CN114726639A - Automatic arrangement method and system for access control strategy - Google Patents
Automatic arrangement method and system for access control strategy Download PDFInfo
- Publication number
- CN114726639A CN114726639A CN202210434258.7A CN202210434258A CN114726639A CN 114726639 A CN114726639 A CN 114726639A CN 202210434258 A CN202210434258 A CN 202210434258A CN 114726639 A CN114726639 A CN 114726639A
- Authority
- CN
- China
- Prior art keywords
- strategy
- access control
- control strategy
- module
- request data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses an automatic arrangement method and system of an access control strategy, which effectively solve the problems of the prior access control method that the resource authorization range is expanded and the security risk is gradually increased due to excessive participation of administrators. The automatic arrangement method is applied to an automatic arrangement system, the automatic arrangement system comprises an information acquisition module, a strategy judgment module, a strategy management module and a strategy execution module, the information acquisition module transmits acquired request data information of nodes to the strategy judgment module, the strategy judgment module judges the request data information, the strategy management module generates an access control strategy according to the request data information and the existing access control strategy contained in the strategy management module and stores and changes the access control strategy, and the strategy execution module executes the access control strategy according to the judgment result of the strategy judgment module or the access control strategy generated by the strategy management module, so that the safety risk is reduced.
Description
Technical Field
The invention relates to the field of network security, in particular to an automatic arrangement method and system of an access control strategy.
Background
The access control is the main core strategy for network security prevention and protection, and the essence of the access control is that a subject restricts and limits resource access to determine whether the subject can perform related operations on an object, so that the access control is an important technology for ensuring information security, can reasonably limit the access of different users to key resources, prevents the invasion of illegal users and the damage caused by the careless operation of legal users, and is one of the most basic and the most critical security services in a network environment. The access control mainly comprises three aspects of a subject, an object and an access control strategy, wherein the subject is an initiator of access and causes information flow and system state change, and generally refers to a user, equipment, a process and the like; the object is a passive entity for requesting and receiving information, and includes operated information, resources, objects and the like, and generally includes files, devices, nodes and the like; the access control strategy is a set of access control security rules, restricts the operation range and operation authority of a subject on an object, and determines whether the subject has the right to perform related access operation on the object.
There are currently 3 different types of access control technologies in theory, depending on the access control policy: autonomous access control (DAC), Mandatory Access Control (MAC), Role Based Access Control (RBAC). Wherein a role-based access control RBAC assigns permissions to roles, wherein a role is a collection of a set of permissions and a role can be assigned to a user, when a user indirectly gets the permissions owned by a role by being granted one or more roles, the policy greatly simplifies the management of permissions since roles have a higher stability than users.
However, because the current network environment is complex and diverse, under the condition of less informatization object resources, a manager or an auditor can still manually configure and check the access control authority one by one, but with the increase of the number of the object and subject resources and the complication of the access relation, the configuration and the check of the access control authority not only need to consume great time and energy of the manager, but also can cause the problems of expansion of the resource authorization range, gradual increase of the security risk and the like.
The present invention therefore provides a new solution to this problem.
Disclosure of Invention
Aiming at the defects in the prior art, the invention aims to provide an automatic arrangement method and system of an access control strategy, which effectively solve the problems that the original access control method needs too much administrator to participate, so that the resource authorization range is expanded, the security risk is gradually increased, and the like.
The technical scheme includes that the automatic arrangement method is applied to an automatic arrangement system, the automatic arrangement system comprises an information acquisition module, a strategy judgment module, a strategy management module and a strategy execution module, the information acquisition module transmits acquired request data information of nodes to the strategy judgment module, the strategy judgment module judges the request data information, the strategy management module generates an access control strategy according to the request data information and an existing access control strategy contained in the strategy management module, the access control strategy is stored and changed, and the strategy execution module executes the access control strategy according to the judgment result of the strategy judgment module or the access control strategy generated by the strategy management module.
