Research On Object Granularity Measurement And Decision Method In Access Control System

In recent years,network information security incidents frequently happen.The reason of the frequent occurrence of security incidents is not simply caused by system vulnerabilities,but more likely caused by the unreasonable setting of system access rights.A key point about the undesirable permission setting is that the permission granularity setting is not reasonable enough.If the granularity of access rights is set too thick,it will lead to the risk of unintentional disclosure of information,meanwhile,it cannot effectively prevent malicious attacks by various Trojans.However,too fine-grained permission setting will conversely lead to a cumbersome authorization process from the subject access to the object access.This may increase the chance of manual management errors,thereby causing network security problems.Therefore,how to appropriately choose the granularity of access rights in the corresponding control system is obviously significant.At present,the selection of access permission granularity mainly depends on the relevant principles and practices of information system security engineering and the industry experience of information security engineers.However,with the increasing complexity of rights management requirements in information systems,traditional manual management methods cannot cope with it,and there is an urgent need for an automated tool to assist in the decision-making of rights granularity.However,the current authority granularity selection theory cannot support the above work,which is manifested by the lack of object granularity metrics and the lack of optimal object granularity selection methods.Owing to the two problems above,this paper mainly focuses on the exploration of metrics and selection methods in the permission granularity setting based on granular computing,rough sets and multi-granularity decision theory,and then proposes the object granularity measurement basis and the optimal object granularity selection method,respectively.In view of the possibilities when increasing the number of objects,the paper gives an improved method for object granularity decision.The main research contents and related work of this article are as follows:(1)Multi-level granularity measurement method of object granularityAiming at the lack of measurement theory on the automatically setting the granularity of access rights,a multi-granularity object granularity decision model is proposed.The model mainly uses multi-granularity decision theory and will take different granularities according to the scope of object access rights.The model construction process is the expansion process from the decision model of single granularity level to the decision model of multiple granularity levels.The main feature of the decision-making model at the singlegranularity level is that there is only one standard for marking scales that measure the granularity of object permissions.When there are two or more of this standard,a multi-level granularity decision model can be constructed.(2)Object granularity decision methodIn view of the lack of automatic selection of the optimal access object granularity method in the access control system,an object granularity decision method that can select the appropriate access authority for the user is proposed.This method uses the idea of granular computing and rough set theory.In the object granularity decision model,the access objects are divided,and the relationship between the divided results is compared,and then the coordination of the model is judged to achieve the purpose of selecting the optimal object granularity of authority.According to the size of the development project,the choice of optimal object granularity is divided into global optimal object granularity selection and local optimal object granularity selection.(3)Optimization of the decision-making method of the granularity of the object when the object increasesAbove researches find a derivative problem,that is,when the number of objects increase,the decisionmaking process becomes sort of cumbersome and takes a longer time,so the method needs to be improved accordingly.The main improvement work focuses on two aspects: one is for the selection of global optimal object granularity.Propose a new method of using tree structure selection,so that the division of objects and the judgment of model coordination can be carried out at the same time;The second method is for the selection of local optimal object granularity.In order to save time,it is proposed to parallelize the selection process of dividing the access object.