CN114726639B - Automatic arrangement method and system for access control policy - Google Patents

Automatic arrangement method and system for access control policy Download PDF

Info

Publication number
CN114726639B
CN114726639B CN202210434258.7A CN202210434258A CN114726639B CN 114726639 B CN114726639 B CN 114726639B CN 202210434258 A CN202210434258 A CN 202210434258A CN 114726639 B CN114726639 B CN 114726639B
Authority
CN
China
Prior art keywords
access control
strategy
control strategy
module
request data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210434258.7A
Other languages
Chinese (zh)
Other versions
CN114726639A (en
Inventor
李帅
党芳芳
闫丽景
梁慧超
李丁丁
孟慧平
刘晗
宋一凡
王浩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
Information and Telecommunication Branch of State Grid Henan Electric Power Co Ltd
Original Assignee
State Grid Corp of China SGCC
Information and Telecommunication Branch of State Grid Henan Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, Information and Telecommunication Branch of State Grid Henan Electric Power Co Ltd filed Critical State Grid Corp of China SGCC
Priority to CN202210434258.7A priority Critical patent/CN114726639B/en
Publication of CN114726639A publication Critical patent/CN114726639A/en
Application granted granted Critical
Publication of CN114726639B publication Critical patent/CN114726639B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses an automatic arrangement method and system of an access control strategy, which effectively solve the problems of the prior access control method that the resource authorization range is enlarged, the security risk is gradually increased and the like due to excessive participation of an administrator. The automatic arrangement method is applied to an automatic arrangement system, the automatic arrangement system comprises an information acquisition module, a strategy judgment module, a strategy management module and a strategy execution module, the information acquisition module transmits acquired request data information of nodes to the strategy judgment module, the strategy judgment module judges the request data information, the strategy management module generates an access control strategy according to the request data information and the existing access control strategy contained by the strategy management module and stores and changes the access control strategy, and the strategy execution module executes the access control strategy according to the judgment result of the strategy judgment module or the access control strategy generated by the strategy management module, so that the safety risk is reduced.

