...
  • 主题
高级搜索  >
历史搜索 清空历史
首页> 外文期刊>Computers & Security >Managing attribute-based access control policies in a unified framework using data warehousing and in-memory database
【24h】

Managing attribute-based access control policies in a unified framework using data warehousing and in-memory database

机译:使用数据仓库和内存数据库在统一框架中管理基于属性的访问控制策略

获取原文
获取原文并翻译 | 示例
           
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

Over the last few years, various types of access control models have been proposed for expressing the growing needs of organizations. Out of these, there is an increasing interest towards specification and enforcement of flexible and dynamic decision making security policies using Attribute Based Access Control (ABAC). However, it is not easy to migrate an existing security policy specified in a different model into ABAC. Furthermore, there exists no comprehensive approach that can specify, enforce and manage ABAC policies along with other policies potentially already existing in the organization as a unified security policy. In this article, we present a unique and flexible solution that enables concurrent specification and enforcement of such security policies through storing and querying data in a multi-dimensional and multi-granular data model. Specifically, we present a unified database schema, similar to that traditionally used in data warehouse design, that can represent different types of access control policies and store relevant policies as in-memory data, thereby significantly reducing the execution time of access request evaluation. We also present a novel approach for combining multiple access control policies through meta-policies. For ease of management, an administrative schema is presented that can specify different types of administrative policies. Extensive experiments on a wide range of data sets demonstrate the viability of the proposed approach. (C) 2019 Elsevier Ltd. All rights reserved.
机译:在过去的几年中,已经提出了各种类型的访问控制模型来表达组织不断增长的需求。其中,人们越来越关注使用基于属性的访问控制(ABAC)来规范和实施灵活而动态的决策安全策略。但是,将不同模型中指定的现有安全策略迁移到ABAC中并不容易。此外,还没有一种综合的方法可以指定,实施和管理ABAC策略以及组织中可能已经作为统一安全策略存在的其他策略。在本文中,我们提供了一种独特而灵活的解决方案,该解决方案可以通过在多维和多粒度数据模型中存储和查询数据来并发指定和实施此类安全策略。具体来说,我们提供了一个统一的数据库架构,类似于数据仓库设计中传统使用的架构,它可以表示不同类型的访问控制策略并将相关策略存储为内存中数据,从而显着减少了访问请求评估的执行时间。我们还提出了一种通过元策略组合多个访问控制策略的新颖方法。为了便于管理,提出了一种管理模式,可以指定不同类型的管理策略。在广泛的数据集上进行的广泛实验证明了该方法的可行性。 (C)2019 Elsevier Ltd.保留所有权利。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号