云平台访问控制自适应风险评估指标权重分配方法

Adaptive weight allocation method of risk assessment index for access control of cloud platform

针对云平台风险访问控制模型中风险评估指标权重主观设定且固定的问题,提出自适应风险评估指标权重分配方法。首先,通过带约束的多元线性回归设计自适应风险评估指标权重分配模型;然后,提出并优化配方回归算法求解相应权重;最后,构建带有自适应权重分配的风险值量化公式,动态计算访问请求的风险值。实验结果表明,该方法与动态风险访问控制(DRAC)模型、基于系统安全风险的访问控制模型相比,在训练集数量级相同的条件下,其风险值的准确率和灵敏度平均提升了2.8%和18.5%、1.7%和18.7%。该方法与DRAC模型、基于动态属性的风险感知访问控制(DA-RAAC)模型以及基于系统安全风险的访问控制模型相比,在访问请求数量相同的条件下,响应时间平均缩短了9.2%、34.6%和96.6%。所提方法在大并发用户数情况下所得风险值有较高的准确率和灵敏度,且响应时间更短,更适用于云环境。

Aiming at the subjective and fixed setting problems of risk assessment index weight in risk access control model of cloud platform, an adaptive weight allocation method of risk assessment index was proposed. Firstly, the the adaptive weight allocation model of risk assessment index was designed through a multivariate linear regression with constraints.Secondly, the programming regression algorithm was proposed and optimized to solve the corresponding weight. Finally, the quantitative formula of risk value with adaptive weight allocation was constructed to calculate the risk value of access request dynamically. The experimental results show that, compared with the Dynamic Risk-based Access Control（DRAC） model and the access control model based on system security risk, the accuracy and sensitivity of risk value of the proposed method are averagely increased by 2. 8% and 18. 5%, 1. 7% and 18. 7% with the same order of magnitude training set. Compared with the DRAC model, Dynamic Attribute-based Risk Aware Access Control（DA-RAAC） model and the access control model based on system security risk, the response time of the proposed method is averagely shortened by 9. 2%, 34. 6% and 96. 6%with the same number of access requests. The proposed method has higher accuracy and sensitivity in the risk value of large concurrent users, and its response time is shorter, which is more suitable for cloud environment.