Description

Automatic arrangement method and system for access control policy
Technical Field
The invention relates to the field of network security, in particular to an automatic arrangement method and system of access control strategies.
Background
The access control is a main core strategy for network security protection and protection, the essence of the access control is the constraint and limitation of a subject on resource access, and the determination of whether the subject can perform related operation on objects is an important technology for ensuring information security, can reasonably limit the access of different users on key resources, prevents the intrusion of illegal users and the damage caused by careless operation of legal users, and is one of the most basic and most critical security services in a network environment. The access control mainly comprises three aspects of a subject, an object and an access control strategy, wherein the subject refers to an access initiator, and the subject causes information flow and system state change, and generally refers to a user, equipment, a process and the like; the object refers to a passive entity for requesting information and receiving information, and comprises information, resources, objects and the like which are operated, and generally comprises files, devices, nodes and the like; the access control policy refers to a set of access control security rules, which restrict the operation range and the operation authority of the subject to the object, and determine whether one subject has the right to perform the related access operation to the object.
There are currently mainly 3 different types of access control technologies in theory, depending on the access control policy: autonomous access control (DAC), mandatory Access Control (MAC), role-based access control (RBAC). Wherein the role-based access control RBAC assigns permissions to a role, wherein a role is a set of permissions and a role can be assigned to a user, the policy greatly simplifies the management of permissions when a user gets the permissions owned by a role indirectly by being granted one or more roles, since a role has a higher stability than a user.
However, at present, the network environment is complex and various, and under the condition of less informationized object resources, management staff or auditors can perform one-to-one configuration and check access control authorities in a manual mode, but with the increase of the number of the main object resources and the complexity of the access relationship, the configuration and check of the access control authorities not only needs to consume great time and effort of the management staff, but also can cause the problems of expanding resource authorization range, gradually increasing security risks and the like.
The present invention thus provides a new solution to this problem.
Disclosure of Invention
Aiming at the defects existing in the prior art, the invention aims to provide an automatic arrangement method and system of an access control strategy, which effectively solve the problems of the prior access control method that the resource authorization range is enlarged, the security risk is gradually increased and the like due to excessive participation of an administrator.
The technical scheme of the access control strategy automatic arrangement method is that the automatic arrangement method is applied to an automatic arrangement system, the automatic arrangement system comprises an information acquisition module, a strategy judgment module, a strategy management module and a strategy execution module, the information acquisition module transmits acquired request data information of nodes to the strategy judgment module, the strategy judgment module judges the request data information, the strategy management module generates an access control strategy according to the request data information and the existing access control strategy contained in the request data information and stores and changes the access control strategy, and the strategy execution module executes the access control strategy according to the judgment result of the strategy judgment module or the access control strategy generated by the strategy management module.
Further, the automatic arrangement method specifically includes the following steps:
s1, a manager performs policy configuration on an automatic arrangement system through a policy management module, and configuration information is stored in an access control policy library of the policy management module;
s2, periodically acquiring request data information of the nodes by an information acquisition module;
s3, extracting the request data information acquired in the step S2 by a strategy judging module;
s4, the strategy judging module compares whether the existing access control strategies meeting the authority requirements exist in the access strategy library according to the extracted request data information, if so, the strategy judging module is used as the access control strategy and is shifted to the step S6, otherwise, the strategy judging module shifts to the step S5;
s5, searching an access control strategy with minimum request data information in an access control strategy library by adopting a greedy algorithm according to a minimum authority principle, generating a new access control strategy based on the access control strategy with the minimum request data information, and adding the new access control strategy into the access control strategy library;
s6, the policy executing module executes the access control policy according to the priority of the access control policy.
Further, the step S5 includes the following specific steps:
y1, traversing all access control strategies in all access control strategy libraries, and calculating the matching degree beta of all strategies and a permission set Rps contained in the request data information extracted from the request data information by using a formula (1);
y2, eliminating all strategies with the matching degree beta of 0, and taking all strategies with the matching degree beta of non-0 and containing the authority set Rps as strategy sets RCC;
y3, arranging strategies in the strategy set RCC in descending order according to the matching degree beta, and selecting the strategy with the highest matching degree beta as an access control strategy MMP;
and Y4, taking the access control strategy MMP as a new access control strategy and adding the new access control strategy into an access control strategy library.
