基于贝叶斯决策理论的风险最小化的授权映射方法

doi:10.11959/j.issn.1000-436x.2015295

Abstract

Abstract:

Authorization decision was one of the key issues in the control access.In order to effectively enhance the security of authorization in trust based access control authorization,according to minimization risk Bayes decision theory,authorization was the object to the subject in access control as found that the problem of optimal decision.A method that minimizates risk based authorization mapping to realize correct authorization operation in the access control was proposed.Example analysis and simulation experiment show that the method is able to reduce risk accurately to interaction final authorization.

Key words: access control, Bayes decision theory, trust, risk, authorization mapping

Bin ZHAO,Jing-sha HE. Bayes decision theory based risk minimization authorization mapping[J]. Journal on Communications, 2015, 36(Z1): 157-161.

Figures/Tables 7

策略	属性
策略	$A_{1}^{D}$	$A_{2}^{D}$	…	$A_{n}^{D}$	$Q_{i}^{P}$
S₁	T	GT	…	BT	Y
S₂		FT	…		Y
S₃		GT	…	BT	Y
S₄	T		…	BT	Y
…	…	…	…	…	…
S_m	GT	GT	…	GT	Y
注： $A_{i}^{D}$ 表示访问许可的决策属性；
$Q_{i}^{P}$ 是访问主体的访问请求权限许可集合；
S_i 表示对 $Q_{i}^{P}$ 的访问控制策略规则。
Y 代表赋权，N 代表拒绝。
U=3表示信任未知，T=4表示信任，
GT=5表示比较信任，BT=6表示非常信任，
FT=7表示完全信任；
S_i 表示对DA的访问控制策略规则。

状态	决策
状态	ω₁	ω₂	…	ω_c
α₁	Risk(α₁,ω₁)	Risk(α₁,ω₂)	…	Risk(α₁,ω_c)
α₂	Risk(α₂,ω₁)	Risk(α₂,ω₂)	…	Risk(α₂,ω_c)
$⋮$	$⋮$	$⋮$	…	$⋮$
α_i	Risk(α_i,ω₁)	Risk(α_i,ω₂)	…	Risk(α_i,ω_c)
$⋮$	$⋮$	$⋮$	…	$⋮$
α_k	Risk(α_k,ω₁)	Risk(α_k,ω₂)	…	Risk(α_k,ω_c)

References 13

[1]	BLAZE M , FEIGENBAUM J , LACY J . Decentralized trust management[A]. Security and Privacy 1996[C]. 1996. 164-173.
[2]	GLYNOS D , ARGYROUDIS P , DOULIGERIS C . Collaborative service evaluation with the two hop trust framework[J]. Security and Communication Networks, 2012,5(6): 594-613.
[3]	HAN G , JIANG J , SHU L , et al. Management and applications of trust in wireless sensor networks:a survey[J]. Journal of Computer and System Sciences, 2014,80(3): 602-617.
[4]	王婷, 陈性元, 张斌 , 等. 授权与访问控制中的资源管理技术研究综述[J]. 小型微型计算机系统, 2011,32(4): 619-625. WANG T , CHEN X Y , ZHANG B , et al. Research of resource management in authorization and access control technology[J]. Journal of Chinese Computer Systems, 2011,32(4): 619-625.
[5]	赵斌, 何泾沙 . 基于平衡权重的动态综合信任度量方法[J]. 北京邮电大学学报, 2015,38(2): 113-117. ZHAO B , HE J S . Dynamic global trust evaluation based on balance weight[J]. Journal of Beijing University of Posts and Telecommunications, 2015,38(2): 113-117.
[6]	MASOOD R , SHIBLI M A , GHAZI Y , et al. Cloud authorization:exploring techniques and approach towards effective access control framework[J]. Frontiers of Computer Science, 2015,9(2): 297-321.
[7]	LU J , JOSHI J B D , JIN L , et al. Towards complexity analysis of user authorization query problem in RBAC[J]. Computers ＆ Security, 2015,(48): 116-130.
[8]	糖杰, 梁邦勇, 李涓子 , 等. 语义 Web 中的本体自动映射[J]. 计算机学报, 2006,29(11): 1956-1976. TANG J , LIANG B Y , LI J Z , et al. Automatic ontology mapping in semantic Web[J]. Chinese Journal of Computer, 2006,29(11): 1956-1976.
[9]	宋利康, 崔德刚, 周儒荣 . 企业模型与 ERP 系统间映射技术[J]. 航空学报, 2007,28(6): 1513-1520. SONG L K , CUI D G , ZHOU R R . Mapping technology between enterprise model and ERP system[J]. Acta Aeronauticaet Astronau Tica Sinica, 2007,28(6): 1513-1520.
[10]	鲍翊平, 张维明, 姚莉 . 一种基于本体映射处理推荐信任信息的模型[J]. 计算机科学, 2009,36(6): 185-187,195. BAO Y P , ZHANG W M , YAO L . Model for processing recommendatory trust information based on ontology mapping[J]. Computer Science, 2009,36(6): 185-187,195.
[11]	万明, 刘颖, 张宏科 . 位置与身份分离协议下一种基于信任度模型的新型映射机制[J]. 通信学报, 2011,32(7): 133-145. WAN M , LIU Y , ZHANG H K . New mapping approach based on reputation model under locator/ID separation protocol[J]. Journal on Communications, 2011,32(7): 133-145.
[12]	卿苏德, 廖建新, 朱晓民 , 等. 网络虚拟化环境中虚拟网络的嵌套映射算法[J]. 软件学报, 2012,23(11): 3045-3058. QING S D , LIAO J X , ZHU X M , et al. Virtual network embedding algorithms in the network virtualization environment[J]. Journal of Software, 2012,23(11): 3045-3058.
[13]	BERGER J O . Statistical Decision Theory and Bayesian Analysis[M]. Springer Science ＆ Business Media, 2013.

