An Self-adaptive BLP Optimal Model Employing Conditional Random Fields

Access control mechanism is an important way to keep data secure,which uses a certain approach to explicitly allow or limit access right so that constraint is imposed on users' access to some particular resources,thus avoiding illegal users' access and security issues resulting from misoperation by valid users.However,most current access control models are short of the dynamic perception to system secure state and risk,access control polic y and rule won't be changed during the whole system operation and state transition process once the y are determined,this may bring opportunity for s ystem attacker to find vulnerability and make the system risky.To solve the problem,the paper proposes a mandatory access con trol adaptive optimization strategy based Conditional Random Fields model on system access log data.The main work is as follows.Firstly,CRFs-BLP is presented.The model directs at parameter estimation,feature function,model inference procedure on CRF s.Discretionar y security,simple security and * property are defined to MAC model.Then the system,system state,transition rules between states and constraint model are defined.The paper makes improvement aiming at excessive permission of trusted subje ct and insecure issues caused by skip-level access in this model.On this basis,the securit y of CRFs-BLP model is analyzed and proved,the result shows the proposed CRFs-BLP model has the same securit y performance as BLP model.Secondly,training rules al gorithm and result prediction algorithm of CRFs-BLP model are presented.At first,the system access log is preprocessed,the feature vector is extracted,feature template is defined for the manual annotation of data set,and thus the input set is obtained.The next is training and prediction process to generate the auto-flag for log data in test set.On this basis,an algorithm to rule optimization and generation for test set flag data is proposed.The algorithm is able to learn and predict result of system access log so that the model rules can be d ynamically adjusted according to the current system security state and event,and limits the read-write scope of sensitive objects in a dynamic way.Finally,M ySQL-based strategy is designed and implemented.The s ystem realizes the mandatory access control strategy in the paper and optimizes the log module in MySQL open y source database s ystem for the subsequent analysis and audit.The experiment shows in improved M ySQL database,through learning and training the s ystem access log,to solve the potential risk of permission setting in original M ySQL tables,the access right of users is revised d ynamically to improve the system security,it shows the system is of great value in application.