期刊文献+

异常权限配置下的角色挖掘方案

Role Mining Scheme with Abnormal Permission Configuration
下载PDF
导出
摘要 角色挖掘是构建RBAC系统的常用方法,但目前的角色挖掘方案在设计时未考虑原始系统存在异常权限配置问题,导致角色挖掘的结果可能包含错误的角色权限配置,给系统带来极大的安全风险。针对该问题,文章提出一种异常权限配置下的角色挖掘方案。首先在用户聚类部分引入Canopy预聚类,通过预聚类提取子集交叠数据,缩小后续谱聚类计算量;然后结合预聚类结果优化谱聚类的初始值选取,并针对访问控制数据由布尔值表示的特点,采用杰卡德距离和汉明距离相结合的方式对Canopy预聚类和谱聚类的距离进行度量,提高用户聚类效果;最后对异常权限配置检测规则进行细化,利用修正后的用户聚类结果进行角色挖掘。实验结果表明,该方案能够有效发现异常权限配置,提高角色挖掘效率。 Role mining is a common method to build RBAC system.However,the current role mining schemes don’t detect the abnormal permission configuration in the original system,so that the result of role mining may contain the wrong role permission configuration,which brings security risks to the system.To solve the above problem,role mining scheme tolerating abnormal permission configuration is proposed.First,Canopy preclustering is introduced to reduce the subsequent spectral clustering calculation in the user clustering part by extracting the subset overlapping data.Then,the initial value selection of spectral clustering was optimized by combining the preclustering results,and the distance of Canopy preclustering and spectral clustering was measured by combining Jakard distance and Hamming distance,aiming at the characteristics that access control data are represented by Boolean values,so as to improve user clustering effect.Finally,the abnormal permission configuration detection rules are refined,and the modified user clustering results are used for role mining.Experimental results show that the scheme can find abnormal permission configuration effectively and improve the efficiency of role mining.
作者 沈卓炜 范琳丽 华童 王科翔 SHEN Zhuowei;FAN Linli;HUA Tong;WANG Kexiang(School of Cyber Science and Engineering,Southeast University,Nanjing 211189,China;Key Laboratory of Computer Network and Information Integration of Ministry of Education,Southeast University,Nanjing 211189,China;Chinese Aeronautical Establishment,Beijing 100029,China)
出处 《信息网络安全》 CSCD 北大核心 2022年第11期7-16,共10页 Netinfo Security
基金 国家重点研发计划(2018YFB1800602)。
关键词 角色挖掘 Canopy预聚类 谱聚类 异常权限配置检测 role mining Canopy preclustering spectral clustering abnormal permission configuration detection
  • 相关文献

参考文献6

二级参考文献17

共引文献78

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部