Data access controlling method crossing safety area based on role mapping

Abstract

The invention provides a data access controlling method a crossing safety area based on role mapping and belongs to the technical field of computer information processing. The method includes the following steps that request information mapped by a role is received and monitored. The role mapping way is analyzed. Whether the establishment of the mapping with the present domain is safe or not is judged. The role declining inheritance is found and solved at the same time. The request information based on a domain mapping table and a history routing table is transmitted. A target domain is found. A safe role mapping way is set up with the target domain. The fact that the cross-domain role mapping safety is evaluated, the role mapping request is monitored and analyzed, the safe way is judged and selected and the information is transmitted based on the domain mapping table and the history routing table is adopted, thus the problem of typically violating security constraint possibly triggered in the process of the cross-domain role mapping is effectively avoided. The data access controlling method crossing safety area based on the role mapping is suitable for the environment with large scale and dynamic changing of the safety domain.

Description

technical field [0001] The invention belongs to the technical field of computer information processing, and in particular relates to a method for controlling data access across security domains based on role mapping. Background technique [0002] At present, there are not many researches in China and abroad on data access control across security domains. The main work focuses on role-based access control RBAC (Role-Based Access Control) model extension - cross-domain data based on role mapping In terms of access control, the focus of the research is how to solve the violation of security constraints caused by role conflicts in the process of cross-domain role mapping. [0003] The role-based inter-domain access control model IRBAC (Interoperable Role-Based Access Control) is the prototype of the concept of cross-domain data access control. This model establishes role mapping through the conversion relationship of roles to achieve interoperability between two domains. In add...

AI Technical Summary

Problems solved by technology

Therefore, in an environment with a large scale and dynamic changes in the security domain, this method will fall into the dilemma of calculating security conflicts at any time, and cannot function normally.

[0008] (2) Affect the degree of data sharing

In order to eliminate the problem of violating security constraints, the current automation method will remove some cross-domain role mapping relationships, which will cause some security domains to fail to exchange information according to the previous sharing mode, thus affecting the degree of resource sharing.

[0009] To sum up, at present, the main solution to the violation of security constraints caused by cross-domain role mapping is to ensure the overall security of global role mapping by detecting global security conflicts and appropriately deleting some role mapping relationships. The disadvantage is that it cannot adapt to an environment with a large scale and dynamic changes in the security domain, and at the same time it will affect the degree of data sharing

Images