CN114282591A - Dynamic security level real-time division method, terminal equipment and storage medium - Google Patents
Dynamic security level real-time division method, terminal equipment and storage medium Download PDFInfo
- Publication number
- CN114282591A CN114282591A CN202111369332.3A CN202111369332A CN114282591A CN 114282591 A CN114282591 A CN 114282591A CN 202111369332 A CN202111369332 A CN 202111369332A CN 114282591 A CN114282591 A CN 114282591A
- Authority
- CN
- China
- Prior art keywords
- security level
- data resource
- desensitization
- data
- real
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 38
- 238000000586 desensitisation Methods 0.000 claims abstract description 50
- 230000003068 static effect Effects 0.000 claims abstract description 27
- 238000013507 mapping Methods 0.000 claims abstract description 9
- 238000004590 computer program Methods 0.000 claims description 19
- 238000000638 solvent extraction Methods 0.000 claims description 19
- 238000013475 authorization Methods 0.000 claims description 13
- 230000006870 function Effects 0.000 claims description 6
- 238000007726 management method Methods 0.000 description 3
- 230000002265 prevention Effects 0.000 description 3
- 230000035945 sensitivity Effects 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 2
- 230000003247 decreasing effect Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000004927 fusion Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention relates to a dynamic security level real-time division method, terminal equipment and a storage medium, wherein the method comprises the following steps: s1: setting classification dimensions of the data resources and categories contained in each classification dimension, setting static security levels according to the categories of the data resources in different classification dimensions, and constructing a static security level mapping table according to the static security levels; s2: initializing and setting a desensitization lower bound L, a desensitization period T, a desensitization rate k (.) and a desensitization mode M; s3: after receiving the data resource, searching a corresponding static security level x from a static security level mapping table; s4: judging whether the data resource is in an open state, if so, setting the dynamic security level y of the data resource as a desensitization lower bound L; otherwise, go to S5; s5: and calculating the real-time dynamic security level according to the desensitization period of the data resource acquired in real time: the invention introduces data open control and data desensitization control to realize real-time controllability of the security level of the data resources.
Description
Technical Field
The invention relates to the field of big data processing, in particular to a dynamic security level real-time division method, terminal equipment and a storage medium.
Background
Data fusion, circulation and sharing in the big data era are inevitable trends, data with different sensitive levels inevitably coexist in the process, and relevant operations performed on the data in a non-sequential manner may cause privacy disclosure and other important risks in safety. How to implement corresponding safety protection measures for data resources with different sensitivity levels and improving the safety of data in the access process are key contents of data governance at present.
The different roles have different requirements on the management and the use of data, the data required by a user rather than the data beyond the authority range is provided during the circulation and the sharing of the data, and the data classification management is the basis for the authorization of the data when the data is opened. Most of the hierarchical classification that has fallen to the ground is a static process, and does not consider the following problems: the sensitivity of the data resource may change along with the deduction of the state and time in the life cycle, and the traditional authorization mode follows the mode that the authority of the visitor can be authorized when the authority of the visitor is higher than the data sensitivity level, and cannot meet the safety prevention and control requirements of cross-system, cross-field and cross-service.
At present, strict specifications are not provided in the process of defining and using data, and practical unified standards are lacked, such as 'industrial data classification guideline (trial implementation)' and 'financial data security classification guideline', which are generally standing at the angle of enterprises, and performing classification engineering on the basis of meeting self business requirements, so that the method has the characteristics of strong subjectivity, high maintenance difficulty and inflexible classification mode, and the classification management is very important for role-based authorization control.
Disclosure of Invention
In order to solve the above problems, the present invention provides a dynamic security level real-time partitioning method, a terminal device and a storage medium.
