基于标签的数据流转控制策略冗余与冲突检测方法

doi:10.11959/j.issn.2096-109x.2023074

Abstract

Abstract:

To address the challenge of redundancy and conflict detection in the label-based data flow control mechanism, a label description method based on atomic operations has been proposed.When the label is changed, there is unavoidable redundancy or conflict between the new label and the existing label.How to carry out redundancy and conflict detection is an urgent problem in the label-based data flow control mechanism.To address the above problem, a label description method was proposed based on atomic operation.The object label was generated by the logical combination of multiple atomic tags, and the atomic tag was used to describe the minimum security requirement.The above label description method realized the simplicity and richness of label description.To enhance the detection efficiency and reduce the difficulty of redundancy and conflict detection, a method based on the correlation of sets in labels was introduced.Moreover, based on the detection results of atomic tags and their logical relationships, redundancy and conflict detection of object labels was carried out, further improving the overall detection efficiency.Redundancy and conflict detection of atomic tags was based on the relationships between the operations contained in different atomic tags.If different atomic tags contained the same operation, the detection was performed by analyzing the relationship between subject attributes, environmental attributes, and rule types in the atomic tags.On the other hand, if different atomic tags contained different operations without any relationship between them, there was no redundancy or conflict.If there was a partial order relationship between the operations in the atomic tags, the detection was performed by analyzing the partial order relationship of different operations, and the relationship between subject attribute, environment attribute, and rule types in different atomic tags.The performance of the redundancy and conflict detection algorithm proposed is analyzed theoretically and experimentally, and the influence of the number and complexity of atomic tags on the detection performance is verified through experiments.

Key words: label, data flow control, atomic tag, set correlation, policy redundancy and conflict detection

CLC Number:

TP302

Rongna XIE, Xiaonan FAN, Suzhe LI, Yuxin HUANG, Guozhen SHI. Redundancy and conflict detection method for label-based data flow control policy[J]. Chinese Journal of Network and Information Security, 2023, 9(5): 21-32.

Figures/Tables 6

References 15

[1]	XIE R N , FAN X N , ZHU J Y ,et al. Research on label based data flow control mechanism[C]// 2021 IEEE Sixth International Conference on Data Science in Cyberspace (DSC). 2021: 233-239.
[2]	刘敖迪, 王娜, 刘磊 . 面向云服务组合的策略冲突检测机制[J]. 计算机应用研究, 2017,34(4): 1145-1150.
	LIU A D , WANG N , LIU L . Policy conflict detection mechanism for cloud service composition[J]. Computer Application Research, 2017,34(4): 1145-1150.
[3]	戚湧, 陈俊, 李千目 . 基于冗余消除和属性数值化的XACML策略优化方法[J]. 计算机科学, 2016,43(2): 163-168.
	QI Y , CHEN J , LI Q M . XACML policy optimization method based on redundancy elimination and attribute numeralization[J]. Computer Science, 2016,43(2): 163-168.
[4]	吴泽智, 陈性元, 杨智 ,等. 信息流控制研究进展[J]. 软件学报, 2017,28(1): 135-159.
	WU Z Z , CHEN X Y , YANG Z ,et al. Research progress on information flow control[J]. Journal of Software, 2017,28(1): 135-159.
[5]	诸天逸, 李凤华, 成林 ,等. 跨域访问控制技术研究[J]. 网络与信息安全学报, 2021,7(1): 20-27.
	ZHU T Y , LI F H , CHENG L ,et al. Research on cross-domain access control technology[J]. Journal of Network and Information Security, 2021,7(1): 20-27.
[6]	李凤华, 谢绒娜, 李晖 ,等. 一种信息流转方法、装置及系统:中国,CN109347845B[P]. 2020-08-07.
	LI F H , XIE R N , LI H ,et al. An information transfer method,device and system:China,CN109347845B[P]. 2020-08-07.
[7]	王媛, 孙宇清, 马乐乐 . 面向社会网络的个性化隐私策略定义与实施[J]. 通信学报, 2012,33(S1): 239-249.
	WANG Y , SUN Y Q , MA L L . Definition and implementation of personalized privacy policies for social networks[J]. Journal on Communication, 2012,33(S1): 239-249.
[8]	LIU G , FANG L , WANG Q ,et al. Resource and attribute based access control model for system with huge amounts of resources[C]// International Conference on Green,Pervasive and Cloud Computing. 2018.
[9]	LI L Q , HAI L . An access control model based on matrix domain security label[J]. IOP Conference Series:Materials Science and Engineering, 2021,1043(4).
[10]	WANG Y T . A cross-domain authorization access control model based on security label attribute[J]. Journal of Physics:Conference Series, 2021,1955(1).
[11]	吴迎红, 黄皓, 周靖康 ,等. 分布式应用访问控制策略精化冲突分析[J]. 计算机应用, 2014,34(2): 421-427.
	WU Y H , HUANG H , ZHOU J K ,et al. Refinement conflict analysis of distributed application access control policy[J]. Computer Applications, 2014,34(2): 421-427.
[12]	CHEN M , HONG J , XIAO Y ,et al. A method of conflict detection and resolution for security policy based on matrix description[C]// 2017 7th IEEE International Conference on Electronics Information and Emergency Communication(ICEIEC). 2017: 548-551.
[13]	江泽涛, 谢朕, 王琦 ,等. 一种基于屏蔽码的 ABAC 静态策略冲突与冗余检测算法[J]. 计算机科学, 2018,45(2): 197-202.
	JIANG Z T , XIE Z , WANG Q ,et al. An ABAC static policy conflict and redundancy detection algorithm based on masking code[J]. Computer Science, 2018,45(2): 197-202.
[14]	LIU G , PEIW , TIAN Y ,et al. A novel conflict detection method for ABAC security policies[J]. Journal of Industrial Information Integration, 2021,22:100200.
[15]	CHOWDHARY A , SABUR A , HUANG D ,et al. Object oriented policy conflict checking framework in cloud networks (OOPC)[J]. IEEE Transactions on Dependable and Secure Computing, 2021.

Metrics

Recommended 0

No Suggested Reading articles found!

Redundancy and conflict detection method for label-based data flow control policy

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 6

References 15

Related Articles 2

Metrics

Recommended 0

[1]	Xueliang SUN, Wei WANG, Junheng HUANG, Guodong XIN, Bailing WANG. Two-stage community detection algorithm based on label propagation [J]. Chinese Journal of Network and Information Security, 2022, 8(2): 139-149.
[2]	Rongna XIE, Xiaonan FAN, Lin YUAN, Zichen GUO, Jiayu ZHU, Guozhen SHI. Research on extended access control mechanism in online social network [J]. Chinese Journal of Network and Information Security, 2021, 7(5): 123-131.