基于权限聚类的属性值优化

doi:10.11959/j.issn.2096-109x.2021077

Abstract

Abstract:

In new large-scale computing environment, the attributes of entities were massive and they had complex sources and uneven quality, which were great obstacles to the application of ABAC (attribute-based access control).The attributes were also hard to be corrected manually, making it difficult to be applied in access control system straightly.To solve the optimization problem of nominal attributes, a novel algorithm of attribute value optimization based on permission clustering was designed, in which entities were presented by the privilege set related to them.So that the entities were tagged by density-based clustering method with distances of their privilege set presentations.Then the attribute values were reduced and corrected based on rough set theory.Finally, the algorithm was verified on UCI data sets, which proved that after applying it, ABAC policy mining was improved in the evaluation criteria, such as the true positive rate and F1-score.

Key words: attribute valueoptimization, rough set theory, ABAC, access control

CLC Number:

TP393

Wenchao WU, Zhiyu REN, Xuehui DU. Permission clustering-based attribute value optimization[J]. Chinese Journal of Network and Information Security, 2021, 7(4): 175-182.

Figures/Tables 7

References 13

[1]	房梁, 殷丽华, 郭云川 ,等. 基于属性的访问控制关键技术研究综述[J]. 计算机学报, 2017,40(7): 1680-1698.
	FANG L , YIN L H , GUO Y C ,et al. A survey of key technologies in attribute-based access control scheme[J]. Chinese Journal of Computers, 2017,40(7): 1680-1698.
[2]	HU C T , FERRAIOLO D F , KUHN D R ,et al. Guide to attribute based access control (ABAC) definition and considerations[includes updates as of 02-25-2019][R]. 2019.
[3]	XU Z , STOLLER S D . Mining attribute-based access control policies from logs[C]// IFIP Annual Conference on Data and Applications Security and Privacy. 2014: 276-291.
[4]	COTRINI C , WEGHORN T , BASIN D . Mining ABAC rules from sparse logs[C]// 2018 IEEE European Symposium on Security and Privacy (EuroS＆P). 2018: 31-46.
[5]	IYER P , MASOUMZADEH A . Mining positive and negative attribute-based access control policy rules[C]// Proceedings of the 23nd ACM on Symposium on Access Control Models and Technologies. 2018: 161-172.
[6]	张任伟, 白晓颖, 郁莲 ,等. 决策表的属性约简算法综述[J]. 计算机科学, 2011,38(11): 1-6.
	ZHANG R W , BAI X Y , YU L ,et al. Survey of decision table research of attribute reduction[J]. Computer Science, 2011,38(11): 1-6.
[7]	邓大勇, 薛欢欢, 苗夺谦 ,等. 属性约简准则与约简信息损失的研究[J]. 电子学报, 2017,45(2): 401-407.
	DENG D Y , XUE H H , MIAO D Q ,et al. Study on criteria of attribute reduction and information loss of attribute reduction[J]. Acta Electronica Sinica, 2017,45(2): 401-407.
[8]	邓大勇, 葛雅雯, 黄厚宽 . 属性约简簇的优化选择[J]. 电子学报, 2019,47(5): 1111-1120.
	DENG D Y , GE Y W , HUANG H K . An optimizing selection in a family of attribute reducts[J]. Acta Electronica Sinica, 2019,47(5): 1111-1120.
[9]	张维, 苗夺谦, 高灿 ,等. 一种处理部分标记数据的粗糙集属性约简算法[J]. 计算机科学, 2017,44(1): 25-31.
	ZHANG W , MIAO D Q , GAO C ,et al. Rough set attribute reduction algorithm for partially labeled data[J]. Computer Science, 2017,44(1): 25-31.
[10]	曾孝文, 胡虚怀, 严权峰 . 一种基于粗糙集理论的属性值约简改进算法[J]. 电子技术, 2017(1): 1.
	ZENG X W , HU X H , YAN Q F . An improved algorithm for attribute value reduction base on rough set theory[J]. Electronics Technology, 2017(1): 1.
[11]	TAN P N , STEINBACH M , KUMAR V . Introduction to data mining[M]. Pearson Education India, 2016:21.
[12]	LICHMAN M . UCI machine learning repository.amazon access samples data set[EB]. 2011.
[13]	BORGELT C . Frequent item set mining[J]. Wiley Interdisciplinary Reviews:Data Mining and Knowledge Discovery, 2012,2(6): 437-456.

Metrics

Recommended 0

No Suggested Reading articles found!