The specific scheme is as follows:
a dynamic security level real-time division method comprises the following steps:
s1: setting classification dimensions of the data resources and categories contained in each classification dimension, setting static security levels corresponding to the data resources according to the categories of the data resources in different classification dimensions, and constructing a static security level mapping table according to the static security levels of the data resources corresponding to all the categories in all the classification dimensions;
s2: initializing and setting a desensitization lower bound L, a desensitization period T, a desensitization rate k (& gt) and a desensitization mode M, wherein when M is 0, the desensitization of the data resource in an abrupt mode is represented, and when M is 1, the desensitization of the data resource in a gradual mode is represented;
s3: after receiving the data resource, searching a static security level x corresponding to the data resource from a static security level mapping table according to the data resource category of the data resource under different classification dimensions;
s4: judging whether the data resource is in an open state, if so, setting the dynamic security level y of the data resource as a desensitization lower bound L; otherwise, go to S5;
s5: according to the desensitization period t of the data resource obtained in real time, calculating the real-time dynamic security level y corresponding to the data resource by the following formula:
wherein H (.) represents a step function, and θ represents 0 to
The variable in (a) to (b),
means not more than
Is the maximumAnd (4) counting.
Furthermore, the classification dimension of the data resource comprises two classification dimensions of a resource attribute and a service field.
Further, the class included in the service domain dimension is divided into two stages, wherein the first stage includes a1、a2Two primary categories, each of which contains a plurality of secondary categories, specifically: a is1Containing 3 secondary classes a11,a12,a13}、a2Containing 2 second-level classes { a }21,a22}; the resource attribute dimension includes categories divided into two levels, where the first level includes b1、b2、b3Three primary categories, each of which contains a plurality of secondary categories, specifically: b1Containing 3 secondary classes b11,b12,b13}、b2Containing 2 second-level classes b21,b22}、b3Containing 3 secondary classes b31,b32,b33}。
Further, the security level is classified into 5 levels, and the higher the security level is, the larger the access restriction is.
Further, whether the data resource is in the open state is controlled by an open state adjustment parameter s, and when s is 1, the data resource is in the open state; when s is 0, it indicates that the data resource is in an unopened state.
An authorization method based on dynamic security level real-time division comprises the following steps:
s101: when a data resource access request is received, extracting role information of an accessor and accessed data resource information;
s102: determining a dynamic security level of the accessed data resource based on the dynamic security level real-time partitioning method of any one of claims 1 to 5;
s103: and judging whether to authorize the access of the visitor according to the dynamic security level of the accessed data resource and the role information of the visitor.
A dynamic security level real-time division terminal device comprises a processor, a memory and a computer program which is stored in the memory and can run on the processor, wherein the processor executes the computer program to realize the steps of the dynamic security level real-time division method of the embodiment of the invention.
A computer-readable storage medium, which stores a computer program, and when the computer program is executed by a processor, the computer program implements the steps of the above dynamic security level real-time partitioning method according to the embodiment of the present invention.
By adopting the technical scheme, the invention introduces data open control and data desensitization control on the basis of the existing service data classification as two nodes for controlling the security level of the data resource, thereby realizing the real-time controllability of the security level of the data resource.
Drawings
Fig. 1 is a flowchart illustrating a dynamic security level real-time partitioning method according to an embodiment of the present invention.
Fig. 2 is a flowchart illustrating an authorization method based on dynamic security level real-time partitioning according to an embodiment of the present invention.
Detailed Description
To further illustrate the various embodiments, the invention provides the accompanying drawings. The accompanying drawings, which are incorporated in and constitute a part of this disclosure, illustrate embodiments of the invention and, together with the description, serve to explain the principles of the embodiments. Those skilled in the art will appreciate still other possible embodiments and advantages of the present invention with reference to these figures.
The invention will now be further described with reference to the accompanying drawings and detailed description.
The first embodiment is as follows:
the embodiment of the invention provides a dynamic security level real-time division method, as shown in fig. 1, the method comprises the following steps:
s1: setting classification dimensions of the data resources and categories contained in each classification dimension, setting static security levels corresponding to the data resources according to the categories of the data resources in different classification dimensions, and constructing a static security level mapping table according to the static security levels of the data resources corresponding to all the categories in all the classification dimensions.
The data resources in each field have specific classification dimensions related to business properties, the business properties of the data resources can be comprehensively analyzed through the determination of the classification dimensions, a suitable classification strategy is searched on the premise that all the data resources are covered as much as possible, the granularity of each classification dimension is determined, and the general classification dimension does not exceed 3 dimensions.
