Tongxin xuebao (Feb 2020)
Attribute-based lightweight reconfigurable access control policy
Abstract
Aiming at the severe challenges of access control policy redundancy and conflict detection,the efficiency of access control policy evaluation in complex network environment,an attribute-based lightweight reconfigurable access control policy was proposed.Taking the attribute-based access control policy as an example,the attribute-based access control policy was divided into multiple disjoint atomic access control rules according to the operation type,subject attribute,object attribute,and environment attribute in the access control policy.Complex access control policies were constructed through atomic access control rules and an algebraic expression formed by AND,OR logical relationships.A method for redundancy and collision detection of atomic access control rules was proposed.A method was proposed for decompose a complex access control policy into equivalent atomic access control rules and an algebraic expression.The method for redundancy and collision detection of complex access control policies were proposed through redundancy and collision detection of equivalent atomic access control rules and algebraic expressions.From time complexity and space complexity,the efficiency of the equivalent transformation access control policy was evaluated.It showes that the reconstruction method for access control policy greatly reduces the number,size and complexity of access control policy,improves the efficiency of access control policy redundancy and collision detection,and the efficiency of access control evaluation.
