摘要
为了解决大规模环境下的细粒度访问控制问题,挖掘出易于人工阅读、契合主体行为模式、精确完备的基于属性的访问控制(ABAC)策略,从而为安全管理员进行策略构建、维护和优化提供有力支撑,提出基于日志的富语义ABAC策略挖掘方法.该方法基于频繁模式挖掘算法,从访问日志和属性数据中挖掘契合主体行为模式的ABAC策略.对策略进行正确性和语义质量分析获得富语义ABAC策略集.通过交叉验证方法对策略集的精确性和完备性进行验证,算法在公开数据集上的F1得分为0.8375,在手写数据集上的F1得分为0.9394.在手写数据集上的验证表明,算法可以在较小训练集上得到比现有算法更高质量的策略集,所得授权规则在易读性方面有所提升.
A log-based rich-semantic attribute-based access control(ABAC)policy mining method was proposed,to deal with fine-grained access control in large-scale information system,and to mine out readable,accurate and complete ABAC policy set,which is consistent with subject behavior profiles,so as to provide strong support for security administrator on constructing,maintaining and optimizing ABAC policy set.ABAC policies consistent with subject behavior are found out from access log and attribute data by frequent pattern mining in the proposed method.The rich-semantic ABAC policy set is obtained by correctness and semantic quality analysis.The accuracy and the completeness of the method were verified using cross-validation technique.The F1-score on public dataset was 0.8375,and that on handmade dataset was 0.9394.Validation on handmade dataset indicates that the method can mine policy set with higher quality than existing ones on small train set.The improvement of semantic quality of authorization rules is also proved on the handmade dataset.
作者
毋文超
任志宇
杜学绘
WU Wen-chao;REN Zhi-yu;DU Xue-hui(Information Engineering University,Zhengzhou 450001,China)
出处
《浙江大学学报(工学版)》
EI
CAS
CSCD
北大核心
2020年第11期2149-2157,共9页
Journal of Zhejiang University:Engineering Science
基金
国家自然科学基金资助项目(61702550,61802436)
国家重点研发计划资助项目(2018YFB0803603).
