An Access Control Extended Framework Based On Immune Algorithm

As the popularity of Internet technology, the computer has entered the large enterprises and households; there is no doubt that the computer brings much convenience to people in the work and life. Because of the illegal access of hackers, users who lack of security awareness give important rights permission to a low of users unconsciously. As a result many important data are accessed by user who is unauthorized. Therefore control the user's access request is necessary. In addition, the fine features of biological immune attract the attention of many scholars, the immune system used in the field of information security is a typical application.Research on access control has been a very long history from a single policy development to multiple security policies. Generalized Framework for Access Control (GFAC) is a typical Multiple security policies. The disadvantage of GFAC is query access control information/access control rules (ACI/ACR) frequently, which lead to inefficiencies. Based on the in-depth study and research on the learning and detection mechanism of biological immune system, this paper present an access control expansion framework based on immune algorithm. The emphasis of access control expansion framework is the application of immune algorithm to access control decision.Different with the traditional GFAC, extended framework has the following characteristics:First, when a new access request is decided, we use the access control policy decision module based on immune algorithm in a single strategy. Second, we use priority rules to combine of multiple strategies to form the final decision results. Third, increase a cache. When the GFAC make a decisions need to call ACI/ACR every time which lead to inefficiency, the paper added a cache for storing the results of access control policy to reduce the time overhead.In the Immune-based access control decision model, we will make the subject, object, operation and other information requested to present the antigen. Then, the legitimate request/illegal requests on access control are defined,and introduce their representation and matching methods content. The model use the model detector decision-making the new request to decide whether to allow the access request, this goal is to accurately distinguish between legitimate requests and illegal requests. Because decision-making detectors is used to judge the request, so the text describe the generation and the life cycle of the decision detector. Finally, make a experiment for the model. In the experiment, we analyze the system error rate of positive rate and false negative. The results show that the model has been our desired results. But the test is not carried out in real life, so parameter settings may also not very accurate, so we can work in the future to perfect the experiment.