Further, the automatic arrangement method specifically includes the following steps:
s1, the manager configures the strategy of the automatic arranging system through the strategy managing module, and the configuration information is stored in the access control strategy library of the strategy managing module;
s2, the information acquisition module periodically acquires the request data information of the node;
s3, the strategy judgment module extracts the request data information collected in the step S2;
s4, the strategy judgment module compares the existing access control strategies in the access strategy library according to the extracted request data information to see whether a strategy meeting the authority requirement exists, if yes, the strategy is taken as the access control strategy and is switched to the step S6, otherwise, the strategy is switched to the step S5;
s5, searching an access control strategy containing the minimum request data information in an access control strategy library by adopting a greedy algorithm according to the minimum authority principle, generating a new access control strategy on the basis of the access control strategy containing the minimum request data information, and adding the new access control strategy into the access control strategy library;
and S6, the strategy executing module executes the access control strategy according to the priority of the access control strategy.
Further, the step S5 includes the following specific steps:
y1, traversing all access control strategies in all access control strategy libraries, and calculating the matching degree beta of all strategies and the permission set Rps contained in the request data information extracted from the request data information by using a formula (1);
y2, removing all strategies with the matching degree beta of 0, and taking all strategies with the matching degree beta of not 0 and containing the authority set Rps as a strategy set RCC;
y3, arranging the strategies in the strategy set RCC according to the descending order of the matching degree beta, and selecting the strategy with the highest matching degree beta as an access control strategy MMP;
y4, adding the access control policy MMP as a new access control policy to the access control policy repository.
Further, the formula of the matching degree β is:
β=β1*β2*...*βi (1);
wherein beta isiThe matching degree of the ith item of the various safety information related to the request data information and the safety information corresponding to the existing access control strategy, the product of the matching degrees of all the items obtains the final matching degree beta, S is various safety information sets related to the request data information, T is the authority contained in the existing access control strategy, SiFor requesting the i-th security information to which the data information relates, TiFor accessing the ith item of security information of the existing access control strategy, beta is more than or equal to 0 and less than or equal to 1, 0 represents that the ith item of security information is completely unmatched with the existing access control strategy, 1 represents that the ith item of security information is completely matched with the existing access control strategy, the larger the beta value is, the higher the matching degree is, and if the matching degree beta is more than or equal to a preset threshold value, a standard XACML file is generated according to the found access control strategy, and meanwhile, the access control strategy and the matching degree thereof are stored in an access control strategy library.
The invention realizes the following beneficial effects:
the access control strategy automatic arrangement method provided by the invention is combined with an automatic arrangement system, follows the minimum authority principle, improves the configuration compliance of the access control strategy, reduces the strategy audit cost, realizes that the existing strategy with the highest matching degree is found as the access control strategy under the condition that the request authority strategy is not met, greatly shortens the examination and operation time of strategy judgment of managers, reduces the safety problems of overlarge manual authorization range and the like, improves the configuration and operation efficiency of access control strategy managers, reduces the problems of manual configuration errors and the like by taking the existing strategy with the highest matching degree as the access control strategy, and improves the maintainability and the robustness of an access control strategy library.
Drawings
FIG. 1 is a schematic model diagram of an automatic layout system according to the present invention.
FIG. 2 is a flow chart of an automatic layout method according to the present invention.
Detailed Description
The foregoing and other technical and functional aspects of the present invention will be apparent from the following detailed description of the embodiments, which proceeds with reference to the accompanying figures 1-2. The structural contents mentioned in the following embodiments are all referred to the attached drawings of the specification.
Exemplary embodiments of the present invention will be described below with reference to the accompanying drawings.
An access control strategy automatic arrangement method is applied to an automatic arrangement system, the automatic arrangement system comprises an information acquisition module, a strategy judgment module, a strategy management module and a strategy execution module, the information acquisition module transmits acquired request data information of nodes to the strategy judgment module, the strategy judgment module judges the request data information, the strategy management module generates an access control strategy according to the request data information and the existing access control strategy contained in the strategy management module and stores and changes the access control strategy, and the strategy execution module executes the access control strategy according to the judgment result of the strategy judgment module or the access control strategy generated by the strategy management module.
