets as first flood situation alarm information sets, and putting the first flood situation alarm information sets into a second flood situation alarm information implication relation set; then, a new set is obtained, wherein the new set comprises an implication formula that all front pieces on a second non-redundant set are single flood situation alarm information, the front pieces are further obtained from the new set to form a second flood situation alarm information set, and the flood situation alarm information set in the second flood situation alarm information set meets the following requirements: the first flood condition alarm information set comprises a front piece of the first flood condition alarm information set in the first redundancy-free set, a back piece of the first flood condition alarm information set in the first redundancy-free set is not included, and a back piece of the first flood condition alarm information set in the second redundancy-free set is included; combining the flood condition alarm information sets in the second flood condition alarm set and then putting the combined flood condition alarm information sets into a set to be added; and performing relevance judgment on the flood situation alarm information sets to be added into the sets, and for the flood situation alarm information sets meeting the relevance conditions, putting a second flood situation alarm information inclusion set if the back pieces in the second redundancy-free set are empty, and putting a second flood situation alarm information inclusion relation set if the back pieces are not empty.
4. The method for optimizing the access control of the internet of things for monitoring the yellow river bank based on the attribute exploration, according to claim 1, wherein the step of placing the front piece of flood condition alarm information set and the back piece of flood condition alarm information into the second flood condition alarm information implication relationship set further comprises the steps of: finding out a front piece flood situation alarm information set which does not contain the newly added back piece from the first flood situation alarm information implication relation set and the first flood situation alarm information implication set, recording the front piece flood situation alarm information set as an alarm information set to be deleted, and deleting the alarm information set to be deleted from the first flood situation alarm information implication relation set and the first flood situation alarm information implication relation set.
5. The property exploration-based access control optimization method for the Internet of things for monitoring the yellow river banks as claimed in claim 1, wherein the flood situation alarm information comprises flood situation alarm information of yellow river reach and flood situation alarm information of flood situation monitoring equipment.
6. The method for optimizing access control of the internet of things for monitoring the yellow river bank based on the attribute exploration as claimed in claim 3, wherein the roles comprise a management module and internet of things equipment.
7. The method for optimizing access control of the internet of things for monitoring the yellow river bank based on attribute exploration according to claim 1, wherein the method further comprises the following steps: and determining a management module by a yellow river flood management group, and distributing management rights for the management module by root users of the yellow river flood warning system.
8. The property exploration-based access control optimization method for the Internet of things for monitoring the yellow river bank is characterized in that the management module obtains basic knowledge of the access flood situation alarm information in a mode of exchanging and consulting with experts.
CN202111541089.9A 2021-12-16 2021-12-16 Yellow river dam bank monitoring Internet of things access control optimization method based on attribute exploration Active CN114448659B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111541089.9A CN114448659B (en) 2021-12-16 2021-12-16 Yellow river dam bank monitoring Internet of things access control optimization method based on attribute exploration

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111541089.9A CN114448659B (en) 2021-12-16 2021-12-16 Yellow river dam bank monitoring Internet of things access control optimization method based on attribute exploration

Publications (2)

Publication Number Publication Date
CN114448659A true CN114448659A (en) 2022-05-06
CN114448659B CN114448659B (en) 2022-10-11

Family

ID=81362995

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111541089.9A Active CN114448659B (en) 2021-12-16 2021-12-16 Yellow river dam bank monitoring Internet of things access control optimization method based on attribute exploration

Country Status (1)

Country Link
CN (1) CN114448659B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114268649A (en) * 2021-12-21 2022-04-01 河南大学 RBAC permission modification method facing to Internet of things

