Research On Dynamic Access Control With Time And Space Constraints

As one of the important technologies to ensure information security,access control can effectively protect the rational and controlled use of information resources.It has important theoretical value and practical significance,and has been paid close attention by many scientific researchers and system researchers.Among them,access control policy description is an important part of access control.Access control policy expression based on subject,operation and object elements is widely used in practice.Although the existing access control policy description methods can meet the requirements of authorized access to controlled resources in the system,these methods are often suitable for the static scenarios preset in advance.However,for some scenarios that need to be dynamically adjusted according to the actual situation in the system operation stage,they are not flexible enough and have high maintenance costs.The analysis shows that the existing access control policy description methods have the problem of dynamic description,one of the important reasons is that the existing policy itself does not contain the elements that directly describe the time and space.If the traditional strategy expression is used,the number of policies will increase rapidly due to the complexity of space-time requirements after the introduction of space-time operators in the model,which will not only waste the policy storage space,but also reduce the efficiency of policy retrieval and increase the cost of manual maintenance.In view of the above problems,this paper carries out the following research:(1)A response permission scheme based on spatiotemporal matching computation is proposed,which can describe the dynamic policy with the help of temporal and spatial operators respectively.In a class of spatiotemporal sensitive access control,the scheme can obtain the current time and space attributes of the access subject,calculate the matching degree based on the temporal and spatial attributes by using the response processing algorithm,and finally give the response whether the subject can perform the access operation on the object.Moreover,in this method,both temporal and spatial attributes are obtained in real time and described independently.When the environment changes,only the relevant local attributes need to be modified,without facing all the policy elements.The experimental results show that the system can effectively implement such space-time sensitive access control.(2)Based on the above-mentioned access control with time attribute,condition judgment is added in the description of the policy.By comparing the calculation results of the attribute relationship between the visiting subject and the visiting object with the strategy which has expanded the conditional judgment elements,the application scope of the single policy is improved.The experimental results show that in the time sensitive access control with high regularity,by expanding the policy elements,the application scope of the single policy is improved The number of policies is reduced,the redundancy of policies is reduced,the storage space of policies is saved,and the cost of manual maintenance is reduced.(3)Based on the above-mentioned access control with spatial attributes,conditional judgment is added to the description of policies.Considering the differences in the acquisition and representation of spatial attributes and the temporal attributes,an independent spatial attribute authorization library is established.By comparing the calculation results of the attribute relationship between the access subject and the access object with the strategy integrating the conditional judgment elements and spatial attribute authorization,the single attribute authorization database is improved The experimental results show that in the space sensitive access control with high regularity,the number of policies is also significantly simplified,the redundancy of policies is reduced,the storage space of policies is saved,and the cost of manual maintenance is reduced.It has obvious advantages in dynamic and easy maintenance.To sum up,based on the traditional static access control,this paper introduces temporal and spatial attributes to solve the needs of a kind of dynamic access control with time / space sensitivity.By expanding the conditional judgment elements in the description of access control policies,the system is more intelligent when dealing with a kind of regular access application between subject and object attributes It can significantly simplify the access control policy set,reduce the cost of manual maintenance when the access control conditions change,and improve the dynamic and easy maintenance of the system.