The automatic arrangement method specifically comprises the following steps:
s1, the manager configures the strategy of the automatic arranging system through the strategy managing module, the configuration information is stored in the access control strategy base of the strategy managing module;
s2, the information acquisition module periodically acquires the request data information of the node;
s3, the strategy judgment module extracts the request data information collected in the step S2;
s4, the strategy judgment module compares the existing access control strategies in the access strategy library according to the extracted request data information to see whether a strategy meeting the authority requirement exists, if yes, the strategy is taken as the access control strategy and is switched to the step S6, otherwise, the strategy is switched to the step S5;
s5, searching an access control strategy containing the minimum request data information in an access control strategy library by adopting a greedy algorithm according to the minimum authority principle, generating a new access control strategy on the basis of the access control strategy containing the minimum request data information, and adding the new access control strategy into the access control strategy library;
and S6, the strategy executing module executes the access control strategy according to the priority of the access control strategy.
The access control policy in said steps S5, S6 is XACML format;
the nodes in the step S2 adopt a network topology structure, and the acquisition period of the information acquisition module is adjusted by factors such as the load of the nodes and the actual access requirement;
the request data information in step S3 refers to subject security information and object security information, where the subject security information includes an IP address for accessing the subject, a port number for accessing the subject, a protocol for accessing the subject, a currently logged-in user role, a service authority requested by the user, and the like, and the object security information is used to record object resource information, and mainly includes an IP address of a host where the object is located, a port number for opening services for the object, and the like.
The step S5 includes the following specific steps:
y1, traversing all access control strategies in all access control strategy libraries, and calculating the matching degree beta of all strategies and the permission set Rps contained in the request data information extracted from the request data information by using a formula (1);
y2, removing all strategies with the matching degrees beta of 0, and taking all strategies with the matching degrees beta of not 0 and containing the permission set Rps as a strategy set RCC;
y3, arranging the strategies in the strategy set RCC according to the descending order of the matching degree beta, and selecting the strategy with the highest matching degree beta as an access control strategy MMP;
y4, adding the access control policy MMP as a new access control policy to the access control policy repository.
The strategy judgment module extracts subject safety information and object safety information by using the request data information acquired by the information acquisition module, detects a strategy meeting the request data information from the access control strategy library, transmits the strategy as an access control strategy to the strategy execution module for execution, calculates the matching degree of the request data information and the existing access control strategy if the strategy meeting the request data information cannot be detected, and step S5 searches the access control strategy with the closest matching degree beta in the access control strategy library by adopting a greedy algorithm based on the minimum authority principle and generates a new access control strategy, wherein the matching degree beta formula is as follows:
β=β1*β2*...*βi (1);
wherein, betaiThe matching degree of the ith item of the various safety information related to the request data information and the safety information corresponding to the existing access control strategy, the product of the matching degrees of all the items obtains the final matching degree beta, S is various safety information sets related to the request data information, T is the authority contained in the existing access control strategy, SiFor requesting the ith security information, T, involved in the data informationiIn order to access the ith item of security information of the existing access control strategy, 0 ≦ β ≦ 1, where 0 represents that the access control strategy is completely unmatched with the existing access control strategy, 1 represents that the access control strategy is completely matched with the existing access control strategy, the larger the β value is, the higher the matching degree is, and if the matching degree β is greater than or equal to a preset threshold value, where the preset threshold value may be dynamically adjusted according to an actual situation, a standard XACML file is generated according to the found access control strategy, and the access control strategy and the matching degree thereof are stored in an access control strategy library.
And the calculation modes of the matching degree beta on different types of authorities are different, and the specific calculation mode is as follows:
x1, | S for IP address classi∩TiThe | calculation is prefix _1 (S)i&Ti) I.e. SiAnd TiPerforming logical AND operation according to bit positions, counting the number of continuous 1 from the highest bit to the lowest bit, | SiI and I TiI is the length of the IP address under binary representation;
x2, | S for Port classiI and I TiI is the number of ports involved, | Si∩TiL is SiAnd TiThe number of identical items;
x3, | S for service classiI and I TiI is the number of services involved, | Si∩TiL is SiAnd TiThe number of identical items.
The strategy judgment module is the core of the whole system and mainly comprises a Request class, a Role class and a Handle class, wherein the Request class is responsible for extracting main body safety information and used for storing information such as Request data information authority, the Role class is used for packaging strategy information in an access control strategy library and comprises a strategy name, strategy authority and the like, the Handle class is used for comparing the information such as the authority in the Request class and the authority in the Role class to generate a matching degree beta, and judging whether access is allowed or denied according to the matching degree beta so as to execute corresponding operation.
The strategy executing module processes the request data information according to the judgment condition of the strategy judging module or the access control strategy in the strategy management module, allows or rejects access, the strategy management module executes the received access control strategy according to the strategy priority, records necessary information for generating a report for the analysis and judgment of management personnel, and the strategy executing module executes the access control strategy according to the priority of the access control strategy.
In the actual using process, the automatic arranging method is applied to an automatic arranging system, the automatic arranging system comprises an information acquisition module, a strategy judgment module, a strategy management module and a strategy execution module, the information acquisition module transmits acquired request data information of nodes to the strategy judgment module, the strategy judgment module judges the request data information, the strategy management module generates an access control strategy according to the request data information and the existing access control strategy contained in the strategy management module and stores and changes the access control strategy, the strategy execution module executes the access control strategy according to the judgment result of the strategy judgment module or the access control strategy generated by the strategy management module, and the set automatic arranging method schedules the information acquisition module, the strategy judgment module, the strategy management module and the strategy execution module of the automatic arranging system, and finally, outputting a corresponding access control strategy for the requested data information and executing.
The invention realizes the following beneficial effects:
the access control strategy automatic arrangement method provided by the invention is combined with an automatic arrangement system, follows the minimum authority principle, improves the configuration compliance of the access control strategy, reduces the strategy audit cost, realizes that the existing strategy with the highest matching degree is found to be used as the access control strategy under the condition that the request authority strategy is not met, greatly shortens the examination and operation time of strategy judgment of managers, reduces the safety problems such as overlarge artificial authorization range and the like, improves the configuration and operation efficiency of access control strategy managers, reduces the problems of artificial configuration errors and the like by using the existing strategy with the highest matching degree as the access control strategy, and improves the maintainability and the robustness of an access control strategy library.
Claims (4)
1. The automatic arrangement method is characterized in that the automatic arrangement method is applied to an automatic arrangement system, the automatic arrangement system comprises an information acquisition module, a strategy judgment module, a strategy management module and a strategy execution module, the information acquisition module transmits acquired request data information of nodes to the strategy judgment module, the strategy judgment module judges the request data information, the strategy management module generates an access control strategy according to the request data information and the existing access control strategy contained in the strategy management module, stores and changes the access control strategy, and the strategy execution module executes the access control strategy according to the judgment result of the strategy judgment module or the access control strategy generated by the strategy management module.
2. The method according to claim 1, wherein the method specifically comprises the following steps:
s1, the manager configures the strategy of the automatic arranging system through the strategy managing module, and the configuration information is stored in the access control strategy library of the strategy managing module;
s2, the information acquisition module periodically acquires the request data information of the node;
s3, the strategy judgment module extracts the request data information collected in the step S2;
s4, the strategy judgment module compares the existing access control strategies in the access strategy library according to the extracted request data information to see whether a strategy meeting the authority requirement exists, if yes, the strategy is taken as the access control strategy and is switched to the step S6, otherwise, the strategy is switched to the step S5;
s5, searching an access control strategy containing the minimum request data information in an access control strategy library by adopting a greedy algorithm according to the minimum authority principle, generating a new access control strategy on the basis of the access control strategy containing the minimum request data information, and adding the new access control strategy into the access control strategy library;
and S6, the strategy executing module executes the access control strategy according to the priority of the access control strategy.