Further, the formula of the matching degree beta is as follows:
β=β 12 *...*β i (1);
wherein beta is i In order to obtain the i-th item matching degree of various security information related to the request data information and the security information corresponding to the existing access control strategy, the product of the matching degrees of all items obtains the final matching degree beta, S is various security information sets related to the request data information, T is the authority contained in the existing access control strategy, S i To request data informationIth security information, T i For accessing the ith security information of the existing access control policy, 0 is equal to or less than or equal to beta and less than or equal to 1,0 indicates complete mismatch with the existing access control policy, 1 indicates complete match with the existing access control policy, the larger the beta value is, the higher the matching degree is, and if the matching degree beta is greater than or equal to a preset threshold value, a standard XACML file is generated according to the searched access control policy, and meanwhile, the access control policy and the matching degree are stored in an access control policy library.
The invention has the following beneficial effects:
the automatic arrangement method of the access control strategy is combined with an automatic arrangement system, the minimum authority principle is followed, the compliance of the access control strategy configuration is improved, the strategy audit cost is reduced, the existing strategy with the highest matching degree is found to be used as the access control strategy under the condition that the request authority strategy is not met, the audit and operation time of the strategy judgment by a manager is greatly shortened, the existence of safety problems such as overlarge manual authorization range is reduced, the existing strategy with the highest matching degree is used as the access control strategy, the configuration and operation efficiency of the access control strategy manager is improved, the problems such as manual configuration errors are reduced, and the maintainability and the robustness of an access control strategy library are improved.
Drawings
Fig. 1 is a schematic diagram of an automatic layout system according to the present invention.
Fig. 2 is a flowchart of an automatic arrangement method provided by the present invention.
Detailed Description
The foregoing and other features, aspects and advantages of the present invention will become more apparent from the following detailed description of the embodiments, which proceeds with reference to the accompanying figures 1-2. The following embodiments are described in detail with reference to the drawings.
Exemplary embodiments of the present invention will be described below with reference to the accompanying drawings.
The automatic arrangement method is applied to an automatic arrangement system, the automatic arrangement system comprises an information acquisition module, a strategy judgment module, a strategy management module and a strategy execution module, the information acquisition module transmits acquired request data information of nodes to the strategy judgment module, the strategy judgment module judges the request data information, the strategy management module generates an access control strategy according to the request data information and an existing access control strategy contained in the strategy management module and stores and changes the access control strategy, and the strategy execution module executes the access control strategy according to the judgment result of the strategy judgment module or the access control strategy generated by the strategy management module.
The automatic arrangement method specifically comprises the following steps:
s1, a manager performs policy configuration on an automatic arrangement system through a policy management module, and configuration information is stored in an access control policy library of the policy management module;
s2, periodically acquiring request data information of the nodes by an information acquisition module;
s3, extracting the request data information acquired in the step S2 by a strategy judging module;
s4, the strategy judging module compares whether the existing access control strategies meeting the authority requirements exist in the access strategy library according to the extracted request data information, if so, the strategy judging module is used as the access control strategy and is shifted to the step S6, otherwise, the strategy judging module shifts to the step S5;
s5, searching an access control strategy with minimum request data information in an access control strategy library by adopting a greedy algorithm according to a minimum authority principle, generating a new access control strategy based on the access control strategy with the minimum request data information, and adding the new access control strategy into the access control strategy library;
s6, the policy executing module executes the access control policy according to the priority of the access control policy.
The access control strategy in the steps S5 and S6 is XACML format;
the nodes in the step S2 adopt a network topological structure, and the acquisition period of the information acquisition module is adjusted by factors such as the load of the nodes, actual access requirements and the like;
the request data information in step S3 refers to host security information and object security information, where the host security information includes an IP address of an access host, a port number of the access, a protocol of the access, a user role currently logged in, a service authority requested by a user, and the like, and the object security information is used for recording object resource information and mainly includes an IP address of a host where an object is located, a port number of an object open service, and the like.
The step S5 comprises the following specific steps:
y1, traversing all access control strategies in all access control strategy libraries, and calculating the matching degree beta of all strategies and a permission set Rps contained in the request data information extracted from the request data information by using a formula (1);
y2, eliminating all strategies with the matching degree beta of 0, and taking all strategies with the matching degree beta of non-0 and containing the authority set Rps as strategy sets RCC;
y3, arranging strategies in the strategy set RCC in descending order according to the matching degree beta, and selecting the strategy with the highest matching degree beta as an access control strategy MMP;
