Research On Attribute-Based Access Control Model And Strategy

In the information age,with the extensive application of the network in various fields,the increasing cooperation between various fields and departments,the security risks arouse by the resource sharing and interoperability of different security domains attract more and more people's attention.In order to solve the problem of resource authorization access control in open network environment,this paper has improved and perfected the Attribute-Based Access Control(ABAC),and proposed the MC_ABAC model.A strategy conflict detection algorithm is proposed for the problem of policy conflict in Attribute-Based Access Control Model.The main contents of this paper are as follows:1.This paper analyzes the advantages and shortcomings of Attribute-Based Access Control Model and traditional access control model,and designs the attribute matching consultation mechanism for ABAC model,aiming at attribute acquisition method,the problem of identity privacy for subject/ object and sensitive attribute protection problem.Based on the theory of automatic trust consultation and RSA-based OSBE scheme,the attribute information of the subject/ object is classification matched by the attribute consultation matching tabl.At last,proposing the improved ABAC model(MC_ABAC model).2.In order to solve the problem of policy conflict in ABAC model,a strategy conflict detection algorithm suitable for ABAC model is proposed.Firstly,the conflict form of ABAC model is defined and regulated,and then the ABAC strategy attribute and attribute range are decomposed.The process of conflict detection is described and analyzed by the strategy attribute decomposition flow chart and the strategy attribute decomposition matrix.The performance of the algorithm is tested and analyzed by designing the simulation experiment.The results show that the proposed algorithm can detect the conflict of the ABAC model effectively.3.In order to further verify the feasibility and practicability of MC_ABAC access control model proposed in this paper,a digital book resource management system based on MC_ABAC model is designed and implemented.Through the.NET platform,the application process of the automatic trust negotiation function module in the MC_ABAC model is analyzed in the application process of the student user to download the book resource as an example.The results show that the construction of the MC_ABAC model provides a fine-grained solution for the information management system's security management issues in terms of authorized access.