Cross-domain access control policy mapping mechanism for balancing interoperability and autonomy

Tianyi ZHU; Fenghua LI; Wei JIN; Yunchuan GUO; Liang FANG; Lin CHENG

doi:10.11959/j.issn.1000-436x.2020157

您当前的位置：

首页 >

文章列表页 >

Cross-domain access control policy mapping mechanism for balancing interoperability and autonomy

Papers | 更新时间：2024-06-05

- Cross-domain access control policy mapping mechanism for balancing interoperability and autonomy
- Journal on Communications Vol. 41, Issue 9, Pages: 29-48(2020)
- 作者机构：
  
  1. 中国科学院信息工程研究所，北京 100093
  2. 中国科学院大学网络空间安全学院，北京 100049
  3. 中国信息安全测评中心，北京 100085
- 作者简介：
- 基金信息：
  
  The National Key Research and Development Program of China(2016QY06X1203);The National Natural Science Foundation of China(U1836203);The Strategic Priority Research Program of the Chinese Academy of Sciences(XDC02040400);The Key Research and Development Program of Shandong Province(2019JZZY020127)
- DOI：10.11959/j.issn.1000-436x.2020157
  CLC： TN929
- Online First：2020-09，
  
  Published：25 September 2020
- 稿件说明：
移动端阅览
Tianyi ZHU, Fenghua LI, Wei JIN, et al. Cross-domain access control policy mapping mechanism for balancing interoperability and autonomy[J]. Journal on Communications, 2020, 41(9): 29-48.
DOI：

Tianyi ZHU, Fenghua LI, Wei JIN, et al. Cross-domain access control policy mapping mechanism for balancing interoperability and autonomy[J]. Journal on Communications, 2020, 41(9): 29-48. DOI： 10.11959/j.issn.1000-436x.2020157.

摘要

跨域访问控制虽然能提升互操作性，但也可降低域内自治性，因此如何平衡域间互操作性和域内自治性是一个重要的问题。针对该问题，提出一种基于多目标整数规划优化的跨域访问控制策略映射机制。在该机制中，将最大化域间互操作性和最小化域内自治性作为目标函数，将7类典型的跨域冲突作为约束函数，设计了一种带约束的 NSGA-III 优化算法。实验结果表明，在模拟现实机构特征的大中规模数据集上，该算法拥有较快收敛速度，且解集具有较高的准确性。

Abstract

Cross-domain access control can improves interoperability but reduces intra-domain autonomy.To balance inter-domain interoperability and intra-domain autonomy

a cross-domain access control policy mapping to the problem of multi-objective integer optimization programming was formulated.Both the maximization of inter-domain interoperability and the minimization of intra-domain autonomy were taken as the objectives.Further

seven constraints were designed to prevent typical cross-domain conflicts.To solve the optimization problem

a constrained NSGA-III algorithm was proposed.The experimental results show that the proposed algorithm can quickly converge and accurately find the policy mapping even in the large-scale datasets.

关键词

Keywords

references

JOSHI J B D , BERTINO E , GHAFOOR A . Temporal hierarchies and inheritance semantics for GTRBAC [C ] // Proceedings of the seventh ACM symposium on Access control models and technologies . New York:ACM Press , 2002 : 74 - 83 .

DU S , JOSHI J B D . Supporting authorization query and inter-domain role mapping in presence of hybrid role hierarchy [C ] // Proceedings of the eleventh ACM symposium on Access control models and technologies . New York:ACM Press , 2006 : 228 - 236 .

ZHANG Y , JOSHI J B D . A request-driven secure interoperation framework in loosely-coupled multi-domain environments employing RBAC policies [C ] // 2007 International Conference on Collaborative Computing:Networking,Applications and Worksharing . Piscataway:IEEE Press , 2007 : 25 - 32 .

SHAHRAKI A S , RUDOLPH C , GROBLER M . A dynamic access control policy model for sharing of healthcare data in multiple domains [C ] // 2019 18th IEEE International Conference On Trust,Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering . Piscataway:IEEE Press , 2019 : 618 - 625 .

UNAL D , ÇAGLAYAN M U . A formal role-based access control model for security policies in multi-domain mobile networks [J ] . Computer Networks , 2013 , 57 ( 1 ): 330 - 350 .

KAPADIA A , MUHTADI J A , CAMPBELL R H , et al . IRBAC2000:secure interoperability using dynamic role translation [C ] // Proceedings of the International Conference on Internet Computing . Saarland:DBLP , 2000 : 231 - 238 .

AL-MUHTADI J , KAPADIA A , CAMPBELL R , et al . The A-IRBAC 2000 model:administrative interoperable role-based access control [R ] . Urbana-Champaign:University of Illinois ,(2001-01)[2020-05-08 ] .

SHEHAB M , BERTINO E , GHAFOOR A . SERAT:secure role mapping technique for decentralized secure interoperability [C ] // Proceedings of the tenth ACM symposium on Access control models and technologies . New York:ACM Press , 2005 : 159 - 167 .

SHAFIQ B , JOSHI J B D , BERTINO E , et al . Secure interoperation in a multidomain environment employing RBAC policies [J ] . IEEE Transactions on Knowledge and Data Engineering , 2005 , 17 ( 11 ): 1557 - 1577 .

FAN K , BAI Y , XU H , et al . A secure cross-domain access control scheme in social networks [C ] // IEEE International Conference on Communications . Piscataway:IEEE Press , 2019 : 1 - 6 .

DIAO L , WANG H , ALSARRA S , et al . A smart role mapping recommendation system [C ] // 2019 IEEE 43rd Annual Computer Software and Applications Conference . Piscataway:IEEE Press , 2019 ,( 2 ): 135 - 140 .

DIAZ-LOPEZ D , DOLERA-TORMO G , GOMEZ-MARMOL F , et al . Managing XACML systems in distributed environments through meta-policies [J ] . Computers ＆ Security , 2015 ( 48 ): 92 - 115 .

ZHANG Q F , LI H . MOEA/D:a multiobjective evolutionary algorithm based on decomposition [J ] . IEEE Transactions on evolutionary computation , 2007 , 11 ( 6 ): 712 - 731 .

DAS I , DENNIS J E . Normal-boundary intersection:a new method for generating the pareto surface in nonlinear multicriteria optimization problems [J ] . SIAM journal on optimization , 1998 , 8 ( 3 ): 631 - 657 .

Views

806

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

Optimization of air-ground cooperative communication performance for UAV-mounted STAR-RIS

Research on access control for secure cross-domain data circulation

Time-triggered stream scheduling method combining no-wait and time-slot mapping reuse

Resource allocation algorithm for multi-beam LEO satellite based on decision performance evaluation

LEO satellite constellation design with multi-QoS guarantee for non-terrestrial network

Related Author

Wang Erfu

Zhou Tao

Han Zhengjiang

LI Fenghua

LI Heng

SHI Xinyi

GUO Yunchuan

GUO Shoukun

Related Institution

Electronic Engineering College, Heilongjiang University

National Geomatics Center of China, Ministry of Natural Resources of the People’s Republic of China

State Key Laboratory of Cyberspace Security Defense

College of Computer,National University of Defense Technology

Guangxi Key Laboratory of Trust Software, Guilin University of Electronic Technology

AI问答

⁰