As shown in table 1, in this embodiment, in combination with the analysis view of the authority experts, the classification dimension of the data resource is set to include two classification dimensions, namely, a resource attribute and a business area. The first dimension is the business domain and comprises classes divided into two levels, wherein the first level comprises a1、a2Two primary categories, each of which contains a plurality of secondary categories, specifically: a is1Containing 3 secondary classes a11,a12,a13}、a2Containing 2 second-level classes { a }21,a22}; the second dimension is a resource attribute, which contains classes divided into two levels, where the first level contains b1、b2、b3Three primary categories, each of which contains a plurality of secondary categories, specifically: b1Containing 3 secondary classes b11,b12,b13}、b2Containing 2 second-level classes b21,b22}、b3Containing 3 secondary classes b31,b32,b33}。
TABLE 1
The security level is used to define the access rights of the data resource, as shown in table 2, the higher the security level, the greater the access restriction. The static security level corresponding to each data resource is determined according to the category of each classification dimension corresponding to each data resource, and setting the total static security level in this embodiment includes 1 to 5 levels, such as numbers, shown in table 2According to the resource belonging to the classification dimension of the business field11Class, belonging to resource attribute classification dimension b11Class, its static security level is level 1; e.g. data resources belonging to a in the business domain classification dimension13Class, belonging to resource attribute classification dimension b22Class, then its static security level is level 4 … …
If the classification dimension is one-dimensional or three-dimensional, a corresponding one-dimensional or three-dimensional mapping table can be constructed.
TABLE 2
S2: the desensitization lower bound L, desensitization period T, desensitization rate k (eradiation), and desensitization mode M are initially set.
Desensitization refers to the data resource entering an unopened state, and the desensitization period t refers to the duration of the data resource entering the unopened state.
The desensitization lower bound L represents the lowest possible security level according to the classification of the data resource in different classification dimensions, and is set by a person skilled in the art empirically, and is usually not higher than the static security level corresponding to the data resource.
The desensitization period T indicates that when the desensitization period T reaches the desensitization period T, the security level of the data resource may change greatly, and the size of the desensitization period T is set by a person skilled in the art according to experience.
The desensitization rate k (·) indicates a desensitization rate in an actual usage scenario, and is usually given by k (t) ═ 1, that is, the security level is decreased by 1 level every time a desensitization period passes, and in other embodiments, those skilled in the art may set other values according to needs, and the values are not limited herein.
The desensitization mode M is used for controlling a desensitization mode of the data resources, when M is equal to 0, the data resources are desensitized in an abrupt mode, and if a desensitization period T reaches a desensitization period T, the security level of the data resources is directly reduced to a desensitization lower boundary L; when M is equal to 1, the data resource is desensitized in a gradual mode, and the desensitization rate is k (t) until the security level is reduced to a desensitization lower bound L.
S3: and after receiving the data resource, searching the static security level x corresponding to the data resource from the static security level mapping table according to the data resource category of the data resource under different classification dimensions.
S4: judging whether the data resource is in an open state, if so, setting the dynamic security level y of the data resource as a desensitization lower bound L; otherwise, the process proceeds to S5.
In this embodiment, the open state is controlled by an open state adjustment parameter s, and when s is equal to 1, it indicates that the data resource is in the open state; when s is 0, it indicates that the data resource is in an unopened state.
S5: according to the desensitization period t of the data resource obtained in real time, calculating the real-time dynamic security level y corresponding to the data resource by the following formula:
wherein, H (.) represents a step function, and in H (T-T), when T-T is less than or equal to 0, H (T-T) is 0, T-T>When 0, H (T-T) ═ 1; theta represents 0 to
The variables in between;
means not more than
Is the largest integer of (a).
With the increase of the desensitization period t, the dynamic security level y is gradually decreased, and according to the authorization policy shown in table 2, the security level and the authorization policy of the data resource are changed with the desensitization period t as shown in table 3.
