Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Automatic construction system and method for access control strategy of high-level information system

An access control strategy and information system technology, which is applied in the field of access control of network systems, and can solve problems such as access control conflicts, not being allowed, and operation failures.

Active Publication Date: 2020-10-23
THE THIRD RES INST OF MIN OF PUBLIC SECURITY
View PDF7 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

For example, in an FTP-based application system, according to regulations, a user does not have the ability to "write" a file. When a user logs in through an FTP client to access the file, the "write" operation to the file is not allowed. , but when the user directly logs in to the operating system, he can "write" the file, resulting in omissions in access control
[0005] 2) Conflicts in access control
[0006] That is, the user is allowed to perform access control at a higher level, but not allowed at a lower level, resulting in failure of user access to resources
For example, in the office system, according to regulations, a certain user has the ability to "approve" a certain official document. In the access control policy of the office application system, the user is assigned the ability to "approve". At the operating system level, "approval" The operation may be transformed into multiple operations on operating system resources, but one of the multiple operations is prohibited, resulting in the failure of the "approval" operation, and the phenomenon of access control conflicts

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Automatic construction system and method for access control strategy of high-level information system
  • Automatic construction system and method for access control strategy of high-level information system
  • Automatic construction system and method for access control strategy of high-level information system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0041] In order to make the technical means, creative features, goals and effects achieved by the present invention easy to understand, the present invention will be further described below in conjunction with specific illustrations.

[0042] In view of the imperfection of the existing access control system and the inability to provide access control relevance, integrity and consistency, this example builds a high-level information system access control policy automation platform (system) to effectively solve access control problems. omissions and conflicts.

[0043] see figure 1 , which shows an example of the composition of the high-level information system access control strategy automation construction platform given in this example.

[0044] It can be seen from the figure that this high-level information system access control policy automation construction platform 100 is mainly composed of an information resource collection module 110, an access control mechanism hierar...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an automatic construction system and method for an access control strategy of a high-level information system. According to the scheme, information resource acquisition is carried out on software and hardware products in a whole network system based on an information resource acquisition module, an access control mechanism hierarchical division module, a subject-object andrelationship carding module, a high-level demand gradual essence module, an automatic strategy generation module and an information resource acquisition module; the access control mechanism hierarchical division module performs hierarchical division on an access control mechanism; the subject-object and relationship carding module caries a subject, an object and a relationship structure thereof byanalyzing the subject, the object and the relationship structure thereof in the whole network system; the high-level demand gradual essence module is used for gradually refining the essence service access demand and the operation and maintenance management access demand; and the automatic strategy generation module generates an access control strategy of each access control mechanism level. According to the scheme, in the resource access process of a network system user, accurate access control can be carried out on the user no matter what level access is carried out.

Description

technical field [0001] The invention relates to network security level protection technology, in particular to network system access control technology. Background technique [0002] At present, the access control points in the entire network system are independent and have no connection with each other, resulting in the phenomenon of "no correlation, no integrity, and no consistency" in access control during the process of user access to resources. It is reflected in the following two aspects: [0003] 1) Omissions in access control [0004] That is, users are not allowed to access at a higher level, but are allowed to access at a lower level, so that the user's access control to resources can be bypassed. For example, in an FTP-based application system, according to regulations, a user does not have the ability to "write" a file. When a user logs in through an FTP client to access the file, the "write" operation to the file is not allowed. , but when the user directly l...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
CPCH04L63/205H04L63/105
Inventor 陶源李末岩胡巍
Owner THE THIRD RES INST OF MIN OF PUBLIC SECURITY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com