互操作性与自治性平衡的跨域访问控制策略映射

doi:10.11959/j.issn.1000-436x.2020157

Abstract

Abstract:

Cross-domain access control can improves interoperability but reduces intra-domain autonomy.To balance inter-domain interoperability and intra-domain autonomy,a cross-domain access control policy mapping to the problem of multi-objective integer optimization programming was formulated.Both the maximization of inter-domain interoperability and the minimization of intra-domain autonomy were taken as the objectives.Further,seven constraints were designed to prevent typical cross-domain conflicts.To solve the optimization problem,a constrained NSGA-III algorithm was proposed.The experimental results show that the proposed algorithm can quickly converge and accurately find the policy mapping even in the large-scale datasets.

Key words: cross-domain access control, policy mapping, interoperability, autonomy loss, multi-objective optimization

CLC Number:

TN929

Tianyi ZHU,Fenghua LI,Wei JIN,Yunchuan GUO,Liang FANG,Lin CHENG. Cross-domain access control policy mapping mechanism for balancing interoperability and autonomy[J]. Journal on Communications, 2020, 41(9): 29-48.

Figures/Tables 15

References 14

[1]	JOSHI J B D , BERTINO E , GHAFOOR A . Temporal hierarchies and inheritance semantics for GTRBAC[C]// Proceedings of the seventh ACM symposium on Access control models and technologies. New York:ACM Press, 2002: 74-83.
[2]	DU S , JOSHI J B D . Supporting authorization query and inter-domain role mapping in presence of hybrid role hierarchy[C]// Proceedings of the eleventh ACM symposium on Access control models and technologies. New York:ACM Press, 2006: 228-236.
[3]	ZHANG Y , JOSHI J B D . A request-driven secure interoperation framework in loosely-coupled multi-domain environments employing RBAC policies[C]// 2007 International Conference on Collaborative Computing:Networking,Applications and Worksharing. Piscataway:IEEE Press, 2007: 25-32.
[4]	SHAHRAKI A S , RUDOLPH C , GROBLER M . A dynamic access control policy model for sharing of healthcare data in multiple domains[C]// 2019 18th IEEE International Conference On Trust,Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering. Piscataway:IEEE Press, 2019: 618-625.
[5]	UNAL D , ?AGLAYAN M U . A formal role-based access control model for security policies in multi-domain mobile networks[J]. Computer Networks, 2013,57(1): 330-350.
[6]	KAPADIA A , MUHTADI J A , CAMPBELL R H ,et al. IRBAC2000:secure interoperability using dynamic role translation[C]// Proceedings of the International Conference on Internet Computing. Saarland:DBLP, 2000: 231-238.
[7]	AL-MUHTADI J , KAPADIA A , CAMPBELL R ,et al. The A-IRBAC 2000 model:administrative interoperable role-based access control[R]. Urbana-Champaign:University of Illinois,(2001-01)[2020-05-08].
[8]	SHEHAB M , BERTINO E , GHAFOOR A . SERAT:secure role mapping technique for decentralized secure interoperability[C]// Proceedings of the tenth ACM symposium on Access control models and technologies. New York:ACM Press, 2005: 159-167.
[9]	SHAFIQ B , JOSHI J B D , BERTINO E ,et al. Secure interoperation in a multidomain environment employing RBAC policies[J]. IEEE Transactions on Knowledge and Data Engineering, 2005,17(11): 1557-1577.
[10]	FAN K , BAI Y , XU H ,et al. A secure cross-domain access control scheme in social networks[C]// IEEE International Conference on Communications. Piscataway:IEEE Press, 2019: 1-6.
[11]	DIAO L , WANG H , ALSARRA S ,et al. A smart role mapping recommendation system[C]// 2019 IEEE 43rd Annual Computer Software and Applications Conference. Piscataway:IEEE Press, 2019,(2): 135-140.
[12]	DIAZ-LOPEZ D , DOLERA-TORMO G , GOMEZ-MARMOL F ,et al. Managing XACML systems in distributed environments through meta-policies[J]. Computers ＆ Security, 2015(48): 92-115.
[13]	ZHANG Q F , LI H . MOEA/D:a multiobjective evolutionary algorithm based on decomposition[J]. IEEE Transactions on evolutionary computation, 2007,11(6): 712-731.
[14]	DAS I , DENNIS J E . Normal-boundary intersection:a new method for generating the pareto surface in nonlinear multicriteria optimization problems[J]. SIAM journal on optimization, 1998,8(3): 631-657.

Metrics

Recommended 0

No Suggested Reading articles found!

