ABAC Conflict Resolution Method Based On TF-IDF Method

With the development of distributed environment,cloud computing and big data in recent years,Attribute-Based Access Control(ABAC)has become a research hotspot.However,as the information system expand,and access control becomes more complex,the number of entity attributes of ABAC and rules will increase,which will lead the inconsistency of the ABAC evaluation result occurs more frequently.The inconsistency of the ABAC evaluation result is called policy conflict,which is caused by an access request matching multiple rules with opposite authorization decision.Policy conflict causes system cannot make authorization decision about access request,affecting the efficiency of system evaluation and even threatening system security.Thus,policy conflict must be resolved.Based on the above research background,this paper deeply analyzes the mechanism of ABAC policy conflict occurrence and proposed policy conflict resolution.The existing static policy conflict resolutions which have certain advantages can resolve policy conflict before system runs,but the policy conflict cannot be resolved entirely using static policy conflict resolutions.The existing dynamic policy conflict resolutions which are used when system is running do not have the problem of static policy conflict resolutions but are too simple.These resolutions aim at rule authorization decision,ignoring the importance of attributes in ABAC.For example,prioritizing authorization decision in advance.Therefore,this paper proposes a new policy conflict resolution based on rule weight evaluating using TF-IDF method,the feasibility and advantages of the resolution are illustrated by relevant comparative experiments.The main work of this paper is as follows:At first,we studied and analyzed the ABAC model,ABAC policy model,XACML model and the mechanism of policy conflict.Also,we analyzed existing policy conflict resolutions proposed by other researchers in this paper,and the advantages and disadvantages are summarized.Secondly,this paper proposes a policy conflict resolution based on rule weight evaluating according to the attributes of rules.This paper points out the impact of rule default attributes on system evaluating,so we came up with a method to complete the default attribute.Considering the importance of the same attribute in different rules may not be same,we propose a method to cluster rules based on an improved K-modes algorithm.The rules in the same cluster are similar,so the weight of same attribute in a cluster is also the same.Finally,this paper proposes a rareness degree evaluating method based on improved TF-IDF method and a rule weight calculating method to resolve policy conflict using rareness degree.In addition,to meet different system requirements,this paper proposes two resolution strategies and the concept of super rule,making the policy conflict resolution proposed in this paper more flexible.Finally,simulation experiments are designed to implement the policy conflict resolution based on rule weighting and compare with common policy resolution in many aspects.The feasibility of proposed method is verified according to the experiment results.In addition,compared with the traditional policy conflict resolutions,this method takes the importance of attributes and attribute values into account,so it avoids bias of resolution results when the policy conflicts occur frequently.In summary,aiming at ABAC policy conflict,this paper proposes a new policy conflict resolution based on rule weighting,which can effectively resolve the policy conflict when system is running.Compared with the common policy conflict resolution,the policy conflict resolution proposed in this paper has great advantages.