and Y4, taking the access control strategy MMP as a new access control strategy and adding the new access control strategy into an access control strategy library.
The policy decision module extracts the subject security information and the object security information by using the request data information acquired by the information acquisition module, detects the policy meeting the request data information from the access control policy library, and transmits the policy as the access control policy to the policy execution module for execution, if the policy meeting the request data information cannot be detected, the matching degree of the request data information and the existing access control policy is calculated, and step S5 searches the access control policy with the closest matching degree beta in the access control policy library by adopting a greedy algorithm based on the minimum authority principle, and generates a new access control policy, wherein the matching degree beta formula is as follows:
β=β 12 *...*β i (1);
wherein beta is i In order to obtain the i-th item matching degree of various security information related to the request data information and the security information corresponding to the existing access control strategy, the product of the matching degrees of all items obtains the final matching degree beta, S is various security information sets related to the request data information, T is the authority contained in the existing access control strategy, S i To request the ith security information related to the data information, T i For accessing the ith security information of the existing access control policy, 0 is less than or equal to β is less than or equal to 1,0 indicates complete mismatch with the existing access control policy, 1 indicates complete match with the existing access control policy, β is greater, the matching degree is higher, and if the matching degree β is greater than or equal to a preset threshold, wherein the preset threshold can be dynamically adjusted according to actual conditions, a standard XACML file is generated according to the searched access control policy, and the access control policy and the matching degree thereof are stored in an access control policy library.
The computing modes of the matching degree beta on different types of authorities are different, and the specific computing modes are as follows:
x1, for IP Address class, |S i ∩T i The i calculation method is prefix_1 (S i &T i ) S, i.e i And T is i Performing bit-wise logical AND operation from the highest bit to the lowest bit, counting the number of continuous 1S in the result, |S i I and T i The I is the length of the IP address under the binary representation;
x2, for port class, |S i I and T i I is the number of ports involved, |S i ∩T i I is S i And T is i The number of identical items;
x3, for service class, |S i I and T i I is the number of services involved, |S i ∩T i I is S i And T is i Number of identical items.
The policy decision module is a core of the whole system, and mainly comprises a Request class, a Role class and a Handle class, wherein the Request class is responsible for extracting security information of a main body and is used for storing information such as Request data information authority, the Role class is used for packaging policy information in an access control policy library, the policy information comprises a policy name, policy authority and the like, the Handle class is used for comparing the information such as authority in the Request class and the Role class to generate a matching degree beta, and whether access is allowed or denied is judged according to the matching degree beta, so that corresponding operation is executed.
The policy executing module processes the request data information according to the policy judging condition or the access control policy in the policy management module, allows or refuses to access, the policy management module executes the received access control policy according to the policy priority, records necessary information, is used for generating a report for analysis and judgment by a manager, and the policy executing module executes the access control policy according to the priority of the access control policy.
The automatic arrangement method is applied to an automatic arrangement system in the actual use process, the automatic arrangement system comprises an information acquisition module, a strategy judgment module, a strategy management module and a strategy execution module, the information acquisition module transmits acquired request data information of nodes to the strategy judgment module, the strategy judgment module judges the request data information, the strategy management module generates an access control strategy according to the request data information and the existing access control strategy contained in the request data information and stores and changes the access control strategy, the strategy execution module executes according to the judgment result of the strategy judgment module or the access control strategy generated by the strategy management module, and meanwhile, the set automatic arrangement method carries out scheduling on the information acquisition module, the strategy judgment module, the strategy management module and the strategy execution module of the automatic arrangement system, and finally outputs and executes the corresponding access control strategy for the request data information.
The invention has the following beneficial effects:
the automatic arrangement method of the access control strategy is combined with an automatic arrangement system, the minimum authority principle is followed, the compliance of the access control strategy configuration is improved, the strategy audit cost is reduced, the existing strategy with the highest matching degree is found to be used as the access control strategy under the condition that the request authority strategy is not met, the audit and operation time of the strategy judgment by a manager is greatly shortened, the existence of safety problems such as overlarge manual authorization range is reduced, the existing strategy with the highest matching degree is used as the access control strategy, the configuration and operation efficiency of the access control strategy manager is improved, the problems such as manual configuration errors are reduced, and the maintainability and the robustness of an access control strategy library are improved.