TABLE 3
Further, based on the above method for dividing the dynamic security level of the data resource in real time, the embodiment further includes an authorization method based on the dynamic security level real-time division, as shown in fig. 2, including the following steps:
s101: when a data resource access request is received, extracting role information of an accessor and accessed data resource information;
s102: determining the dynamic security level of the accessed data resource based on a dynamic security level real-time division method;
s103: and judging whether to authorize the access of the visitor according to the dynamic security level of the accessed data resource and the role information of the visitor.
The role information of the visitor may be a user name when the visitor registers, and in step S103, it is determined whether to authorize the access of the visitor, and an authorization range of the role information of the visitor corresponding to the security level is obtained from the security level division table shown in table 2 according to the dynamic security level of the data resource, and it is determined whether the role information of the visitor is within the authorization range, and if so, it is determined that the access of the visitor can be authorized.
The embodiment of the invention solves the problem that the access right of the data resource can be changed along with the deduction of the state and the time in the prior art, and the dynamic attribute which can be used for real-time calculation is given to the data resource through the life whole cycle by introducing the data state control and the data desensitization control as the control variables. On the other hand, according to the security level of the data, a corresponding authentication authorization strategy is configured, the accessor is effectively controlled to serve as different roles, access during different operations is executed, and an authorization mode based on the roles is realized.
In the embodiment, the manual technical experience is applied to static hierarchical classification and parameter configuration of two dynamic control nodes, the high-speed and accurate full-automatic real-time calculation function of a computer is exerted, the accurate prevention and control of data resources are realized through the organic combination of the two, the global regulation and control and the local fine adjustment are supported, and effective support can be provided for a data security prevention and control system in various data systems.
Example two:
the invention further provides a dynamic security level real-time partitioning terminal device, which comprises a memory, a processor and a computer program stored in the memory and capable of running on the processor, wherein the processor executes the computer program to implement the steps in the above method embodiment of the first embodiment of the invention.
Further, as an executable scheme, the dynamic security level real-time partitioning terminal device may be a desktop computer, a notebook, a palm computer, a cloud server, or other computing devices. The dynamic security level real-time partitioning terminal device may include, but is not limited to, a processor, and a memory. It is understood by those skilled in the art that the above-mentioned structure of the dynamic security level real-time partitioning terminal device is only an example of the dynamic security level real-time partitioning terminal device, and does not constitute a limitation on the dynamic security level real-time partitioning terminal device, and may include more or less components than the above, or combine some components, or different components, for example, the dynamic security level real-time partitioning terminal device may further include an input-output device, a network access device, a bus, and the like, which is not limited in this embodiment of the present invention.
Further, as an executable solution, the Processor may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, a discrete Gate or transistor logic device, a discrete hardware component, and the like. The general processor may be a microprocessor or the processor may be any conventional processor, and the processor is a control center of the dynamic security level real-time division terminal device, and various interfaces and lines are used to connect various parts of the entire dynamic security level real-time division terminal device.
The memory may be configured to store the computer program and/or module, and the processor may implement various functions of the dynamic security level real-time partitioning of the terminal device by running or executing the computer program and/or module stored in the memory and calling data stored in the memory. The memory can mainly comprise a program storage area and a data storage area, wherein the program storage area can store an operating system and an application program required by at least one function; the storage data area may store data created according to the use of the mobile phone, and the like. In addition, the memory may include high speed random access memory, and may also include non-volatile memory, such as a hard disk, a memory, a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), at least one magnetic disk storage device, a Flash memory device, or other volatile solid state storage device.
The invention also provides a computer-readable storage medium, in which a computer program is stored, which, when being executed by a processor, carries out the steps of the above-mentioned method of an embodiment of the invention.
The module/unit for dividing the integration of the terminal device in real time by the dynamic security level may be stored in a computer-readable storage medium if it is implemented in the form of a software functional unit and sold or used as an independent product. Based on such understanding, all or part of the flow of the method according to the embodiments of the present invention may also be implemented by a computer program, which may be stored in a computer-readable storage medium, and when the computer program is executed by a processor, the steps of the method embodiments may be implemented. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, usb disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-Only Memory (ROM), Random Access Memory (RAM), software distribution medium, and the like.
