Access Control Policy Visualization Analysis On Cross-domain Information Exchange

With the development of network technology, more and more network information service needs to achieve cross-domain safety interoperation which means to achieve cross-domain information interaction. Each domain should accomplish information sharing with other domains after guarantying their own autonomy, such as collaborative computing, distributed storage, etc. The large set of the cross-domain access control policies makes the management a complicated task.Visualization as a communication medium plays an important role in dealing with complex data structure. It changes the data people cannot understand into the visual form which man can accept directly. The policy information visualization technology can express the logical relation of the complex information intuitively which can effectively improve the management ability of the multi-domain policy integration.The thesis takes multi-domain access control policies as its object and mainly discusses how to solve the difficulties when administrator dealing with the multi-domain access control policy integration conflicts. Firstly, it demonstrates the role based access control model, which is the basic access control model in this thesis. In addition, for complexity of cross-domain information exchange, we came up with two problems which can guarantee the correctness and effectiveness. One is the separated-domain statistical information of multi-domain policy integration conflicts the other is the policy element levels of inter-domain and element mapping of cross-domain. Meanwhile, we introduced the information visualization methods. Then, this thesis analyzed the data structure of these two problems. We use tree-maps algorithm to statistically analyze quantity and type of the policy integration conflicts. On that basis, the semantic substrates algorithm is applied to concretely analyze the policy element levels of inter-domain and role and permission mapping of cross-domain. Finally, the corresponding visualization tool is developed and administrators can catch the conflict information easily through the interactive visual interface. Experimental result shows tree-maps and semantic substrates can effectively analyze the conflicts of multi-domain policy integration and have a good application value.