Claims (1)

1. The automatic arrangement method is characterized in that the automatic arrangement method is applied to an automatic arrangement system, the automatic arrangement system comprises an information acquisition module, a strategy judgment module, a strategy management module and a strategy execution module, the information acquisition module transmits acquired request data information of nodes to the strategy judgment module, the strategy judgment module judges the request data information, the strategy management module generates an access control strategy according to the request data information and an existing access control strategy contained in the request data information and stores and changes the access control strategy, and the strategy execution module executes the access control strategy according to the judgment result of the strategy judgment module or the access control strategy generated by the strategy management module;
the automatic arrangement method specifically comprises the following steps:
s1, a manager performs policy configuration on an automatic arrangement system through a policy management module, and configuration information is stored in an access control policy library of the policy management module;
s2, periodically acquiring request data information of the nodes by an information acquisition module;
s3, extracting the request data information acquired in the step S2 by a strategy judging module;
s4, the strategy judging module compares whether the existing access control strategies meeting the authority requirements exist in the access strategy library according to the extracted request data information, if so, the strategy judging module is used as the access control strategy and is shifted to the step S6, otherwise, the strategy judging module shifts to the step S5;
s5, searching an access control strategy with minimum request data information in an access control strategy library by adopting a greedy algorithm according to a minimum authority principle, generating a new access control strategy based on the access control strategy with the minimum request data information, and adding the new access control strategy into the access control strategy library;
s6, the strategy executing module executes the access control strategy according to the priority of the access control strategy;
the step S5 comprises the following specific steps:
y1, traversing all access control strategies in all access control strategy libraries, and calculating the matching degree beta of all strategies and a permission set Rps contained in the request data information extracted from the request data information by using a formula (1);
y2, eliminating all strategies with the matching degree beta of 0, and taking all strategies with the matching degree beta of non-0 and containing the authority set Rps as strategy sets RCC;
y3, arranging strategies in the strategy set RCC in descending order according to the matching degree beta, and selecting the strategy with the highest matching degree beta as an access control strategy MMP;
y4, taking the access control strategy MMP as a new access control strategy and adding the new access control strategy into an access control strategy library;
the formula of the matching degree beta is as follows:
β=β 12 *...*β i (1);
wherein beta is i In order to obtain the i-th item matching degree of various security information related to the request data information and the security information corresponding to the existing access control strategy, the product of the matching degrees of all items obtains the final matching degree beta, S is various security information sets related to the request data information, T is the authority contained in the existing access control strategy, S i To request the ith security information related to the data information, T i For accessing the ith security information of the existing access control policy, 0+.beta.1, 0 indicates complete mismatch with the existing access control policy, 1 indicates complete match with the existing access control policy, the larger the beta value is, the higher the matching degree is, and if the matching degree beta is greater than or equal to a preset threshold value, a standard XACML file is generated according to the searched access control policy, and meanwhileThe access control policy is stored in an access control policy repository along with its degree of matching.
CN202210434258.7A 2022-04-24 2022-04-24 Automatic arrangement method and system for access control policy Active CN114726639B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210434258.7A CN114726639B (en) 2022-04-24 2022-04-24 Automatic arrangement method and system for access control policy

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210434258.7A CN114726639B (en) 2022-04-24 2022-04-24 Automatic arrangement method and system for access control policy

Publications (2)

Publication Number Publication Date
CN114726639A CN114726639A (en) 2022-07-08
CN114726639B true CN114726639B (en) 2023-08-22

Family

ID=82245547

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210434258.7A Active CN114726639B (en) 2022-04-24 2022-04-24 Automatic arrangement method and system for access control policy

Country Status (1)

Country Link
CN (1) CN114726639B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116132198B (en) * 2023-04-07 2023-07-25 杭州海康威视数字技术股份有限公司 Internet of things privacy behavior sensing method and device based on lightweight context semantics
CN116760640B (en) * 2023-08-18 2023-11-03 建信金融科技有限责任公司 Access control method, device, equipment and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108123936A (en) * 2017-12-13 2018-06-05 北京科技大学 A kind of access control method and system based on block chain technology
CN110020525A (en) * 2019-03-05 2019-07-16 平安科技(深圳)有限公司 Authority configuring method, device, computer equipment and the storage medium of Kubernetes platform
CN111818059A (en) * 2020-07-09 2020-10-23 公安部第三研究所 Automatic construction system and method for access control strategy of high-level information system
CN112101452A (en) * 2020-09-14 2020-12-18 中国人民解放军战略支援部队信息工程大学 Access right control method and device
CN112187799A (en) * 2020-09-28 2021-01-05 京东数字科技控股股份有限公司 Resource access policy generation method and device, storage medium and electronic equipment
CN112565453A (en) * 2020-12-22 2021-03-26 内蒙古大学 Block chain access control strategy model and strategy protection scheme under Internet of things

