Research On Fuzzy Access Control Model Based On Context And Usage Control

With the rapid development and popularization of technology on computer network, more and more attentions are paid to information security. Access control is important technology in information security area, which ensures the legal user access relative resource and prevents the unauthorized access. The authorization of role-based access control that is used extensively is depended on identity or role of the subject. However, with the access control demand in the open network environment, custom access control is not able to meet the needs of modern information system.Based on discussion of usage access control model (UCON) and the analysis of custom access control which authorize based on sign and role lack of context information and flexible police, the solution that context is applied to access control and the access privilege is restricted by static authorization and dynamic environment is bought forward, namely, fuzzy access control based on context and usage access control. The module function and key technologies of model realization is analyzed. However, context evaluation is basis of model, and dynamic feedback control is the essential factor to implement it.Compare with traditional fuzz evaluation model, a control police of dynamic access control based on fuzz evaluation result of context is proposed. In the term of fuzz evaluation of context, the model simplified multi-factor problems to single-factor problems by using multi-hierarchy structure. The relative matrix is introduced to describe the inter-relationship among judgment factors and mapping relationship between evaluation result and evaluation elements is built. Determination of weight coefficient that integrates the multi-relation matrix through geometric mean method is improved in relation matrix method. In the term of dynamic control, the solution of dynamic control is proposed based on dynamic feedback theory. Firstly, deviation acquired through comparing current and historical context evaluation of system arise a control. Secondly, the control method for deviation based on rate of change and load-balancing is proposed, which implements dynamic adjustment of object rights based on change of context.In the end, this control model is tested by access control on FTP. The experiment result show that fuzz evaluate model based on improved relative matrix method is capable of inflect the comprehensive state of system context and improve the service capability thought dynamic feedback control, the same time, the exception in network is able to be detected.