While the invention has been particularly shown and described with reference to a preferred embodiment, it will be understood by those skilled in the art that various changes in form and detail may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.
Claims (8)
1. A dynamic security level real-time partitioning method is characterized by comprising the following steps:
s1: setting classification dimensions of the data resources and categories contained in each classification dimension, setting static security levels corresponding to the data resources according to the categories of the data resources in different classification dimensions, and constructing a static security level mapping table according to the static security levels of the data resources corresponding to all the categories in all the classification dimensions;
s2: initializing and setting a desensitization lower bound L, a desensitization period T, a desensitization rate k (& gt) and a desensitization mode M, wherein when M is 0, the desensitization of the data resource in an abrupt mode is represented, and when M is 1, the desensitization of the data resource in a gradual mode is represented;
s3: after receiving the data resource, searching a static security level x corresponding to the data resource from a static security level mapping table according to the data resource category of the data resource under different classification dimensions;
s4: judging whether the data resource is in an open state, if so, setting the dynamic security level y of the data resource as a desensitization lower bound L; otherwise, go to S5;
s5: according to the desensitization period t of the data resource obtained in real time, calculating the real-time dynamic security level y corresponding to the data resource by the following formula:
wherein H (.) represents a step function, and θ represents 0 to
The variable in (a) to (b),
means not more than
Is the largest integer of (a).
2. The dynamic security level real-time partitioning method according to claim 1, wherein: the classification dimension of the data resource comprises two classification dimensions of a resource attribute and a service field.
3. The dynamic security level real-time partitioning method according to claim 2, wherein: the class included in the service domain dimension is divided into two levels, wherein the first level includes a1、a2Two primary categories, each of which contains a plurality of secondary categories, specifically: a is1Containing 3 secondary classes a11,a12,a13}、a2Containing 2 second-level classes { a }21,a22}; the resource attribute dimension includes categories divided into two levels, where the first level includes b1、b2、b3Three primary categories, each of which contains a plurality of secondary categories, specifically: b1Containing 3 secondary classes b11,b12,b13}、b2Containing 2 second-level classes b21,b22}、b3Containing 3 secondary classes b31,b32,b33}。
4. The dynamic security level real-time partitioning method according to claim 1, wherein: the security level is classified into 5 levels, and the higher the security level, the greater the access restriction.
5. The dynamic security level real-time partitioning method according to claim 1, wherein: whether the data resource is in an open state or not is controlled by an open state adjusting parameter s, and when s is equal to 1, the data resource is in the open state; when s is 0, it indicates that the data resource is in an unopened state.
6. An authorization method based on dynamic security level real-time division is characterized in that: the method comprises the following steps:
s101: when a data resource access request is received, extracting role information of an accessor and accessed data resource information;
s102: determining a dynamic security level of the accessed data resource based on the dynamic security level real-time partitioning method of any one of claims 1 to 5;
s103: and judging whether to authorize the access of the visitor according to the dynamic security level of the accessed data resource and the role information of the visitor.
7. A dynamic security level real-time division terminal device is characterized in that: comprising a processor, a memory and a computer program stored in the memory and running on the processor, the processor implementing the steps of the method according to any one of claims 1 to 6 when executing the computer program.
8. A computer-readable storage medium storing a computer program, characterized in that: the computer program when executed by a processor implementing the steps of the method as claimed in any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111369332.3A CN114282591A (en) | 2021-11-18 | 2021-11-18 | Dynamic security level real-time division method, terminal equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111369332.3A CN114282591A (en) | 2021-11-18 | 2021-11-18 | Dynamic security level real-time division method, terminal equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114282591A true CN114282591A (en) | 2022-04-05 |
Family
ID=80869433
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111369332.3A Pending CN114282591A (en) | 2021-11-18 | 2021-11-18 | Dynamic security level real-time division method, terminal equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114282591A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2024027622A1 (en) * | 2022-08-01 | 2024-02-08 | International Business Machines Corporation | Internet-of-things device security optimization |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050204131A1 (en) * | 2004-03-11 | 2005-09-15 | Harris Corporation | Enforcing computer security utilizing an adaptive lattice mechanism |
| CN109597843A (en) * | 2018-12-19 | 2019-04-09 | 北京锐安科技有限公司 | Data managing method, device, storage medium and the electronic equipment of big data environment |
| CN110795756A (en) * | 2019-09-25 | 2020-02-14 | 江苏满运软件科技有限公司 | Data desensitization method and device, computer equipment and computer readable storage medium |
| CN112364377A (en) * | 2020-11-11 | 2021-02-12 | 国网山东省电力公司电力科学研究院 | Data classification and classification safety protection system suitable for power industry |
-
2021
- 2021-11-18 CN CN202111369332.3A patent/CN114282591A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050204131A1 (en) * | 2004-03-11 | 2005-09-15 | Harris Corporation | Enforcing computer security utilizing an adaptive lattice mechanism |
| CN109597843A (en) * | 2018-12-19 | 2019-04-09 | 北京锐安科技有限公司 | Data managing method, device, storage medium and the electronic equipment of big data environment |
| CN110795756A (en) * | 2019-09-25 | 2020-02-14 | 江苏满运软件科技有限公司 | Data desensitization method and device, computer equipment and computer readable storage medium |
| CN112364377A (en) * | 2020-11-11 | 2021-02-12 | 国网山东省电力公司电力科学研究院 | Data classification and classification safety protection system suitable for power industry |
Non-Patent Citations (2)
| Title |
|---|
| P. PAWAR, ET AL: "Implementation of secure authentication scheme and access control in cloud computing", 2016 INTERNATIONAL CONFERENCE ON ICT IN BUSINESS INDUSTRY & GOVERNMENT (ICTBIG), 18 November 2016 (2016-11-18), pages 1 - 6, XP033083852, DOI: 10.1109/ICTBIG.2016.7892692 * |
| 顾荣杰, 等: "基于TFR模型的公安云平台数据分级分类安全访问控制模型研究", 《计算机科学》, vol. 47, no. 6, 30 June 2020 (2020-06-30), pages 400 - 403 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2024027622A1 (en) * | 2022-08-01 | 2024-02-08 | International Business Machines Corporation | Internet-of-things device security optimization |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Colombo et al. | Privacy aware access control for big data: A research roadmap | |
| CN108363920B (en) | System call policy for containers | |
| KR101120814B1 (en) | Systems and methods that optimize row level database security | |
| US9038168B2 (en) | Controlling resource access based on resource properties | |
| US8266702B2 (en) | Analyzing access control configurations | |
| Ulusoy et al. | GuardMR: Fine-grained security policy enforcement for MapReduce systems | |
| DE102019108266A1 (en) | TECHNOLOGIES FOR PROVIDING INSULATION ON A FUNCTIONAL LEVEL WITH ABILITY-BASED SECURITY | |
| US10101936B2 (en) | Memory access control | |
| US20070056026A1 (en) | Role-based access control management for multiple heterogeneous application components | |
| DE202009019148U1 (en) | File system access for web applications and native code modules | |
| CN106878325B (en) | A kind of method and device of determining access privilege | |
| US10116664B2 (en) | Authorization policy for group-centric secure information sharing | |
| US11321479B2 (en) | Dynamic enforcement of data protection policies for arbitrary tabular data access to a corpus of rectangular data sets | |
| US8887241B2 (en) | Virtual roles | |
| CN105827645B (en) | Method, equipment and system for access control | |
| US11275850B1 (en) | Multi-faceted security framework for unstructured storage objects | |
| CN114282591A (en) | Dynamic security level real-time division method, terminal equipment and storage medium | |
| US10038724B2 (en) | Electronic access controls | |
| CN117499124A (en) | Access control method and device | |
| CN111967046A (en) | Self-adaptive access control method for big data resources | |
| US10191680B2 (en) | Memory access control | |
| Gkioulos et al. | Enhancing usage control for performance: An architecture for systems of systems | |
| Trabelsi et al. | Optimizing access control performance for the cloud | |
| Dang et al. | XACs-DyPol: Towards an XACML-based Access Control Model for Dynamic Security Policy | |
| CN118101261B (en) | Lake-table integrated-based data security sharing method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |