| With the development of network technology,people's daily life has been produced more and more far-reaching impact by network,while bring great convenience to people,along with the resulting network security threats are also more and more intense.Network security issues have seriously hindered the further development and popularization of network technology.Access control is one of the key technologies to ensure network security,which allows authorized subjects to access certain objects while denying service to unauthorized subjects.In the context of access control research,user authorization queries(UAQ)issues is to determine whether there exists an optimum set of roles to be activated to provide a particular set of permissions requested by a user.The high-level privilege assignment constraint ensures the safety and availability requirements of the access control system when performing a task.The study of intractable problems in access control authorization and constraints is the key issues to ensure the confidentiality,completeness and usability of the information in the access control system,and it is also a key issue to promote the sustainable healthy development of the access control system.As the UAQ problem does not consider the natural properties of the weighted permissions,which results in a situation that cannot be applied to a practical access control system,that the weight of the permission is sensitive to the task.We propose a new weighted UAQ(WUAQ)problem for such situations,and consider the role-weighted-cardinality constraint and the permission-weighted-cardinality constraint.We also study the computational complexity of different subcases of WUAQ,and show that many instances in each subcase are intractable(NP-hard).An efficient binary evolution(BE)algorithm is proposed to approximate solve the WUAQ problem of optimal redundant weight of permissions.The algorithm preserves the optimal first half population in the evolution process,and uses optimal half population to cross and mutation to produce the next generation solution.In particular,the algorithm can be easily modified to handle other subcases of the WUAQ problem.The experimental results show that the BE algorithm can maintain a high accuracy while improving the computational efficiency.Existing permission assignment constraints pay more attention to ensure the safety,however the availability for the system has been ignored,this paper proposes a high-level permission assignment constraint to satisfy the safety and availability requirements simultaneously.We define the safety checking problem and consistency checking problem,which determines whether an access control state can satisfy a high-level permission assignment constraint,and whether there exists a valid access control state to satisfy a set of high-level permission assignment constraints.The computational complexity of the safety checking problem and the consistency checking problem have shown that both of these two problems are intractable(NP-complete,NPNP)in general.We also designed an optimized algorithm for the consistency checking problem.This algorithm removes the unnecessary constraints and the access control state by preprocessing,and then reduce to a SAT solver to absorb its advantages in terms of computational efficiency.Experiment results show the effectiveness of the proposed algorithm. |
PDF Full Text Request