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110321117A1 (en) * 2010-06-23 2011-12-29 Itt Manufacturing Enterprises, Inc. Policy Creation Using Dynamic Access Controls
EP2658183A4 (en) * 2010-12-24 2017-06-21 Nec Corporation Communication system, control device, policy management device, communication method, and program

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108123936A (en) * 2017-12-13 2018-06-05 北京科技大学 A kind of access control method and system based on block chain technology
CN110020525A (en) * 2019-03-05 2019-07-16 平安科技(深圳)有限公司 Authority configuring method, device, computer equipment and the storage medium of Kubernetes platform
CN111818059A (en) * 2020-07-09 2020-10-23 公安部第三研究所 Automatic construction system and method for access control strategy of high-level information system
CN112101452A (en) * 2020-09-14 2020-12-18 中国人民解放军战略支援部队信息工程大学 Access right control method and device
CN112187799A (en) * 2020-09-28 2021-01-05 京东数字科技控股股份有限公司 Resource access policy generation method and device, storage medium and electronic equipment
CN112565453A (en) * 2020-12-22 2021-03-26 内蒙古大学 Block chain access control strategy model and strategy protection scheme under Internet of things

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于多元判决的动态访问控制架构的研究;程剑豪;蒋兴浩;孙锬锋;周晓军;;信息安全与通信保密(第04期);全文 *

Also Published As

Publication number Publication date
CN114726639A (en) 2022-07-08

Similar Documents

Publication Publication Date Title
CN114726639B (en) Automatic arrangement method and system for access control policy
US8122484B2 (en) Access control policy conversion
Hu et al. Guidelines for access control system evaluation metrics
US20080222719A1 (en) Fine-Grained Authorization by Traversing Generational Relationships
Hu et al. Towards an approach of semantic access control for cloud computing
Feng et al. A consortium blockchain-based access control framework with dynamic orderer node selection for 5G-enabled industrial IoT
CN105827645B (en) Method, equipment and system for access control
US11556642B2 (en) Code monitoring and restricting of egress operations
Bouchet et al. Block public access: trust safety verification of access control policies
Mazzoleni et al. XACML policy integration algorithms: not to be confused with XACML policy combination algorithms!
Grusho et al. Modelling For Ensuring Information Security Of The Distributed Information Systems.
US20230208880A1 (en) Automating trust in software upgrades
CN112134848A (en) Fusion media cloud self-adaptive access control method, device, terminal and medium
US20060064387A1 (en) Systems and methods for software licensing
KR101747670B1 (en) Method for detecting secure ploicy contravention
Abdul et al. Enhancing Security of Mobile Cloud Computing by Trust‐and Role‐Based Access Control
Jaeger et al. Managing access control policies using access control spaces
Pan et al. An Attribute‐Based Access Control Policy Retrieval Method Based on Binary Sequence
Katsikogiannis et al. An identity and access management approach for SOA
KR100706338B1 (en) Virtual access control security system for supporting various access control policies in operating system or application
Jaidi et al. A risk awareness approach for monitoring the compliance of RBAC-based policies
Wan et al. Context-aware security solutions for cyber physical systems
Batra et al. Autonomous multilevel policy based security configuration in distributed database
Jafarian et al. CAMAC: A Context-Aware Mandatory Access Control Model.
KR100657353B1 (en) Security system and method for supporting a variety of access control policies, and recordable medium thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant