Research On The Composition Model Of Attribute-based Access Control Policy

Security interoperability between multiple access control area is the main technical means of information resources sharing across domains,but controlling access to resources within the domain defined by the policy has its unique character,lead to large differences in between the domains,which poses enmormous challenges to security interoperability.This paper from the access control policy composition point of view to solve the cross domain security interoperability issues,through the multi domain between access control policy of compositon,conflict detection,resolution,and re-composition mechanism,and sharing of information resources.The specific research contents and contributes are as follows:(1)The traditional attribute base access control mechanism in addressing the cross-domain access control problem of un-authorized,introduction of trust attribute in the subject,trust vote operator is introduced in the policy composition prosesed access control composition method based on trust.In this method,the trust attribute is added to the access control policy expression,through variation of the trust to dynamically adjust access rights for visits.At the beginning of policy composition,by trust attribute of the subject filter on the policy set,then the rest of policy define operator composition,and finally,the composition result for consistency verification.Case analysis show that this method can prevent malicious users authorized to access,reduced the number of policy compositon,improving the efficiency of policy composition.(2)For the multi domain access control policy conflicts in the process of policy composition,proposes a priority based using directed acyclic graph technology for conflict detection,using multiple priority prinple policy to resolve model composition.Between the models,we first use the method of the composition operator and the trust attribute to make the preliminary composition of the policy,and then use the priority rule,the specific policy priority rule and the model first rule to conflict resolution;In the model,the main use of the most recent task priority,high security level priority,high priority priority,the latest editorial policy priority,using attribute priority and the subject of high trust priority to conflict resolution.Through the efficiency analysis,it shows that the priority rule,in the case of ensuring the safty ofresources,the efficiency is improved.