ATPCRM:一种面向ABAC的双阶段访问策略冲突消解机制

ATPCRM:an ABAC-oriented Two-stage Access Policy Conflict Resolution Mechanism

当前,面向ABAC(Attribute-based Access Control)的访问策略冲突消解机制在消解冲突时,多数存在偏向性和粗粒度的消解结果,且部分机制在利用策略规则中的属性项消解策略冲突时,因对属性项处理不当,进而降低了消解结果的准确性和效率.为了解决上述情况,提出一种面向ABAC的双阶段访问策略冲突消解机制:ATPCRM(ABAC-oriented Two-stage Access Policy Conflict Resolution Mechanism,ATPCRM).首先,ATPCRM由系统运行前的访问策略冲突预消解与系统运行时的访问策略冲突消解组成,通过两个阶段的冲突消解,在提高消解粒度的同时,进一步地降低系统运行时用于冲突消解的时间消耗;其次在系统运行前的访问策略冲突预消解阶段,提出策略规则集预处理算法和策略规则权重评估算法,通过改进K-prototypes聚类算法和TF-IDF算法并应用其中,使访问策略以规则权重的形式实现策略冲突预消解;最后在系统运行时的访问策略冲突消解阶段,提出新加载规则缓冲区和自适应访问策略冲突类型的冲突消解策略,通过消解预消解阶段没有完全消解的冲突,进而提高冲突消解的效率、准确性和粒度.实验结果表明,ATPCRM可以达到预期的冲突消解结果,同时在一定程度上提高了冲突消解的效率.

Currently,most of the ABAC(Attribute-based Access Control)access policy conflict resolution mechanisms have biased and coarse-grained resolution results when resolving conflicts,and some of the mechanisms use the attribute items in the policy rules to resolve policy conflicts,and then the accuracy and efficiency of the resolution results are reduced due to improper handling of the attribute items.To address the above situation,an ABAC-oriented two-stage access policy conflict resolution mechanism is proposed:ATPCRM(ABAC-oriented Two-stage Access Policy Conflict Resolution Mechanism,ATPCRM).Firstly,ATPCRM consists of pre-processing access policy conflict resolution before system operation and access policy conflict resolution during system operation,which further reduces the time consumption for conflict resolution during system operation while improving the granularity of resolution through two-stage conflict resolution.Finally,in the access policy conflict resolution phase at system runtime,we propose a conflict resolution strategy with newly loaded rule buffers and adaptive access policy conflict types,which can improve the conflict resolution efficiency by eliminating the conflicts that are not completely eliminated in the pre-decision phase.The proposed conflict resolution strategy can improve the efficiency,accuracy and granularity of conflict resolution by resolving conflicts that are not completely resolved in the pre-disruption phase.The experimental results show that ATPCRM can achieve the expected conflict resolution results and improve the efficiency of conflict resolution to a certain extent.