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106529323A (en) * 2016-01-21 2017-03-22 华南师范大学 Multilevel security model access control data fusion method
CN106940765A (en) * 2017-02-15 2017-07-11 江苏大学 A kind of access rights dynamic control method
CN108765878A (en) * 2018-06-05 2018-11-06 安徽赛洋信息科技开发咨询有限公司 A kind of rural area flood control forecasting and warning system based on Internet of Things cloud platform
CN109831327A (en) * 2019-01-28 2019-05-31 国家电网有限公司信息通信分公司 IMS full service network based on big data analysis monitors intelligent operation support system
CN110135722A (en) * 2019-05-09 2019-08-16 苏州嘉奕晟中小企业科技咨询有限公司 Smart city flood processing system based on geographical integrated information
CN111783043A (en) * 2020-07-06 2020-10-16 河南大学 Multi-department collaborative interactive RBAC role construction method based on attribute exploration
CN111818059A (en) * 2020-07-09 2020-10-23 公安部第三研究所 Automatic construction system and method for access control strategy of high-level information system
CN111967034A (en) * 2020-08-30 2020-11-20 河南大学 RBAC role fault tolerance auxiliary construction method based on attribute exploration
CN113472729A (en) * 2020-03-31 2021-10-01 瞻博网络公司 Role-based access control policy automatic generation

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106529323A (en) * 2016-01-21 2017-03-22 华南师范大学 Multilevel security model access control data fusion method
CN106940765A (en) * 2017-02-15 2017-07-11 江苏大学 A kind of access rights dynamic control method
CN108765878A (en) * 2018-06-05 2018-11-06 安徽赛洋信息科技开发咨询有限公司 A kind of rural area flood control forecasting and warning system based on Internet of Things cloud platform
CN109831327A (en) * 2019-01-28 2019-05-31 国家电网有限公司信息通信分公司 IMS full service network based on big data analysis monitors intelligent operation support system
CN110135722A (en) * 2019-05-09 2019-08-16 苏州嘉奕晟中小企业科技咨询有限公司 Smart city flood processing system based on geographical integrated information
CN113472729A (en) * 2020-03-31 2021-10-01 瞻博网络公司 Role-based access control policy automatic generation
CN111783043A (en) * 2020-07-06 2020-10-16 河南大学 Multi-department collaborative interactive RBAC role construction method based on attribute exploration
CN111818059A (en) * 2020-07-09 2020-10-23 公安部第三研究所 Automatic construction system and method for access control strategy of high-level information system
CN111967034A (en) * 2020-08-30 2020-11-20 河南大学 RBAC role fault tolerance auxiliary construction method based on attribute exploration

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114268649A (en) * 2021-12-21 2022-04-01 河南大学 RBAC permission modification method facing to Internet of things

Also Published As

Publication number Publication date
CN114448659B (en) 2022-10-11

Similar Documents

Publication Publication Date Title
US10671315B2 (en) Blockchain architecture for selective data restore and migration
US10545945B2 (en) Change monitoring spanning graph queries
CN109842628A (en) A kind of anomaly detection method and device
CN112650762B (en) Data quality monitoring method and device, electronic equipment and storage medium
US10417103B2 (en) Fault-tolerant methods, systems and architectures for data storage, retrieval and distribution
US8626835B1 (en) Social identity clustering
Fu et al. Digging deeper into cluster system logs for failure prediction and root cause diagnosis
CN103562851A (en) Data perturbation and anonymization using one-way hash
CN105556552A (en) Fraud detection and analysis
CN102272736B (en) Improving scale between consumer systems and producer systems of resource monitoring data
CN114598539B (en) Root cause positioning method and device, storage medium and electronic equipment
CN110136040A (en) A kind of long informatization management method processed in river and system
CN111581056B (en) Software engineering database maintenance and early warning system based on artificial intelligence
CN115378988B (en) Data access abnormity detection and control method and device based on knowledge graph
CN114448659B (en) Yellow river dam bank monitoring Internet of things access control optimization method based on attribute exploration
Jia et al. Se-chain: A scalable storage and efficient retrieval model for blockchain
KR20180089479A (en) User data sharing method and device
CN117971799B (en) Data development platform and data development method
CN114662157B (en) Block compressed sensing indistinguishable protection method and device for social text data stream
CN117743466A (en) Cross-platform database synchronization method
CN113590700A (en) Big data management method and system
CN107145599A (en) A kind of big data asset management system
CN111915210A (en) Trust management method in distributed Internet of things based on block chain
US20190347354A1 (en) System for mitigating intentional and unintentional exposure using solution data modelling
Xi et al. SHAP: suppressing the detection of inconsistency hazards by pattern learning

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant