CN116527317A

CN116527317A - Access control method, system and electronic equipment

Info

Publication number: CN116527317A
Application number: CN202310317009.4A
Authority: CN
Inventors: 谢绒娜; 史国振; 李苏浙; 董秀则; 娄嘉鹏; 李莉; 谭莉
Original assignee: BEIJING ELECTRONIC SCIENCE AND TECHNOLOGY INSTITUTE
Current assignee: BEIJING ELECTRONIC SCIENCE AND TECHNOLOGY INSTITUTE
Priority date: 2023-03-24
Filing date: 2023-03-24
Publication date: 2023-08-01

Abstract

The embodiment of the invention provides an access control method, an access control system and electronic equipment, wherein the method comprises the following steps: acquiring an access control request based on the attribute; determining an access policy evaluation result according to the access control request based on the attribute and a preset access policy; the access policy comprises a corresponding relation between attribute information and an access policy evaluation result; determining the access risk level of the access control request according to the target feature information corresponding to the access control request; the target characteristic information includes at least one of: subject target trust value, historical access data, environmental attributes, and access request operations; and generating an access control evaluation result according to the access strategy evaluation result and the access risk level. The method of the embodiment of the invention effectively improves the accuracy and the effectiveness of the access control and greatly reduces the leakage risk.

Description

Access control method, system and electronic equipment

Technical Field

The present invention relates to the field of information security technologies, and in particular, to an access control method, an access control system, and an electronic device.

Background

With the continuous development and popularization of information technology, people have higher and higher dependence on information systems, and meanwhile, the safety of the information systems has become an increasingly prominent problem.

In the related art, an attacker performs abnormal access to an information system through a network protection vulnerability, thereby causing security threat to the information system. Therefore, how to effectively perform access control and improve system security is a technical problem that needs to be solved by those skilled in the art.

Disclosure of Invention

Aiming at the problems in the prior art, the embodiment of the invention provides an access control method, an access control system and electronic equipment.

Specifically, the embodiment of the invention provides the following technical scheme:

in a first aspect, an embodiment of the present invention further provides an access control method, including:

acquiring an access control request based on the attribute;

determining an access policy evaluation result according to the access control request based on the attribute and a preset access policy; the access policy comprises a corresponding relation between attribute information and an access policy evaluation result;

determining the access risk level of the access control request according to the target feature information corresponding to the access control request; the target characteristic information includes at least one of: subject target trust value, historical access data, environmental attributes, and access request operations;

and generating an access control evaluation result according to the access strategy evaluation result and the access risk level.

Further, determining the access risk level of the access control request according to the target feature information corresponding to the access control request includes:

determining uncertainty of access history according to the history access data; the uncertainty of the access history is used for representing the uncertainty of the occurrence of the value of each element in the access history;

determining the credibility of the environment attribute corresponding to the access control request according to the historical access data;

determining the influence degree of access request operation corresponding to the access control request on the object security;

determining an access risk value according to the subject target trust value, the uncertainty of the access history, the credibility of the environment attribute and the influence degree of the access request operation on the object security; the subject target trust value is used for representing the trust value of the subject corresponding to the access control request;

and judging the access risk level according to the access risk value and a preset risk threshold value.

Further, a subject target trust value is determined based on:

determining a direct trust value and an indirect trust value of a main body corresponding to the access control request; the direct trust value of the subject is used for indicating the trust of the subject by the domain of the object corresponding to the access control request; the indirect trust value of the subject is used for representing trust of other domains except the domain of the object corresponding to the access control request to the subject;

Determining the weight of the direct trust value of the main body in the main body target trust value and the weight of the indirect trust value of the main body in the main body target trust value according to the access times and access times threshold values of the main body in each domain corresponding to the access control request;

and determining the target trust value of the main body according to the direct trust value of the main body, the indirect trust value, the weight of the direct trust value of the main body in the target trust value of the main body and the weight of the indirect trust value of the main body in the target trust value of the main body.

Further, determining the indirect trust value is based on:

obtaining a direct trust value of a main body in each domain and a domain trust rate of each domain according to the trust degree of the main body corresponding to the access control request;

obtaining the access times and access time of a main body corresponding to the access control request in each domain according to the historical access data;

determining the weight of the direct trust value of each domain to the main body in indirect trust value evaluation according to the domain trust rate of each domain, the access times and access time of the main body in each domain;

and determining the indirect trust value according to the direct trust value of the main body in each domain and the weight of the direct trust value of each domain on the main body in the indirect trust value evaluation.

Further, according to the access policy evaluation result and the access risk level, an access control evaluation result is generated, which comprises at least one of the following:

If the access risk level is high risk, the access control evaluation result is no;

if the access strategy evaluation result is no, the access control evaluation result is no;

if the access strategy evaluation result is yes and the access risk level is the risk of the risk, the risk access times in the subject attribute and/or the object attribute are increased by one; if the risk access times in the subject attribute and/or the object attribute are greater than the risk access times threshold in the corresponding subject attribute and/or object attribute, the access control evaluation result is no, otherwise, the access control evaluation result is yes;

if the access policy evaluation result is yes, and the access risk level is low risk, the access control evaluation result is yes.

Further, after generating the access control evaluation result according to the access policy evaluation result and the access risk level, the method further comprises:

generating an access history corresponding to the access control request;

generating an access feedback result according to the access history corresponding to the access control request; the access feedback result comprises an access feedback result type and a value of the access feedback result;

generating a direct trust value of a main body corresponding to the access control request based on the attribute according to the access feedback result;

And updating the trust degree of the main body in the stored main body attribute according to the direct trust value of the main body.

In a second aspect, an embodiment of the present invention provides an access control system, including:

the system comprises a policy execution module, a policy management module, a risk management module and a policy decision module;

the policy execution module is used for acquiring an access control request based on the attribute;

the policy management module is used for determining an access policy evaluation result according to the access control request based on the attribute and a preset access policy; the access policy comprises a corresponding relation between attribute information and an access policy evaluation result;

the risk management module is used for determining the access risk level of the access control request according to the target characteristic information corresponding to the access control request; the target characteristic information includes at least one of: subject target trust value, historical access data, environmental attributes, and access request operations;

and the policy decision module is used for generating an access control evaluation result according to the access policy evaluation result and the access risk level.

Further, the access control system further comprises at least one of:

the system comprises a first module, a strategy information module, a history management module and a credibility management module;

The first module is used for sending a target access request to the policy execution module;

the policy execution module is used for extracting a subject identifier and/or an object identifier in the target access request and sending the subject identifier and/or the object identifier to the policy information module;

the policy information module is used for acquiring a target attribute corresponding to the target access request based on the subject identifier and/or the object identifier; the target attribute is sent to a strategy execution module; the target attributes include at least one of: a subject attribute, a guest attribute, and an environment attribute;

the policy execution module is used for generating an access control request based on the attribute based on the access request operation corresponding to the target attribute and/or the target access request, and sending the access control request based on the attribute to the policy decision module;

the policy decision module is used for receiving the access control request based on the attribute and sending the access control request to the policy management module and the risk management module;

the risk management module is used for receiving the access control request based on the attribute and sending the access control request based on the attribute to the history management module;

the history management module is used for obtaining history access data according to the access control request based on the attribute and sending the history access data to the risk management module; the historical access data is related to at least one attribute corresponding to the attribute-based access control request;

The risk management module is used for extracting the credibility of the main body in the main body attribute corresponding to the access control request based on the attribute, and sending the credibility of the main body and the historical access data of the main body to the credibility management module;

the credibility management module is used for generating a main body target trust value according to the main body credibility and the main body historical access data and sending the main body target trust value to the risk management module;

the policy decision module is used for sending the generated access control evaluation result to the policy execution module;

the policy execution module is used for generating an access token according to the access control evaluation result and returning the access token to the first module; the access token carries an access authorization result corresponding to the target access request; or the policy execution module is used for returning the access control evaluation result and/or the object to the first module according to the access control evaluation result;

the first module is used for executing access operation according to the access token or the access control evaluation result.

Further, the first module is configured to generate an access history corresponding to the access control request and send the access history to the history management module after performing an access operation according to the access token or the access control evaluation result;

the history management module is used for generating an access feedback result according to the access history corresponding to the access control request and sending the access feedback result to the credibility management module; the access feedback result comprises an access feedback result type and a value of the access feedback result;

The credibility management module is used for generating a direct trust value of the main body corresponding to the access control request based on the attribute according to the access feedback result, and sending the direct trust value of the main body to the policy information module;

the policy information module is used for updating the trust degree of the main body in the stored main body attribute according to the direct trust value of the main body.

In a third aspect, an embodiment of the present invention further provides an electronic device, including a memory, a processor, and a computer program stored in the memory and capable of running on the processor, where the processor implements the access control method according to the first aspect when executing the program.

In a fourth aspect, embodiments of the present invention also provide a non-transitory computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the access control method according to the first aspect.

In a fifth aspect, embodiments of the present invention also provide a computer program product comprising a computer program which, when executed by a processor, implements the access control method according to the first aspect.

According to the access control method provided by the embodiment of the invention, the access control request based on the attribute is obtained, and then the access risk level is accurately and comprehensively evaluated according to the target characteristic information corresponding to the access control request, namely according to the trust value of the main body, the historical access data, the environmental attribute, the current request operation and the like, and the access control evaluation result is further determined together according to the access risk level and the two dimensions of the access strategy evaluation result, so that the accuracy and the effectiveness of the access control are effectively improved, and the leakage risk is greatly reduced.

Drawings

In order to more clearly illustrate the invention or the technical solutions of the prior art, the following description will briefly explain the drawings used in the embodiments or the description of the prior art, and it is obvious that the drawings in the following description are some embodiments of the invention, and other drawings can be obtained according to the drawings without inventive effort for a person skilled in the art.

FIG. 1 is a schematic flow chart of an access control method according to an embodiment of the present invention;

FIG. 2 is a schematic diagram of an access control system according to an embodiment of the present invention;

FIG. 3 is another schematic diagram of an access control system according to an embodiment of the present invention;

fig. 4 is a schematic flow chart of access control based on the access control system according to an embodiment of the present invention;

fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.

Detailed Description

For the purpose of making the objects, technical solutions and advantages of the present invention more apparent, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is apparent that the described embodiments are some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.

The access control system provided by the embodiment of the invention can be applied to an information security scene, so that the access control is effectively realized, and the system security is improved.

According to the access control method, the access control request based on the attribute is obtained, the access risk level is accurately and comprehensively evaluated according to the target feature information corresponding to the access control request, namely, the trust value of the main body, the historical access data, the environmental attribute, the current request operation and the like, the access control evaluation result is further determined according to the access risk level and the two dimensions of the access strategy evaluation result, the accuracy and the effectiveness of the access control are effectively improved, and the leakage risk is greatly reduced.

The following describes the technical scheme of the present invention in detail with reference to fig. 1 to 5. The following embodiments may be combined with each other, and some embodiments may not be repeated for the same or similar concepts or processes.

The specific flow of the access control method in the embodiment of the invention is as follows:

step 101, obtaining an access control request based on attributes;

specifically, in order to improve system security and reduce leakage risk, in the embodiment of the present application, an access control request based on an attribute is first acquired; optionally, the attribute-based access control request includes, but is not limited to, any combination of one or more of a subject attribute, a guest attribute, an environment attribute, and an access request operation corresponding to the access control request.

Optionally, the subject attributes include, but are not limited to, subject generic attributes and/or subject security attributes, wherein the subject generic attributes include, but are not limited to, subject identification, domain of presence; subject security attributes including, but not limited to, confidence level, risk of occurrence access times threshold; wherein the principal represents the initiator of the access, including but not limited to users, processes, etc.; a domain represents a collection of elements with the same or similar functional requirements, including but not limited to any combination of domain name, domain trust rate, and security level. The domain trust rate represents the degree of trust of the domain, and is generated based on the security level of the domain. Trust Value (TV) represents the Trust of a subject in different domains, denoted as tv= { <d ₁ ,tv ₁ >,…,<d _n ,tv _n >}, where d _i Is the domain, tv _i Representing the subject in domain d _i Is a direct trust value in (a). The credibility of the main body belongs to the security attribute of the main body, the access history is dynamically changed, and the initial credibility is determined by the attribute of the main body. Wherein the number of risk accesses in the subject attribute refers to how many risk accesses the subject performed; the risk access frequency threshold value in the attribute of the main body is used for limiting the multiple risk accesses of the main body, and when the risk access frequency of the main body is greater than or equal to the risk access frequency threshold value of the main body, even if the access risk level of the access is risk access, the access control evaluation result is obtainedWill be the rejection.

Optionally, the object properties include object generic properties and/or object security properties, wherein the object represents an object that the subject requests access to, including but not limited to documents, pictures, and the like. The general properties of the object include, but are not limited to, any combination of object identification, generation time, domain of location, etc.; object security attributes including, but not limited to, any combination of object integrity level, object confidentiality level, number of risk accesses, threshold number of risk accesses, risk threshold in object, high risk threshold in object, etc. Wherein the number of risk accesses in the object property refers to how many times the object is accessed is risk access. The risk threshold in the object is calculated according to the object high risk threshold, and is a critical value for dividing low risk access and medium risk access, if the access risk value is greater than or equal to the medium risk threshold, the access is medium risk access or high risk access, otherwise, the access is low risk access. The object high risk threshold is calculated according to the object security level, and is a critical value for dividing medium risk access and high risk access, if the access risk value is greater than or equal to the high risk threshold, the access is high risk access, otherwise, the access is low risk access or medium risk access. Threshold number of risk accesses in the object attribute in order to avoid that the object is accessed by multiple risk accesses, when the number of risk accesses of the object is greater than or equal to the threshold number of risk accesses of the object, even if the access risk level of the access is risk access, the access control evaluation result will be refusal.

Optionally, the environment attribute represents the context in which the principal initiated the access request, including but not limited to any combination of access time, access location, access device, access point, etc.

Optionally, the access request operation represents an operation applied when the subject initiates the access request, including operations of reading, writing, executing, storing, publishing, forwarding, selecting, commenting, and the like. The operations include an access request operation, an authorization operation, and a principal actual operation. Wherein AOP is an access request operation set, POP is an authorization operation set, and ROP is a main body actual operation set.

102, determining an access policy evaluation result according to an access control request based on attributes and a preset access policy; the access policy comprises a corresponding relation between attribute information and an access policy evaluation result;

specifically, after the access control request based on the attribute is acquired, in the embodiment of the application, the access policy is queried based on any combination of the subject attribute, the object attribute, the environment attribute and the access request operation; optionally, the access policy evaluation result may be determined according to the access control request and a preset access policy; the access strategy comprises a corresponding relation between attribute information and an access strategy evaluation result; optionally, the access policy evaluation result indicates that the access request of the subject is allowed or denied, and defines the condition of allowing the operation to the subject or denying the operation to the subject, and is composed of a subject attribute, an environment attribute, an access request operation, and a type of access policy, denoted as p= < < sattr, oattr, eattr, op >, type >, type e { admit, deny }, where sattr is the subject attribute, oattr is the subject attribute, eattr is the environment attribute, op is the access request operation, admit is the allowed access, and deny is the denied access.

Step 103, determining an access risk level of the access control request according to the target feature information corresponding to the access control request; the target characteristic information includes at least one of: subject target trust value, historical access data, environmental attributes, and access request operations;

specifically, after the access control request based on the attribute is acquired, in the embodiment of the application, the access risk level of the access control request is determined according to the target feature information corresponding to the access control request; wherein the target characteristic information includes at least one of: subject target trust value, historical access data, environmental attributes, and access request operations; that is, the risk management module may generate the access risk level according to any combination of the subject target trust value, the historical access data, the environment attribute, and the access request operation. Optionally, the subject target trust value represents a trust value of a subject corresponding to the access control request; historical access data (access history) includes a collection of operations performed by a subject on an object, including, but not limited to, any combination of subject identification, object identification, environmental attributes, access request operation set, authorization operation set, and subject actual operation set; the access risk level includes three levels of high risk, medium risk, and low risk, where HR is high risk, MR is medium risk, and LR is low risk. The high risk access is an access with an access risk value greater than or equal to a guest high risk threshold; a risk of a stroke visit is a visit having a risk of a stroke value greater than or equal to a risk threshold of a stroke of a subject and less than a high risk threshold of a subject; a low risk access is an access having an access risk value less than the risk threshold in the object. The access risk level is accurately and comprehensively evaluated according to the trust value of the main body, the historical access data, the environment attribute, the current request operation and the like.

And 104, generating an access control evaluation result according to the access policy evaluation result and the access risk level.

Specifically, after the access risk level and the access policy evaluation result are determined, the access control evaluation result can be determined together based on the two dimensions of the access risk level and the access policy evaluation result, so that the accuracy and the effectiveness of access control are effectively improved, and the leakage risk is greatly reduced.

According to the access control method, the access control request based on the attribute is obtained, and then the access risk level is accurately and comprehensively evaluated according to the target feature information corresponding to the access control request, namely according to the trust value of the main body, the historical access data, the environmental attribute, the current request operation and the like, and the access control evaluation result is further determined according to the access risk level and the two dimensions of the access strategy evaluation result, so that the accuracy and the effectiveness of the access control are effectively improved, and the leakage risk is greatly reduced.

In an embodiment, determining the access risk level of the access control request according to the target feature information corresponding to the access control request includes:

Specifically, in the embodiment of the invention, the access risk value is determined according to the target trust value of the subject, the uncertainty of the access history, the credibility of the environment attribute and the influence degree of the access request operation on the security of the object. Wherein the uncertainty of the access history is used for representing the uncertainty of the occurrence of the value of each element in the access history; the elements include, but are not limited to, specific attributes of access locations, access devices, access points, etc. among the access environment attributes, the subject actually operates the operations in the collection. Alternatively, the uncertainty of the access history may be determined by the following method:

where I (his) is the uncertainty of the access history, η _i Representing the weight of each element in the access history, F (x) _ij ) The probability that the i-th element in the access history takes the j-th value is represented.

Optionally, in the embodiment of the present invention, the credibility of the environmental attribute corresponding to the access control request is determined according to the historical access data; that is, the credibility of the current access environment is calculated according to the historical access data and the current access environment, and the concrete credibility value of the current access environment can be calculated by the following method, but is not limited to the following method:

wherein f (eattr) is the credibility of the environment attribute corresponding to the access control request _i For the ith environmental attribute, u _i Representing the weight of each preset specific environment attribute in the credibility evaluation of the current environment; h (eattr) _i ) Representing the credibility of the ith environmental attribute, the credibility of the ith environmental attribute can be obtained by adopting the following steps: if the frequency of occurrence of the ith environmental attribute in the access history is equal to or greater than the access count threshold, H (eattr) _i )＝0；

If the ith environmental attribute in the access history takes the value of eattr _i The frequency of value is smaller than the access frequency threshold value, then

Where M is the access number threshold, num (eattr) _i Value) indicates that the ith environmental attribute in the access history has the value of eattr _i Frequency of value.

Optionally, in the embodiment of the present invention, the degree of influence of the access request operation corresponding to the access control request on the security of the object is determined by using the following manner:

pd＝α×Dg(aop)+(1-α)×∑P(eop|aop)×Dg(eop)

wherein pd represents the influence degree of the access request operation corresponding to the access control request on the object security, alpha represents the weight of the damage of the current request operation on the object security in the damage of all operations on the security, and P (eop | aop) represents the probability of executing the operation (eop) under the condition of the current request operation (aop); dg represents the damage to the security of the object caused by the operation.

Optionally, after determining the subject target trust value, the uncertainty of the access history, the credibility of the environmental attribute and the influence degree of the access request operation on the object security, determining the access risk value; the main body target trust value is used for representing the trust value of the main body corresponding to the access control request; and judging the access risk level according to the access risk value and a preset risk threshold value.

Alternatively, the access risk value may be determined in the following manner:

where sar represents the access risk value, δ _i (i=1, 2, 3) respectively represents the weight of the subject target trust value, the uncertainty of the access history, the credibility of the current access environment in evaluating the access risk value; Representing the subject target trust value.

Optionally, if the access risk value is greater than or equal to a preset high risk threshold, the access risk level is high risk; if the access risk value is greater than or equal to a preset middle risk threshold value and less than a preset high risk threshold value, the access risk level is middle risk; if the access risk value is less than the preset risk threshold, the access risk level is low risk.

In an actual information system, if an access environment is not trusted, the malicious access probability is high, and the access risk level in the untrusted environment is improved by analyzing the credibility of the current access environment in the access history; the influence degree of different operations on the object is different, the harm of the operations such as modification, forwarding and the like on the object is far greater than that of the read operation, and the influence of different operations on the access risk level is properly adjusted by fully considering the harm degree of different operations on the object; the concept of weight is introduced, and the influence of different factors on the access risk level is fully reflected. In the method of the embodiment, in the process of determining the access risk level, the target trust value of the subject, the uncertainty of the access history, the credibility of the environmental attribute and the influence degree of the access request operation on the object security are comprehensively considered, the influence on the access risk level is more scientific and reasonable, and the evaluation method of the access risk level is more accurate and effective, so that the determined access risk level is more accurate.

In one embodiment, the subject target trust value is determined based on:

Specifically, in the embodiment of the invention, when determining the target trust value of the main body, the direct trust value and the indirect trust value of the main body corresponding to the access control request are determined first; the direct trust value of the subject is used for representing trust of a domain where an object corresponding to the access control request is located on the subject; the indirect trust value of the subject is used for representing trust of other domains except the domain of the object corresponding to the access control request to the subject; alternatively, the direct trust value of the principal may be obtained in the principal attribute.

Optionally, the access times and access times threshold values of the main body corresponding to the access control request in each domain can be obtained from the historical access data, so that the weight of the direct trust value of the main body in the main body target trust value and the weight of the indirect trust value of the main body in the main body target trust value are determined; optionally, the weight of the direct trust value of the principal in the principal target trust value and the weight of the indirect trust value of the principal in the principal target trust value are determined by:

wherein ω represents a weight, w represents the number of accesses of the subject in the domain where the object is located, and M represents a preset threshold of the number of accesses; when the access times of the subject in the domain where the object is located is greater than or equal to a preset access times threshold, the weight of the direct trust value of the subject in the subject target trust value is 1, and the weight of the indirect trust value of the subject in the subject target trust value is 0; when the number of accesses of the subject in the domain of the object is smaller than the preset threshold number of accesses and the number of accesses of the subject in other domains except the object is not 0, the weight of the direct trust value of the subject in the subject target trust value isThe weight of the indirect trust value of the subject in the subject target trust value is +. >

Optionally, after determining the direct trust value, the indirect trust value, the weight of the direct trust value of the main body in the main body target trust value, and the weight of the indirect trust value of the main body in the main body target trust value, the target trust value of the main body can be determined according to the direct trust value, the indirect trust value of the main body, the weight of the direct trust value of the main body in the main body target trust value, and the weight of the indirect trust value of the main body in the main body target trust value; optionally, if the access times of the main body in all domains are 0, the main body target trust value is the direct trust value of the main body in the domain; if the access times of the subject in the domain where the object is located is 0 and the access times of the subject in other domains are not 0, the subject target trust value is the indirect trust value of the subject in the domain; if the access times of the subject in the domain where the object is located is greater than or equal to a preset access times threshold, the subject target trust value is the direct trust value of the subject in the domain; if the access times of the subject in the domain where the object is located are not 0 and are smaller than the preset access times threshold, the subject target trust value is a weighted average of the direct trust value and the indirect trust value of the subject in the domain.

According to the method, the weight of the direct trust value in the main body comprehensive trust value is determined according to the access times of the main body corresponding to the access control request in each domain, so that discrimination attack is effectively resisted; the discrimination attack means that an attacker performs well in other domains, performs normal access, and performs malicious access in the domain where the object is located. Because the attacker performs well in other domains, the direct trust value of other domains to the attacker is high, and the indirect trust value of the attacker in the domain where the object is located is high. If the weights of the direct trust value and the indirect trust value are fixed values, even if an attacker always accesses the domain where the object is located, the direct trust value of the domain where the attacker is located is 0, but because the indirect trust value of the domain where the attacker is located is high, the comprehensive trust value of the host of the domain where the attacker is located is not 0.

In an embodiment, determining the indirect trust value is based on the following, including:

Specifically, the indirect trust value of the subject is used for indicating trust of other domains except the domain of the object corresponding to the access control request to the subject; alternatively, the indirect trust value of the principal may be determined by:

firstly, a credibility manager obtains a direct trust value of a main body in each domain according to the credibility of the main body; obtaining domain trust rate of each domain according to the trust degree of the main body; optionally, the direct trust value of the subject in each domain may be determined by attribute information of the subject; alternatively, the credibility of the subject may be determined by attribute information of the subject;

Then, the access times and access time of the main body in each domain are obtained according to the access history (historical access data);

then, calculating the weight of the direct trust value of each domain to the main body in indirect trust value evaluation according to the domain trust rate of each domain in the main body attribute, the access times of the main body in each domain and the access time of the main body in each domain; where a domain represents a collection of elements with the same or similar functional requirements, including but not limited to any combination of domain name, domain trust rate, and security level. The domain trust rate represents the degree of trust of the domain, and is generated based on the security level of the domain. Alternatively, if the number of accesses of the subject in the domain K' is less than a preset threshold number of accesses, then If the number of accesses of the subject in the field K' is greater than or equal to a preset threshold number of accesses, then +.>Wherein lambda is _K Representing the importance of the domain K 'to the subject's direct trust value in the indirect trust value evaluation; dtr _K′ Representing domain trust rate of domain K'; dtr _K Representing domain trust rate of domain K; τ represents a function with access time as a parameter; ft (ft) _c Representing a current access time; t is t _o Indicating the last access time; w (w) _K′ Representing the number of accesses of the subject in domain K'; m represents a preset access number threshold.

Finally, determining an indirect trust value according to the direct trust value of the main body in each domain and the weight of the direct trust value of each domain to the main body in the indirect trust value evaluation; optionally, the indirect trust value is determined using the following:

therein, itv _K Is the indirect trust value of the main body in the domain K, tv _K The direct trust value of the main body in the domain K'; Σλ _j Representing the sum of the importance of domains other than the domain where the object is located;the direct trust value of the domain K' on the principal is weighted in the indirect trust value evaluation.

According to the method, the domain similarity is reflected through the domain trust rate in the main body attribute, the domain similarity, the access times and the access time are comprehensively considered, the importance of the direct trust value of each domain to the main body in the indirect trust value evaluation is calculated, the indirect trust value is calculated according to the importance of the direct trust value of each domain to the main body in the indirect trust value evaluation, and the evaluation method is scientific and reasonable, so that the determined indirect trust value is more accurate, the trust degree corresponding to the main body can be determined more accurately from the two dimensions of the direct trust value and the indirect trust value, namely, the target trust value and the access risk level of the main body are determined, and the accuracy of access control is improved.

In an embodiment, the access control evaluation result is generated according to the access policy evaluation result and the access risk level, and the access control evaluation result comprises at least one of the following:

if the access strategy evaluation result is yes and the access risk level is the risk of the risk, the risk access times in the subject attribute and/or the object attribute are increased by one; if the risk access times in the subject attribute and/or the object attribute are greater than or equal to the risk access times threshold in the corresponding subject attribute and/or object attribute, the access control evaluation result is no, otherwise, the access control evaluation result is yes;

Specifically, the access control policy evaluation result may be firstly determined, and if the access control policy evaluation result is no, the access control evaluation result is returned to be no;

if the access control strategy evaluation result is yes, further judging the access risk level; optionally, if the access risk level is high risk, returning an access control evaluation result to be no; if the access risk level is the risk of the stroke, the risk of the stroke access corresponding to the subject attribute and the risk of the stroke access in the object attribute are respectively increased by 1, if the risk of the stroke access corresponding to the subject attribute is greater than or equal to the risk of the stroke access corresponding to the subject attribute, or the risk of the stroke access corresponding to the object attribute is greater than or equal to the risk of the stroke access corresponding to the object attribute, the access control evaluation result is returned to be no, otherwise, the access control evaluation result is returned to be yes; and if the access risk level is low risk access, returning an access control evaluation result to be yes.

Optionally, the access risk level may be determined first, and then the access control policy evaluation result is combined to determine the access control evaluation result.

According to the method, access control evaluation is comprehensively carried out according to the access strategy evaluation result and the access risk level, malicious access of legal users to the object is comprehensively and effectively controlled, and the risk of object leakage is reduced.

In an embodiment, after generating the access control evaluation result according to the access policy evaluation result and the access risk level, the method further includes:

generating an access history corresponding to the access control request;

Specifically, after the first module performs the access operation on the object, the first module is further configured to generate an access history and send the access history to the history management module; wherein the access history includes a collection of operations performed by the subject on the object, including, but not limited to, any combination of subject attributes, object attributes, environment attributes, access request operation set, authorization operation set, and subject actual operation set. The history management module generates an access feedback result according to the access history and sends the access feedback result to the credibility management module; optionally, the access feedback result is determined using the following:

Optionally, when the access control evaluation result is that access is denied, that is, access request of the main body is denied, the authorization operation set is an empty set, and the access feedback result fb is specifically:

wherein Im (o) is a preset object importance characterization value;

optionally, when the access control evaluation result is that access is accepted, that is, the access request of the subject is accepted, the authorized operation set is not an empty set, and the actual operation set of the subject is within the range of the authorized operation set, the access feedback result fb is specifically:

fb＝1×Im(o)

if the authorization operation set is not an empty set and the actual operation of the main body is out of the authorization operation set, the access feedback result fb is specifically:

fb＝(-1-∑num(uop)×Dg(uop))×Im(o)

wherein Im (o) is a preset object importance characterization value; uop is an unauthorized operation, mum (uop) is the number of times of executing the unauthorized operation uop, and Dg (uop) is the influence degree of the unauthorized operation on the security of the object.

Optionally, the reliability management module receives the access feedback result, generates a direct trust value of the main body according to the access feedback result, and sends the direct trust value of the main body to the policy information module; optionally, each main body has a direct trust value, a positive feedback total value and a negative feedback total value corresponding to the main body; and the policy information module updates the credibility in the attribute of the main body according to the received direct trust value of the main body. Alternatively, if the access feedback result is a positive value, the positive feedback total value is specifically:

fv ^c ＝fv ^o +fb

Wherein fv is ^c Is the current positive feedback total value, fv ^o The positive feedback total value at the last access;

optionally, if the access feedback result is negative, the negative feedback total value is specifically:

nfv ^c ＝nfv ^o +|fb|×N(s _K )

therein, nfv ^c Is the current negative feedback total value nfv ^o Is the negative feedback total value at the last access, N (s _K ) For penalty rate s _K The number of accesses of the main body in the domain K;

optionally, the direct trust value is calculated according to the following steps:

wherein tv _K In order to be a direct trust value,the initial trust value is the trust value of the main body without any access history; wherein u is _x Represents the total positive feedback value in the initial state, u _y Representing the positive feedback total value plus the negative feedback total value in the initial state; optionally, each principal has a direct trust value, a positive feedback total value, a negative feedback total value corresponding thereto.

I.e. by changing u _x And u _y Adjusting the influence of 1-time access feedback result on the direct trust value, u _x 、u _y The larger the effect of the 1 st access feedback result on the direct trust value is smaller; u (u) _x 、u _y The smaller the impact of the 1 st access feedback result on the direct trust value. The characteristic of 'slow rise and fast fall' of the direct trust value is realized through the punishment rate, the switch attack is effectively resisted, the object safety is improved, and the switch attack is that Meaning that an attacker performs well in the first few unimportant accesses to promote trust values, after which a malicious attack is performed at the time of the important access.

Optionally, the reliability management module may send the direct trust value of the access request corresponding to the main body to the policy information module after generating the direct trust value of the access request corresponding to the main body; the policy information module can update the trust degree of the main body in the stored main body attribute according to the received direct trust value of the main body.

After the object operation corresponding to the access control request is completed, the unauthorized operation condition of the object is reflected through the difference between the authorized operation and the actual operation in the access of the object, and the concept of penalty rate is introduced, so that the credibility of the object with unauthorized access in the access history is reduced, the access risk value is improved, the access of the object is stopped, and the probability of unauthorized access after the object leaves the object is reduced to a certain extent; and generating an access feedback result according to the access history, and dynamically updating the credibility of the subject stored in the strategy information module according to the access feedback result, so that dynamic access control is realized, the risk of leakage of the object is reduced to a controllable range, and the accuracy of access control is improved.

Fig. 2 is a schematic structural diagram of an access control system according to an embodiment of the present invention. As shown in fig. 2, the access control system provided in this embodiment includes:

a policy execution module 1, a policy management module 2, a risk management module 3 and a policy decision module 4;

the policy execution module 1 is used for acquiring an access control request based on attributes;

the policy management module 2 is used for determining an access policy evaluation result according to the access control request based on the attribute and a preset access policy; the access policy comprises a corresponding relation between attribute information and an access policy evaluation result;

the risk management module 3 is used for determining the access risk level of the access control request according to the target feature information corresponding to the access control request; the target characteristic information includes at least one of: subject target trust value, historical access data, environmental attributes, and access request operations;

the policy decision module 4 is configured to generate an access control evaluation result according to the access policy evaluation result and the access risk level.

Specifically, the access control system in the embodiment of the application comprises a policy execution module 1, a policy management module 2, a risk management module 3 and a policy decision module 4; the policy execution module 1 is used for acquiring an access control request based on attributes; optionally, the attribute-based access control request includes, but is not limited to, any combination of one or more of a subject attribute, a guest attribute, an environment attribute, and an access request operation corresponding to the access control request.

Optionally, the subject attributes include, but are not limited to, subject generic attributes and/or subject security attributes, wherein the subject generic attributes include, but are not limited to, subject identification, domain of presence; subject security attributes including, but not limited to, confidence level, risk of occurrence access times threshold; wherein the principal represents the initiator of the access, including but not limited to users, processes, etc.; a domain represents a collection of elements with the same or similar functional requirements, including but not limited to any combination of domain name, domain trust rate, and security level. The domain trust rate represents the degree of trust of the domain, and is generated based on the security level of the domain. Trust Value (TV) represents the Trust of a subject in different domains, denoted as tv= {<d ₁ ,tv ₁ >,…,<d _n ,tv _n >}, where d _i Is the domain, tv _i Representing the subject in domain d _i Is a direct trust value in (a). The credibility of the main body belongs to the security attribute of the main body, the access history is dynamically changed, and the initial credibility is determined by the attribute of the main body. Wherein the number of risk accesses in the subject attribute refers to how many risk accesses the subject performed; the risk access times threshold in the attribute of the main body is used for limiting the multiple risk accesses of the main body, and when the risk access times of the main body are greater than or equal to the risk access times threshold of the main body, even if the access risk level of the access is risk access, the access control evaluation result is refused.

Optionally, after the policy execution module 1 obtains the access control request based on the attribute and sends the access control request to the policy management module 2, the policy management module 2 receives any combination of the subject attribute, the object attribute, the environment attribute and the access request operation, queries the access policy based on any combination of the subject attribute, the object attribute, the environment attribute and the access request operation, and sends a query result to the policy decision module 4; optionally, the policy management module 2 may determine an access policy evaluation result according to the access control request and a preset access policy; the access strategy comprises a corresponding relation between attribute information and an access strategy evaluation result; optionally, the access policy evaluation result indicates that the access request of the subject is allowed or denied, and defines the condition of allowing the operation to the subject or denying the operation to the subject, and is composed of a subject attribute, an environment attribute, an access request operation, and a type of access policy, denoted as p= < < sattr, oattr, eattr, op >, type >, type e { admit, deny }, where sattr is the subject attribute, oattr is the subject attribute, eattr is the environment attribute, op is the access request operation, admit is the allowed access, and deny is the denied access.

Optionally, after the policy execution module 1 obtains the access control request based on the attribute, the risk management module 3 may also determine an access risk level of the access control request according to the target feature information corresponding to the access control request; wherein the target characteristic information includes at least one of: subject target trust value, historical access data, environmental attributes, and access request operations; that is, the risk management module may generate an access risk level according to any combination of the subject target trust value, the historical access data, the environment attribute, and the access request operation, and send the access risk level to the policy decision module 4. Optionally, the subject target trust value represents a trust value of a subject corresponding to the access control request; historical access data (access history) includes a collection of operations performed by a subject on an object, including, but not limited to, any combination of subject identification, object identification, environmental attributes, access request operation set, authorization operation set, and subject actual operation set; the access risk level includes three levels of high risk, medium risk, and low risk, where HR is high risk, MR is medium risk, and LR is low risk. The high risk access is an access with an access risk value greater than or equal to the object high risk threshold; risk of visit is visit with a risk value greater than or equal to the risk threshold in the subject and less than the subject high risk threshold; a low risk access is an access having an access risk value less than the risk threshold in the object. The access risk level is accurately and comprehensively evaluated according to the trust value of the main body, the historical access data, the environment attribute, the current request operation and the like.

Optionally, after receiving the access risk level sent by the risk management module 3 and the access policy evaluation result sent by the policy management module 2, the policy decision module 4 may perform access control evaluation, generate an access control evaluation result, and send the access control evaluation result to the policy execution module to implement access control.

As shown in fig. 3, the access control system in the application realizes risk-based adaptive access control, dynamically and comprehensively evaluates the access risk level of the access according to the target trust value, the access history, the current access environment and the current request operation of the subject when the subject initiates the access request to the object, and performs access control evaluation according to the access risk level and the access policy evaluation result, thereby obtaining the access control evaluation result.

The policy execution module in the access control system in the embodiment accurately and comprehensively evaluates the access risk level according to the target feature information corresponding to the access control request, namely according to the trust value of the main body, the historical access data, the environmental attribute, the current request operation and the like by acquiring the access control request based on the attribute, and the policy decision module jointly determines the access control evaluation result according to the access risk level and the two dimensions of the access policy evaluation result, so that the accuracy and the effectiveness of the access control are effectively improved, and the leakage risk is greatly reduced.

In an embodiment, the access control system further comprises at least one of:

Specifically, as shown in fig. 4, the specific functions of each module in the access control system and the specific flow of access control based on the access control system are as follows:

401. The first module sends a target access request to the policy execution module;

among them, the target access request includes, but is not limited to: any combination of one or more of a subject identification, a subject attribute, an access request operation, an environment attribute. Alternatively, the first module may receive the target access request sent by the user and send it to the policy enforcement module.

402. The policy execution module extracts the subject identifier and/or the object identifier based on the target access request and sends the subject identifier and/or the object identifier to the policy information module;

403. the policy information module receives the subject identifier and/or the object identifier sent by the policy execution module, queries the subject attribute and/or the object attribute based on the subject identifier and/or the object identifier, and optionally queries the environment attribute by the policy information module, and sends any combination of the subject attribute, the object attribute and the environment attribute obtained by the query to the policy execution module.

404. The policy execution module receives any combination of the subject attribute, the object attribute and the environment attribute sent by the policy information module, constructs an access control request based on the attribute based on any combination of the subject attribute, the object attribute, the environment attribute and the access request operation, and sends the access control request based on the attribute to the policy decision module; wherein the attribute-based access control request includes, but is not limited to, any combination of one or more of a subject attribute, a guest attribute, an environment attribute, an access request operation;

405. The policy decision module receives the access control request based on the attribute and sends the access control request to the policy management module;

406. the policy management module receives the access control request based on the attribute, inquires the access policy (preset corresponding relation) based on any combination of the subject attribute, the object attribute, the environment attribute and the access request operation in the access control request of the attribute, and sends the access policy evaluation result obtained by inquiry to the policy decision module;

407. the policy decision module sends an access control request based on the attribute to the risk management module;

408. the risk management module receives the access control request based on the attribute, sends the access control request based on the attribute to the history management module, inquires the access history according to the access control request based on the attribute, and sends the access history to the risk management module;

409. the risk management module extracts the credibility of the main body attribute and sends the credibility and the access history of the extracted main body to the credibility management module; wherein, the trust of the main body consists of the direct trust value of the main body in each domain.

410. The credibility management module generates a subject target trust value and sends the calculated subject target trust value (subject comprehensive trust value) to the risk management module;

411. The risk management module calls an access risk assessment algorithm according to any combination of the main body comprehensive trust value, the access history, the access environment and the access request operation to generate an access risk level, and sends the access risk level to the policy decision module;

412. the policy decision module performs access control evaluation according to the access policy evaluation result and the access risk level, generates an access control evaluation result and sends the access control evaluation result to the policy execution module;

413. the policy execution module generates an access token according to the access control evaluation result and returns the access token to the first module; wherein the access token includes, but is not limited to: any combination of one or more of a subject identifier, an object identifier, an access control evaluation result, an authorized operation, and an object resource address; or the policy execution module returns the access control evaluation result and/or the object to the first module

414. The first module performs an access operation on the object.

According to the access control system, the first module, the policy information module, the history recording module and the credibility management module are added, so that modularization of the access control system is improved, and the efficiency of access control by the access control system is higher. On the other hand, by inquiring the strategy information module, under the condition that only simple information such as a subject identifier or an object identifier is obtained, any combination of the subject attribute, the object attribute and the environment attribute is obtained by inquiring, so that an access control request based on the attribute is obtained, and further, the access control can be effectively realized according to the obtained access control request based on the attribute, and the applicability of an access control system is improved; the access history of the user is stored and inquired through the history recording module, the subject target trust value is determined through the credibility management module, and then the access risk level can be accurately determined based on the access history and the subject target trust value, so that the accuracy of access control is improved.

In an embodiment, the access control system further comprises:

the first module is used for generating an access history corresponding to the access control request and sending the access history to the history management module after executing the access operation according to the access token or the access control evaluation result;

414. the first module is further configured to generate an access history and send the access history to the history management module after performing an access operation on the object, that is, generate an access history corresponding to the access control request and send the access history to the history management module; optionally, the access history includes a set of subject-to-object operations including, but not limited to, any combination of subject attributes, object attributes, environment attributes, access request operation sets, authorization operation sets, and subject actual operation sets.

415. The history management module generates an access feedback result according to the access history and sends the access feedback result to the credibility management module; the access feedback result comprises an access feedback result type and a value of the access feedback result;

416. the credibility management module receives the access feedback result, generates a direct trust value of the main body according to the access feedback result, and sends the direct trust value of the main body to the strategy information module; the direct trust value of the subject is used for indicating trust of the subject by the domain of the object corresponding to the access control request.

The policy information module is used for receiving the direct trust value of the main body and updating the credibility in the attribute of the main body; wherein, the trust of the main body consists of the direct trust value of the main body in each domain. After the first module completes the operation of the object corresponding to the access control request, an access feedback result is generated according to the access history, and the credibility of the main body stored in the policy information module is dynamically updated according to the access feedback result, so that the direct trust value, the indirect trust value, the target trust value and the access risk level of the main body can be dynamically updated, the dynamic access control is realized, the leaked risk is reduced to a controllable range, and the accuracy of the access control is improved.

According to the access control system, after the first module finishes the object operation corresponding to the access control request, the access feedback result is generated according to the access history, and the credibility of the main body stored in the strategy information module is dynamically updated according to the access feedback result, so that the dynamic access control is realized, the risk of the object being leaked is reduced to a controllable range, and the accuracy of the access control is improved.

