Journal on Communications ›› 2020, Vol. 41 ›› Issue (2): 112-122.doi: 10.11959/j.issn.1000-436x.2020035

• Papers • Previous Articles     Next Articles

Attribute-based lightweight reconfigurable access control policy

Rongna XIE1,Hui LI1,Guozhen SHI2(),Yunchuan GUO3   

  1. 1 School of Cyber Engineering,Xidian University,Xi’an 710071,China
    2 Department of Electronics and Communication Engineering,Beijing Electronic Science and Technology Institute ,Beijing 100070,China
    3 Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093,China
  • Revised:2019-12-16 Online:2020-02-25 Published:2020-03-09
  • Supported by:
    The National Key Research and Development Program of China(2017YFB0802705);The National Key Research and Development Program of China(2016QY06X1203);The National Natural Science Foundation of China(61672515)

Abstract:

Aiming at the severe challenges of access control policy redundancy and conflict detection,the efficiency of access control policy evaluation in complex network environment,an attribute-based lightweight reconfigurable access control policy was proposed.Taking the attribute-based access control policy as an example,the attribute-based access control policy was divided into multiple disjoint atomic access control rules according to the operation type,subject attribute,object attribute,and environment attribute in the access control policy.Complex access control policies were constructed through atomic access control rules and an algebraic expression formed by AND,OR logical relationships.A method for redundancy and collision detection of atomic access control rules was proposed.A method was proposed for decompose a complex access control policy into equivalent atomic access control rules and an algebraic expression.The method for redundancy and collision detection of complex access control policies were proposed through redundancy and collision detection of equivalent atomic access control rules and algebraic expressions.From time complexity and space complexity,the efficiency of the equivalent transformation access control policy was evaluated.It showes that the reconstruction method for access control policy greatly reduces the number,size and complexity of access control policy,improves the efficiency of access control policy redundancy and collision detection,and the efficiency of access control evaluation.

Key words: lightweight, reconfigurable, atomic access control rule, algebraic expression, equivalent transformation

CLC Number: 

No Suggested Reading articles found!