函数/谓词	描述
domain(r_i)	返回r_i所在域
role_sod(r_i,r _j)	若domain(r_i)=domain(r _j)，且r_i 与r _j 存在角色SoD约束，则返回True，否在返回False
user_sod(u_i,u _j)	若domain(u_i)=domain(u _j)，且u_i与u _j存在用户SoD约束，则返回True，否在返回False
cd_link(r_i,r _j)	若domain(r_i)≠domain(r _j)，且r_i与r _j存在跨域角色映射关系，则返回True，否在返回False
i_senior(r_i,r _j)	若domain(r_i)=domain(r _j)，且r _j 在 I-层次关系中是r_i的上级，则返回True，否在返回False
i_junior(r_i,r _j)	若domain(r_i)=domain(r _j)，且r _j 在 I-层次关系中是r_i的下级，则返回True，否在返回False
a_senior(r_i,r _j)	若domain(r_i)=domain(r _j)，且r _j在A-层次关系中是r_i的上级，则返回True，否在返回False
a_junior(r_i,r _j)	若domain(r_i)=domain(r _j)，且r _j在A-层次关系中是r_i的下级，则返回True，否在返回False
senior(r_i)	返回r_i及其所有上级（I–层次关系和A-层次关系）角色节点
junior(r_i)	返回r_i及其所有下级（I–层次关系和A-层次关系）角色节点
rbac_set(G_D)	输入域D的本地角色映射关系图，返回域内所有合法的“用户-角色”访问控制映射
eval(str)	若输入的是字符串，将返回字符串中的有效表达式。同python中的eval()函数
L.add(e)	若L是不包含重复元素的set集合，用add将元素e加入到列表L
count(E)	返回集合E内的元素个数
remove(E,S)	删除集合E内的S元素
r.Label	定义“.”运算，表示对角色r 的Label标签的引用

规模类型	所属域	角色节点	用户节点	跨域连接	角色SoD
	域A	5	3	3	0
小规模	域B	3	4	3	1
	总和	8	7	3	1
	域A	62	203	15	7
中规模	域B	75	300	15	10
	总和	137	503	15	17
	域A	125	407	25	14
大规模	域B	151	601	25	20
	总和	276	1 008	25	34

[1]	Sifeng ZHU, Jianghao CAI, Zhengyi CHAI, Enlin SUN. Multi-objective optimal offloading decision for cloud-edge collaborative computing scenario in Internet of vehicles [J]. Journal on Communications, 2022, 43(6): 223-234.
[2]	Pei ZHANG,Shuaijun LIU,Zhiguo MA,Xiaohui WANG,Junde SONG. Improved satellite resource allocation algorithm based on DRL and MOP [J]. Journal on Communications, 2020, 41(6): 51-60.
[3]	SU Mingfeng,WANG Guojun,LI Renfa. Multidimensional QoS cloud computing resource scheduling method based on stakeholder perspective [J]. Journal on Communications, 2019, 40(6): 102-115.
[4]	Nan BAO,Jiakuo ZUO,Han HU,Xu BAO. SDN based network resource selection multi-objective optimization algorithm [J]. Journal on Communications, 2019, 40(2): 51-59.
[5]	Junfeng TIAN, Zilong WANG, Xinfeng HE, Zhen LI. Shamir-based virtual machine placement policy [J]. Journal on Communications, 2019, 40(10): 90-100.
[6]	Xiaochen HAO,Liyuan WANG,Jinshuo LIU,Lixia XIE,Wenhuan ZHANG. Resource allocation optimization algorithm based on double populations differential evolution in WSN [J]. Journal on Communications, 2018, 39(4): 68-75.
[7]	Hao FENG,Lei LUO,Yong WANG,Miao YE. Multi-objective data collecting strategies for wireless sensor network based on the time variable multi-salesman problem and genetic algorithm [J]. Journal on Communications, 2017, 38(3): 112-123.
[8]	Xue-bin MA,Ai-li LI,Xiao-juan ZHANG. Wakeup strategy based on multi-objective optimization for fixed relay nodes [J]. Journal on Communications, 2017, 38(10): 47-59.
[9]	Qi WANG,Jaffrès-Runser Katia,Yi SUN,Jun LI,Jun ZHANG,Bin DA,Zhong-cheng LI. Fundamental performance bounds for multi-performance criteria in wireless ad hoc networks [J]. Journal on Communications, 2015, 36(6): 1-140.
[10]	Nai-jin CHEN,Jian-hui JIANG. Hardware-task partitioning algorithm merged area estimation with multi-objective optimization [J]. Journal on Communications, 2013, 34(2): 40-55.
[11]	. Improved PESA algorithm based on comentropy [J]. Journal on Communications, 2013, 34(11): 5-47.
[12]	Kun WANG,Lin-lin WANG,Yan LIU,Yu-hua ZHANG,Meng WU. Improved PESA algorithm based on comentropy [J]. Journal on Communications, 2013, 34(11): 33-41.
[13]	Li XU,Zhi-bin ZENG,Chuan YAO. Study on virtual resource allocation optimization in cloud computing environment [J]. Journal on Communications, 2012, 33(Z1): 8-16.
[14]	Xu-chao CHENG,Xin-yu CHEN,Ping GUO. Software reliability prediction with an improved Elman network model [J]. Journal on Communications, 2011, 32(4): 86-93.
[15]	Zi-mu LI,Xing LI,Jian-ping WU. Towards NGI:a case study of multicast-bridge in IPv6-CJ [J]. Journal on Communications, 2006, 27(11A): 1-5.

Cross-domain access control policy mapping mechanism for balancing interoperability and autonomy

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 15

References 14

Related Articles 15

Metrics

Recommended 0