Design And Implementation Of Access Control Based On Microservices

The rapid development and widespread popularity of network information systems has effectively enhanced the speed of information flow in the network,making the transmission and interaction of network information extremely frequent.And in recent years,the increase in the market share of smart mobile devices has made it easier for people to access network information,which greatly facilitates personal lives.However,profit-driven loopholes in information systems and inadequate regulatory measures have led to frequent problems with network information security.With the constant change in the number of users and the increasing number of user attributes,it becomes more and more troublesome for the information system to control the users,and it is difficult for the traditional access control technology to carry out fine-grained control of the users.Attribute-based access control model is very good at fine-grained control,where subject,object,environment,and operation attributes can be calculated based on policy to determine whether a user's access request can be passed or not.At the system design level,access control functions will be designed to address the upgrade and maintenance difficulties that are often coupled in information systems.The access control functions in the information system are extracted separately and made into an access control module,which is used in the microservice architecture and functions.The aspects are designed and implemented in detail.The main work of this paper consists of the following three parts:(1)To address the time-consuming phenomenon of traditional access control policy retrieval algorithms in retrieving policies,a sparse index and hash table based of the policy retrieval algorithm,by constructing a multi-level retrieval system,it can effectively reduce the number of policy matches,thus reducing the number of policy retrieval time consumption.The experimental results validate the effectiveness of the policy retrieval algorithm based on sparse indexes and hash tables.(2)This article designs the architecture that can support high concurrency and high availability of access control modules for the performance problems that may arise from access control modules that are independent from the information system.Based on the microservice architecture technology,the basic structure of the access control module is designed and built for the three levels of traffic access layer,microservice management layer and microservice layer.(3)Finally,the access control module is designed and implemented in detail.According to the implementation reference of attribute-based access control model given by NIST,the large access control module is split into attribute collection microservices,policy management microservices,policy retrieval microservices and policy conflict handling microservices.From the perspective of information system administrators,in the policy conflict handling microservices,from the perspective of information system administrators,a fine-grained priority algorithm based on attribute clustering is proposed.This algorithm can solve the problem of policy conflicts more completely.