Research And Application On Dynamic Access Contrl Policy Based On Hierarchical Description

With the rise of Internet of Things,the emergence of big data and the progress of global informatization,it's significant to protect the information security which had affected the development and use of various application systems.Access control is an important technology to protect the information security,and access control is utilized to ensure that the resources can be used reasonably,thus it has a great and practical significance.The description method of access control policy is an important part of access control,so it has become a hot spot in current research.The traditional access control policy have difficulty in describing the policy elements dynamically without a dynamic policy,thus it can't protect information securely.Meanwhile,the dynamic of access control policy will affect the description of activity which is the core element in business process management,and it certainly influence the description and maintenance costs of business process.To solve these problems,we put forward a dynamic access control policy description method which based on hierarchical description,and we use this method for its advantage of expression in the dynamic generation and matching policy.To make use of the dynamic description and matching method,we put forward a description method of business process management on the dynamic description and execution of activities.The content of research is as follows:(1)A dynamic access control policy which based on hierarchical description method is proposed.Firstly,we use attributes to describe the subject,operation,and object by predication.Next,we randomly joint two elements and produce the relationship of these by layered matching rules,and the layered matching rules contain subject-operation,operation-object and object-subject rules;the dynamic generation of policy refers that we use a generation algorithm to extract a complete policy P according to the three layered matching rules,then P should be added into the policy database;when an access control request occurs,we can extract a policy Pcontext;the dynamic matching refers that we use an unify algorithm to make a match between policy Pcontext and P,and the dynamic matching answer indicates whether the subject can perform the access operation to the corresponding object.If the matching answer is success,it is permit,otherwise it is deny.Due to the hierarchical description,the policy have good dynamics;when the environment take changes,we only need to modify the relative attribute instead of the whole policy,thus it has the advantage of low maintenance costs.(2)A business process description prototype method is proposed after drawing the dynamic description and matching of access control policy.Firstly,the concrete method is to describe the elements of activity in a hierarchical description,namely the elements contain code,processing data,access control policy,other constraints.Next,the workflow engine will make a dynamic match according to the context information which contains processing data,access control requests,and constraints;Finally,the dynamic matching can select the activities which meet the requirements of elements.Above all,this method dynamically calculate the next activity instead of the static designation,thus the flexibility is improved.In this way,activities have high reusability and maintainability;when the context information take changes,we can aim at the targeted activity instead of the entire process,so this method has good dynamics and low cost.