Metrics

Recommended 0

No Suggested Reading articles found!

主体	s₁		s₂
P(pω₁)	0.9		0.005
P(pω₂)	0.1		0.995
P(at₂\|pω₁)	0.2		0.95
P(at₂\|pω₂)	0.4		0.05
ε		0.7

状态		决策
状态		pω₁	pω₂
s₁	p₁	0	1
s₁	p₂	6	0
s₂	p₁	0	1
s₂	p₂	6	0

实验所用方法	平均满意率
本文方法	96.72%
文献[5]方法	90.83%

[1]	Haibo ZHANG, Yukun CAO, Kaijian LIU, Ruyan WANG. Distributed trust management scheme based on blockchain in Internet of vehicles [J]. Journal on Communications, 2023, 44(5): 148-157.
[2]	Xuejiao LIU, Qiang ZHONG, Yingjie XIA. Efficient authentication scheme for cross-trust domain of IoV based on double-layer shard blockchain [J]. Journal on Communications, 2023, 44(5): 213-223.
[3]	Yingjie XIA, Siyu ZHU, Xuejiao LIU. Research on efficient cross trust-domain group authentication with conditional privacy of vehicle platoon under blockchian architecture [J]. Journal on Communications, 2023, 44(4): 111-123.
[4]	Wei JIN, Fenghua LI, Mingjie YU, Yunchuan GUO, Ziyan ZHOU, Liang FANG. HDFS-oriented cryptographic key resource control mechanism [J]. Journal on Communications, 2022, 43(9): 27-41.
[5]	Lin ZHANG, Xinyan WEI, Xiping LIU, Haiping HUANG, Ruchuan WANG. Trust evaluation algorithm of IoT edge server based on cooperation reputation and device feedback [J]. Journal on Communications, 2022, 43(2): 118-130.
[6]	Jiangtao DONG, Peiwen YAN, Ruizhong DU. Verifiable access control scheme based on unpaired CP-ABE in fog computing [J]. Journal on Communications, 2021, 42(8): 139-150.
[7]	Junfeng TIAN, Juntao ZHANG, Yanbiao WANG. Distributed storage causal consistency model with trusted constraint [J]. Journal on Communications, 2021, 42(6): 145-157.
[8]	Changgen PENG, Zongfeng PENG, Hongfa DING, Youliang TIAN, Rongfei LIU. Attribute-based revocable collaborative access control scheme [J]. Journal on Communications, 2021, 42(5): 75-86.
[9]	Zuobin YING, Yuanping SI, Jianfeng MA, Ximeng LIU. Blockchain-based distributed EHR fine-grained traceability scheme [J]. Journal on Communications, 2021, 42(5): 205-215.
[10]	Ruizhong DU, Peiwen YAN, Yan LIU. Fine-grained attribute update and outsourcing computing access control scheme in fog computing [J]. Journal on Communications, 2021, 42(3): 160-170.
[11]	Bibo TU, Jie CHENG, Haojun XIA, Kun ZHANG, Ruina SUN. Overview of research on trusted attestation technology of cloud virtualization platform [J]. Journal on Communications, 2021, 42(12): 212-225.
[12]	Jiawei ZHANG, Jianfeng MA, Zhuo MA, Teng LI. Time-based and privacy protection revocable and traceable data sharing scheme in cloud computing [J]. Journal on Communications, 2021, 42(10): 81-94.
[13]	Jinyin CHEN, Wenchang SHANGGUAN, Jingjing ZHANG, Haibin ZHENG, Yayu ZHENG, Xuhong ZHANG. Membership inference attacks against transfer learning for generalized model [J]. Journal on Communications, 2021, 42(10): 197-210.
[14]	Tianyi ZHU,Fenghua LI,Wei JIN,Yunchuan GUO,Liang FANG,Lin CHENG. Cross-domain access control policy mapping mechanism for balancing interoperability and autonomy [J]. Journal on Communications, 2020, 41(9): 29-48.
[15]	Zhiyong LUO,Xu YANG,Jiahui LIU,Rui XU. Network intrusion intention analysis model based on Bayesian attack graph [J]. Journal on Communications, 2020, 41(9): 160-169.

Bayes decision theory based risk minimization authorization mapping

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 7

References 13

Related Articles 15

Metrics

Recommended 0