Fig. 5 illustrates a physical schematic diagram of an electronic device, which may include: processor 810, communication interface (Communications Interface) 820, memory 830, and communication bus 840, wherein processor 810, communication interface 820, memory 830 accomplish communication with each other through communication bus 840. The processor 810 may invoke logic instructions in the memory 830 to perform an access control method comprising: acquiring an access control request based on the attribute; determining an access policy evaluation result according to the access control request based on the attribute and a preset access policy; the access policy comprises a corresponding relation between attribute information and an access policy evaluation result; determining the access risk level of the access control request according to the target feature information corresponding to the access control request; the target characteristic information includes at least one of: subject target trust value, historical access data, environmental attributes, and access request operations; and generating an access control evaluation result according to the access strategy evaluation result and the access risk level.

Further, the logic instructions in the memory 830 described above may be implemented in the form of software functional units and may be stored in a computer-readable storage medium when sold or used as a stand-alone product. Based on this understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.

In another aspect, the present invention also provides a computer program product comprising a computer program stored on a non-transitory computer readable storage medium, the computer program comprising program instructions which, when executed by a computer, enable the computer to perform the access control method provided by the above methods, the method comprising: acquiring an access control request based on the attribute; determining an access policy evaluation result according to the access control request based on the attribute and a preset access policy; the access policy comprises a corresponding relation between attribute information and an access policy evaluation result; determining the access risk level of the access control request according to the target feature information corresponding to the access control request; the target characteristic information includes at least one of: subject target trust value, historical access data, environmental attributes, and access request operations; and generating an access control evaluation result according to the access strategy evaluation result and the access risk level.

In yet another aspect, the present invention also provides a non-transitory computer readable storage medium having stored thereon a computer program which, when executed by a processor, is implemented to perform the above provided access control methods, the method comprising: acquiring an access control request based on the attribute; determining an access policy evaluation result according to the access control request based on the attribute and a preset access policy; determining the access risk level of the access control request according to the target feature information corresponding to the access control request; the target characteristic information includes at least one of: subject target trust value, historical access data, environmental attributes, and access request operations; and generating an access control evaluation result according to the access strategy evaluation result and the access risk level.

The apparatus embodiments described above are merely illustrative, wherein the elements illustrated as separate elements may or may not be physically separate, and the elements shown as elements may or may not be physical elements, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present invention without undue burden.

From the above description of the embodiments, it will be apparent to those skilled in the art that the embodiments may be implemented by means of software plus necessary general hardware platforms, or of course may be implemented by means of hardware. Based on this understanding, the foregoing technical solution may be embodied essentially or in a part contributing to the prior art in the form of a software product, which may be stored in a computer readable storage medium, such as ROM/RAM, a magnetic disk, an optical disk, etc., including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method described in the respective embodiments or some parts of the embodiments.

Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims

1. An access control method, comprising:

acquiring an access control request based on the attribute;

determining an access policy evaluation result according to the attribute-based access control request and a preset access policy; the access strategy comprises a corresponding relation between attribute information and an access strategy evaluation result;

determining an access risk level of the access control request according to the target feature information corresponding to the access control request; the target characteristic information includes at least one of: subject target trust value, historical access data, environmental attributes, and access request operations;

2. The access control method according to claim 1, wherein the determining the access risk level of the access control request according to the target feature information corresponding to the access control request includes:

Determining the influence degree of the access request operation corresponding to the access control request on the object security;

3. The access control method according to claim 2, characterized by further comprising: determining the subject target trust value based on:

determining a direct trust value and an indirect trust value of a main body corresponding to the access control request; the direct trust value of the subject is used for representing trust of the subject by the domain of the object corresponding to the access control request; the indirect trust value of the subject is used for representing trust of other domains except the domain of the object corresponding to the access control request to the subject;

determining the weight of the direct trust value of the main body in the main body target trust value and the weight of the indirect trust value of the main body in the main body target trust value according to the access times and access times threshold values of the main body corresponding to the access control request in each domain;

4. The access control method according to claim 3, further comprising:

determining the indirect trust value is based on:

obtaining a direct trust value of the main body in each domain and a domain trust rate of each domain according to the trust degree of the main body corresponding to the access control request;

obtaining the access times and access time of the main body corresponding to the access control request in each domain according to the historical access data;

determining the weight of the direct trust value of each domain to the main body in indirect trust value evaluation according to the domain trust rate of each domain, the access times and the access time of the main body in each domain;

5. The access control method according to any one of claims 1 to 4, wherein the generating an access control evaluation result according to the access policy evaluation result and the access risk level includes at least one of:

if the access strategy evaluation result is negative, the access control evaluation result is negative;

if the access strategy evaluation result is yes and the access risk level is risk, the risk access times in the subject attribute and/or the object attribute are increased by one; if the risk access times in the subject attribute and/or the object attribute are greater than the risk access times threshold in the corresponding subject attribute and/or object attribute, the access control evaluation result is no, otherwise, the access control evaluation result is yes;

and if the access policy evaluation result is yes, and the access risk level is low risk, the access control evaluation result is yes.

6. The access control method according to claim 5, wherein after generating the access control evaluation result according to the access policy evaluation result and the access risk level, further comprising:

generating an access history corresponding to the access control request;

Generating a direct trust value of a main body corresponding to the attribute-based access control request according to the access feedback result;

7. An access control system, comprising:

the policy management module is used for determining an access policy evaluation result according to the attribute-based access control request and a preset access policy; the access strategy comprises a corresponding relation between attribute information and an access strategy evaluation result;

8. The access control system of claim 7, further comprising at least one of:

the policy information module is used for acquiring a target attribute corresponding to the target access request based on the subject identifier and/or the object identifier; the target attribute is sent to the policy execution module; the target attribute includes at least one of: a subject attribute, a guest attribute, and an environment attribute;

the policy execution module is used for generating an access control request based on the attribute based on the target attribute and/or the access request operation corresponding to the target access request, and sending the access control request based on the attribute to the policy decision module;

the risk management module is used for extracting the trust of the main body in the main body attribute corresponding to the access control request based on the attribute, and sending the trust of the main body and the historical access data of the main body to the trust management module;

the credibility management module is used for generating a main body target trust value according to the main body credibility and main body historical access data and sending the main body target trust value to the risk management module;

9. The access control system of claim 8, further comprising:

the credibility management module is used for generating a direct trust value of a main body corresponding to the attribute-based access control request according to the access feedback result, and sending the direct trust value of the main body to the policy information module;

10. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the access control method of any one of claims 1 to 6 when the program is executed by the processor.