属性类型	性质	示例
标称属性	比较相等和不相等是有意义的	名字、性别
序数属性	比较大小是有意义的	{优、良、中、差}，{大、中、小}
区间属性	差是有意义的	日期、温度
比率属性	差和比率都是有意义的	质量、计数

属性名	属性信息	属性值个数
HOST	客体属性，一种客体的ID	2 214
PERMGROUP	客体属性，一种客体的ID	9 117
SYSTEM_SUPPORT	客体属性，一种客体的ID	21 921
PERSON_BUSINESS_TITLE	主体属性，主体职衔	4 979
PERSON_BUSINESS_TITLE_DETAIL	主体属性，主体职衔详细内容	56
PERSON_COMPANY	主体属性，主体所属公司	49
PERSON_DEPTNAME	主体属性，主体所属部门	405
PERSON_ID	主体属性，主体ID	36 063
PERSON_JOB_CODE	主体属性，主体职位码	13
PERSON_JOB_FAMILY	主体属性，主体职位类别	70
PERSON_LOCATION	主体属性，主体所处位置	1
PERSON_MGR_ID	主体属性，主体所属经理ID	3 207
PERSON_ROLLUP_1	主体属性，主体分组1	12
PERSON_ROLLUP_2	主体属性，主体分组2	111
PERSON_ROLLUP_3	主体属性，主体分组3	12

eps	min_pts
eps	5	10	20	30	40
0.1	0.132 1	0.171 8	0.214 6	0.243 7	0.265 7
0.2	0.101 7	0.145 0	0.188 3	0.219 9	0.245 7
0.3	0.046 5	0.069 2	0.101 0	0.123 1	0.139 3
0.4	0.014 4	0.021 2	0.041 5	0.055 7	0.066 2
0.5	0.009 0	0.014 3	0.030 2	0.040 5	0.047 5
0.6	0.000 0	0.000 1	0.000 2	0.000 3	0.000 3
0.7	0.000 0	0.000 0	0.000 0	0.000 0	0.000 0

eps	min_pts
eps	5	10	20	30	40
0.1	477	261	149	106	82
0.2	448	245	146	105	80
0.3	213	132	83	69	60
0.4	71	56	38	38	36
0.5	71	56	36	31	31
0.6	3	3	3	3	3
0.7	3	3	3	3	3

Permission clustering-based attribute value optimization

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 7

References 13

Related Articles 13

Metrics

Recommended 0

[1]	Dibin SHAN, Xuehui DU, Wenjuan WANG, Aodi LIU, Na WANG. Access control relationship prediction method based on GNN dual source learning [J]. Chinese Journal of Network and Information Security, 2022, 8(5): 40-55.
[2]	Zhensheng GAO, Lifeng CAO, Xuehui DU. Research progress of access control based on blockchain [J]. Chinese Journal of Network and Information Security, 2021, 7(6): 68-87.
[3]	Guanqun YANG, Yin LIU, Hao XU, Hongwei XING, Jianhui ZHANG, Entang LI. Credible distributed identity authentication system of microgrid based on blockchain [J]. Chinese Journal of Network and Information Security, 2021, 7(6): 88-98.
[4]	Fuyuan SONG, Zheng QIN, Jixin ZHANG, Yu LIU. Efficient and secure multi-user outsourced image retrieval scheme with access control [J]. Chinese Journal of Network and Information Security, 2021, 7(5): 29-39.
[5]	Tianyi ZHU, Fenghua LI, Lin CHENG, Yunchuan GUO. Research on cross-domain access control technology [J]. Chinese Journal of Network and Information Security, 2021, 7(1): 20-27.
[6]	Yunxiang QIU,Hongxia ZHANG,Qi CAO,Jiancong ZHANG,Xingshu CHEN,Hongjian JIN. Blockchain data access control scheme based on CP-ABE algorithm [J]. Chinese Journal of Network and Information Security, 2020, 6(3): 88-98.
[7]	Yukun NIU,Lingbo WEI,Chi ZHANG,Xia ZHANG,Vejarano Gustavo. Privacy-preserving access control for public wireless LAN utilizing the bitcoin blockchain [J]. Chinese Journal of Network and Information Security, 2020, 6(2): 56-66.
[8]	Qiuyue SU, Xingshu CHEN, Yonggang LUO. Access control model for multi-source heterogeneous data in big data environment [J]. Chinese Journal of Network and Information Security, 2019, 5(1): 78-86.
[9]	Tian-zhu CHEN,Yun-chuan GUO,Ben NIU,Feng-hua LI. Research progress of access control model and policy in online social networks [J]. Chinese Journal of Network and Information Security, 2016, 2(8): 1-9.
[10]	Li LI,Guo-zhen SHI,Xuan WANG,Yun-fei CI. Implementation of shared file encrypted storage hierarchical access control scheme [J]. Chinese Journal of Network and Information Security, 2016, 2(7): 26-32.
[11]	Rui-xin YAO,Hui LI,Jin CAO. Overview of privacy preserving in social network [J]. Chinese Journal of Network and Information Security, 2016, 2(4): 33-43.
[12]	Liang-xuan ZHANG,Hui LI. Multi-authority attribute-based encryption with efficient user revocation in cloud computing [J]. Chinese Journal of Network and Information Security, 2016, 2(2): 62-74.
[13]	Jia-shuai LI,Chang-gen PENG,Yi-jie ZHU,Hai-feng MA. Risk access control model for Hadoop [J]. Chinese Journal of Network and Information Security, 2016, 2(1): 46-52.