3. The method for automatically orchestrating access control policies according to claim 1, wherein step S5 comprises the following specific steps:
y1, traversing all access control strategies in all access control strategy libraries, and calculating the matching degree beta of all strategies and the permission set Rps contained in the request data information extracted from the request data information by using a formula (1);
y2, removing all strategies with the matching degree beta of 0, and taking all strategies with the matching degree beta of not 0 and containing the authority set Rps as a strategy set RCC;
y3, arranging the strategies in the strategy set RCC according to the descending order of the matching degree beta, and selecting the strategy with the highest matching degree beta as an access control strategy MMP;
y4, adding the access control policy MMP as a new access control policy to the access control policy repository.
4. The method according to claim 3, wherein the matching degree β is expressed by the following formula:
β=β1*β2*...*βi (1);
wherein, betaiThe matching degree of the ith item of the safety information corresponding to various safety information related to the request data information and the existing access control strategy is multiplied by the matching degree of all items to obtain the final matching degree beta, S is various safety information sets related to the request data information, T is the authority contained in the existing access control strategy, SiFor requesting the i-th security information to which the data information relates, TiIn order to access the ith item of security information of the existing access control strategy, 0 is less than or equal to beta is less than or equal to 1, 0 represents that the ith item of security information is not matched with the existing access control strategy completely, 1 represents that the ith item of security information is matched with the existing access control strategy completely, the larger the beta value is, the higher the matching degree is, and if the matching degree beta is greater than or equal to a preset threshold value, a standard XACML file is generated according to the found access control strategy, and the access control strategy and the matching degree thereof are stored in an access control strategy library.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210434258.7A CN114726639B (en) | 2022-04-24 | 2022-04-24 | Automatic arrangement method and system for access control policy |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210434258.7A CN114726639B (en) | 2022-04-24 | 2022-04-24 | Automatic arrangement method and system for access control policy |
Publications (2)
Publication Number | Publication Date |
---|---|
CN114726639A true CN114726639A (en) | 2022-07-08 |
CN114726639B CN114726639B (en) | 2023-08-22 |
Family
ID=82245547
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210434258.7A Active CN114726639B (en) | 2022-04-24 | 2022-04-24 | Automatic arrangement method and system for access control policy |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114726639B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116132198A (en) * | 2023-04-07 | 2023-05-16 | 杭州海康威视数字技术股份有限公司 | Internet of things privacy behavior sensing method and device based on lightweight context semantics |
CN116760640A (en) * | 2023-08-18 | 2023-09-15 | 建信金融科技有限责任公司 | Access control method, device, equipment and storage medium |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110321117A1 (en) * | 2010-06-23 | 2011-12-29 | Itt Manufacturing Enterprises, Inc. | Policy Creation Using Dynamic Access Controls |
US20130263214A1 (en) * | 2010-12-24 | 2013-10-03 | Nec Corporation | Communication system, control apparatus, policy management apparatus, communication method, and program |
CN108123936A (en) * | 2017-12-13 | 2018-06-05 | 北京科技大学 | A kind of access control method and system based on block chain technology |
CN110020525A (en) * | 2019-03-05 | 2019-07-16 | 平安科技(深圳)有限公司 | Authority configuring method, device, computer equipment and the storage medium of Kubernetes platform |
CN111818059A (en) * | 2020-07-09 | 2020-10-23 | 公安部第三研究所 | Automatic construction system and method for access control strategy of high-level information system |
CN112101452A (en) * | 2020-09-14 | 2020-12-18 | 中国人民解放军战略支援部队信息工程大学 | Access right control method and device |
CN112187799A (en) * | 2020-09-28 | 2021-01-05 | 京东数字科技控股股份有限公司 | Resource access policy generation method and device, storage medium and electronic equipment |
CN112565453A (en) * | 2020-12-22 | 2021-03-26 | 内蒙古大学 | Block chain access control strategy model and strategy protection scheme under Internet of things |
-
2022
- 2022-04-24 CN CN202210434258.7A patent/CN114726639B/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110321117A1 (en) * | 2010-06-23 | 2011-12-29 | Itt Manufacturing Enterprises, Inc. | Policy Creation Using Dynamic Access Controls |
US20130263214A1 (en) * | 2010-12-24 | 2013-10-03 | Nec Corporation | Communication system, control apparatus, policy management apparatus, communication method, and program |
CN108123936A (en) * | 2017-12-13 | 2018-06-05 | 北京科技大学 | A kind of access control method and system based on block chain technology |
CN110020525A (en) * | 2019-03-05 | 2019-07-16 | 平安科技(深圳)有限公司 | Authority configuring method, device, computer equipment and the storage medium of Kubernetes platform |
CN111818059A (en) * | 2020-07-09 | 2020-10-23 | 公安部第三研究所 | Automatic construction system and method for access control strategy of high-level information system |
CN112101452A (en) * | 2020-09-14 | 2020-12-18 | 中国人民解放军战略支援部队信息工程大学 | Access right control method and device |
CN112187799A (en) * | 2020-09-28 | 2021-01-05 | 京东数字科技控股股份有限公司 | Resource access policy generation method and device, storage medium and electronic equipment |
CN112565453A (en) * | 2020-12-22 | 2021-03-26 | 内蒙古大学 | Block chain access control strategy model and strategy protection scheme under Internet of things |
Non-Patent Citations (1)
Title |
---|
程剑豪;蒋兴浩;孙锬锋;周晓军;: "基于多元判决的动态访问控制架构的研究", 信息安全与通信保密, no. 04 * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116132198A (en) * | 2023-04-07 | 2023-05-16 | 杭州海康威视数字技术股份有限公司 | Internet of things privacy behavior sensing method and device based on lightweight context semantics |
CN116760640A (en) * | 2023-08-18 | 2023-09-15 | 建信金融科技有限责任公司 | Access control method, device, equipment and storage medium |
CN116760640B (en) * | 2023-08-18 | 2023-11-03 | 建信金融科技有限责任公司 | Access control method, device, equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN114726639B (en) | 2023-08-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN114726639A (en) | Automatic arrangement method and system for access control strategy | |
US6957261B2 (en) | Resource policy management using a centralized policy data structure | |
JP4490083B2 (en) | Method for grouping technical devices that are nodes of a network and apparatus for communication between technical devices that are nodes of a network | |
Feng et al. | A consortium blockchain-based access control framework with dynamic orderer node selection for 5G-enabled industrial IoT | |
US7890640B2 (en) | Access control in client-server systems | |
Barka et al. | Securing the web of things with role-based access control | |
WO2016169324A1 (en) | Access management method for cloud computing data centre and cloud computing data centre | |
CN101512510A (en) | Method and system for providing network management based on defining and applying network administrative intents | |
JP2000047924A (en) | System and method for restricting database access to managed object information using permission table that specifies access right corresponding to user access right to managed object | |
WO2015192892A1 (en) | Efficient access control for trigger events in sdn | |
US20210344723A1 (en) | Distributed network application security policy generation and enforcement for microsegmentation | |
US20060259955A1 (en) | Attribute-based allocation of resources to security domains | |
US20060064387A1 (en) | Systems and methods for software licensing | |
CN116089970A (en) | Power distribution operation and maintenance user dynamic access control system and method based on identity management | |
US7885976B2 (en) | Identification, notification, and control of data access quantity and patterns | |
EP2831786A1 (en) | Authorization cache | |
KR101213287B1 (en) | Building energy integration management apparatus and building energy integration management method | |
CA2683422A1 (en) | Networking computers access control system and method | |
Kalaria et al. | Adaptive context-aware access control for IoT environments leveraging fog computing | |
JP2004110806A (en) | Information filtering device, information filtering method, method execution program and program storage medium | |
Batra et al. | Autonomous multilevel policy based security configuration in distributed database | |
KR100657353B1 (en) | Security system and method for supporting a variety of access control policies, and recordable medium thereof | |
Arora et al. | Dynamic trust emergency role-based access control (DTE–RBAC) | |
Tyagi et al. | Low-Energy Decentralized Context-aware Access Control in Internet of Things | |
Zhang et al. | Data security dynamic access control framework based on zero-trust |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |