CN111967034A - RBAC role fault tolerance auxiliary construction method based on attribute exploration - Google Patents
RBAC role fault tolerance auxiliary construction method based on attribute exploration Download PDFInfo
- Publication number
- CN111967034A CN111967034A CN202010891207.8A CN202010891207A CN111967034A CN 111967034 A CN111967034 A CN 111967034A CN 202010891207 A CN202010891207 A CN 202010891207A CN 111967034 A CN111967034 A CN 111967034A
- Authority
- CN
- China
- Prior art keywords
- implication
- access control
- verified
- permission
- answer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Automation & Control Theory (AREA)
- Safety Devices In Control Systems (AREA)
- Storage Device Security (AREA)
Abstract
本发明公开了一种基于属性探索的RBAC角色容错辅助构建方法,包含步骤:A:从某个部门的信息系统中得到该部门的访问控制实例的初始集合和所有权限集合;B:利用蕴涵等值式查找错误的访问控制实例,然后结合设定的正确答案,计算出待验证的蕴涵关系式集合中需要删除和需要添加的蕴涵关系式,对待验证的蕴涵关系式集合进行修正,最终得到该部门的确定的访问控制实例的无冗余集合和验证后的蕴涵关系式集合,同时确定角色集合。本发明能够准确实现角色构建,为现代工业和信息产业生产中操作角色及操作权限的安全科学的设定提供基础数据支撑,杜绝安全隐患。
The invention discloses an RBAC role fault-tolerant auxiliary construction method based on attribute exploration. Find the wrong access control instance by value, and then combine the set correct answers to calculate the implication expressions that need to be deleted and added in the set of implication expressions to be verified, and then revise the set of implication expressions to be verified, and finally get the A non-redundant set of definite access control instances of a department and a set of verified entailment relations, and a set of roles are also determined. The invention can accurately realize role construction, provide basic data support for the safe and scientific setting of operation roles and operation authority in modern industrial and information industry production, and eliminate potential safety hazards.
Description
技术领域technical field
本发明涉及一种基于角色的访问控制(RBAC)技术领域,尤其涉及一种基于属性探索的RBAC角色容错辅助构建方法。The invention relates to the technical field of role-based access control (RBAC), in particular to a fault-tolerant auxiliary construction method for RBAC roles based on attribute exploration.
背景技术Background technique
信息安全管理一直是现代工业及信息产业发展的重中之中,信息安全管理直接影响着现代工业产业和信息产业生产中安全隐患大小。如大型工业生产中,如何根据实际生产过程中各个生产环节的操作需求,科学地设置生产工序中的操作角色及操作权限,杜绝生产过程中各种关键操作中的角色误操作隐患,直接决定企业能否实现安全生产。再如目前频发的信息安全泄露事件,如中兴泄密事件,因权限管理失误,导致机密文件信息泄露,从而造成巨大损失。因此,在现代工业及信息产业发展中,信息安全管理工作得到了越来越多的重视及研究。Information security management has always been the top priority in the development of modern industry and information industry, and information security management directly affects the size of hidden dangers in the production of modern industrial industry and information industry. For example, in large-scale industrial production, how to scientifically set the operating roles and operating permissions in the production process according to the operational needs of each production link in the actual production process, to eliminate the hidden dangers of misoperation of roles in various key operations in the production process, and directly determine the enterprise. Can achieve safe production. Another example is the current frequent information security leakage incidents, such as the ZTE leaking incident, due to rights management errors, resulting in the leakage of confidential file information, resulting in huge losses. Therefore, in the development of modern industry and information industry, information security management has been paid more and more attention and research.
基于角色的访问控制(RBAC)通过实践证明,可以有效的保障用户系统数据安全。但传统的RBAC系统的构建不仅是一个十分耗时、耗力的过程,而且在确立角色过程中很容易出现角色遗漏的现象。随着信息系统的日益庞大,现有的角色构建方法弊端越来越明显。属性探索算法以主动获取知识的方式被广泛用于RBAC系统角色发现,但是传统基于属性探索算法的角色辅助构建方法,在构建角色过程中是以访问控制实例的初始集合绝对正确为前提。而在实际工作中,系统可能会宕机出错,造成后续角色构建过程中出现不可逆的错误。这一问题制约了基于属性探索的角色辅助构建方法的应用。Role-Based Access Control (RBAC) has been proved by practice that it can effectively ensure the security of user system data. However, the construction of the traditional RBAC system is not only a very time-consuming and labor-intensive process, but also the phenomenon of role omission is easy to occur in the process of establishing roles. With the increasing size of the information system, the disadvantages of the existing role-building methods are becoming more and more obvious. The attribute exploration algorithm is widely used in RBAC system role discovery by actively acquiring knowledge, but the traditional role-assisted construction method based on attribute exploration algorithm is based on the premise that the initial set of access control instances is absolutely correct in the process of role construction. In actual work, the system may crash and make mistakes, resulting in irreversible errors in the subsequent role construction process. This problem restricts the application of character-assisted construction methods based on attribute exploration.
发明内容SUMMARY OF THE INVENTION
本发明的目的是提供一种基于属性探索的RBAC角色容错辅助构建方法,能够发现并修正由于系统宕机而导致使用传统基于属性探索的RBAC角色构建方法构建访问控制系统角色时的错误,准确实现角色构建,为现代工业和信息产业生产中操作角色及操作权限的安全科学的设定提供基础数据支撑,杜绝安全隐患。The purpose of the present invention is to provide a fault-tolerant auxiliary construction method for RBAC roles based on attribute exploration, which can find and correct errors caused by using the traditional RBAC role construction method based on attribute exploration to construct access control system roles due to system downtime, and accurately realize Role construction provides basic data support for the safe and scientific setting of operating roles and operating permissions in modern industrial and information industry production, and eliminates potential safety hazards.
本发明采用下述技术方案:The present invention adopts following technical scheme:
一种基于属性探索的RBAC角色容错辅助构建方法,包括以下步骤:A fault-tolerant auxiliary construction method for RBAC roles based on attribute exploration, including the following steps:
A:从某个部门的信息系统中,获取该部门的访问控制日志记录,并对访问日志记录进行数据预处理,得到该部门的访问控制实例的初始集合KO和所有权限集合M;A: From the information system of a certain department, obtain the access control log records of the department, and perform data preprocessing on the access log records to obtain the initial set K O and all permission sets M of the access control instances of the department;
B:利用蕴涵等值式,查找由于访问控制系统宕机导致A步骤中得到的错误的访问控制实例,然后根据错误的访问控制实例,结合设定的正确答案,计算出待验证的蕴涵关系式集合Ja中需要删除和需要添加的蕴涵关系式,并根据计算得到的需要删除和需要添加的蕴涵关系式对待验证的蕴涵关系式集合Ja进行修正,最终得到步骤A中该部门的确定的访问控制实例的无冗余集合KS和验证后的蕴涵关系式集合Ja,同时确定角色集合R。B: Use the implication equivalence formula to find the wrong access control instance obtained in step A due to the downtime of the access control system, and then calculate the implication formula to be verified according to the wrong access control instance and the correct answer set The implication formulas that need to be deleted and added in the set Ja are revised according to the implication formulas that need to be deleted and need to be added. Access the non-redundant set K S of control instances and the verified implication set Ja , and determine the role set R at the same time.
所述的步骤A包括以下具体步骤:Described step A includes the following specific steps:
A1:从某个部门的信息系统中,获取该部门的访问控制日志记录,将访问控制日志中访问成功的记录,记为该部门下该用户拥有访问该资源的权限;A1: Obtain the access control log record of a department from the information system of a department, and record the successful access record in the access control log as the user under the department has the right to access the resource;
A2:将访问控制日志中访问失败的记录,记为该部门下该用户不拥有访问该资源的权限;A2: Record the access failure record in the access control log as the user under the department does not have the right to access the resource;
A3:经数据处理,得到该部门下各个用户所具有的权限和不具有的权限;A3: After data processing, obtain the authority and authority that each user under the department has and does not have;
A4:得到该部门的访问控制实例的初始集合KO和所有权限集合M。A4: Obtain the initial set K O of access control instances of the department and the set M of all permissions.
所述的步骤B包括以下具体步骤:Described step B includes the following specific steps:
B1:根据步骤A中得到的权限集合M=(a1,a2,a3,…,an-1,an),将所有权限集合M进行字典序排列后得到集合 初始化确定的访问控制实例的无冗余集合待验证的蕴涵关系式集合从集合Mq中取字典序排第一的权限集合验证问题集合n为正整数;B1: According to the permission set M=(a 1 , a 2 , a 3 , ..., a n-1 , a n ) obtained in step A, lexicographically arrange all permission sets M to obtain a set Initializes a non-redundant set of identified access control instances The set of implication relations to be verified Take the lexicographically ranked first permission set from the set M q set of validation questions n is a positive integer;
B2:对权限集合Q进行验证并得到初始答案,即在确定的访问控制实例的无冗余集合KS中计算fKs(gKs(Q)),若则进入步骤B3;否则进入步骤B4;B2: Verify the permission set Q and get the initial answer, that is, calculate f Ks (g Ks (Q)) in the non-redundant set K S of the determined access control instance, if Then go to step B3; otherwise go to step B4;
其中,gKs(Q)为在确定的访问控制实例的无冗余集合KS中找出所有拥有权限集合Q的用户,fKs(gKs(Q))为在确定的访问控制实例的无冗余集合KS中找出所有拥有权限集合Q的用户所共同拥有的权限集合,gKo(fKs(gKs(Q))-Q)为在访问控制实例的初始集合KO中找出所有拥有权限fKs(gKs(Q))-Q的用户;权限集合Q为当前验证的权限集合;Among them, g Ks (Q) is to find all users who have the permission set Q in the non-redundant set K S of the determined access control instance, and f Ks (g Ks (Q)) is the non-redundant set of access control instances in the determined access control instance. Find out the permission set shared by all users who have permission set Q in the redundant set K S , g Ko (f Ks (g Ks (Q))-Q) is found in the initial set K O of the access control instance All users with permission f Ks (g Ks (Q))-Q; permission set Q is the currently verified permission set;
B3:将蕴涵关系式Q->fKs(gKs(Q))-Q,即某个用户拥有权限集合Q那么该用户一定拥有权限fKs(gKs(Q))-Q,添加到蕴涵关系式集合Ja中,将离散数学中蕴涵关系式Q->fKs(gKs(Q))-Q的等值式 和初始答案加入验证问题集合D中,然后进入步骤B5;B3: Add the implication relation Q->f Ks (g Ks (Q))-Q, that is, if a user has the permission set Q, then the user must have the permission f Ks (g Ks (Q))-Q, to the implication In the relational set J a , the equivalent expression of the implication relation Q->f Ks (g Ks (Q))-Q in discrete mathematics is and initial answer Add to the verification question set D, and then enter step B5;
其中,对蕴涵关系式Q->fKs(gKs(Q))-Q的验证结果即为步骤B2中对权限集合Q进行验证后得到的初始答案,蕴涵关系式Q->fKs(gKs(Q))-Q中Q是该蕴涵关系式的前件,fKs(gKs(Q))-Q是该蕴涵关系式的后件,中,V表示逻辑运算符“或”;表示逻辑运算符“非”;Among them, the verification result of the implication relation Q->f Ks (g Ks (Q))-Q is the initial answer obtained after verifying the authority set Q in step B2, and the implication relation Q->f Ks (g In Ks (Q))-Q, Q is the antecedent of the implication, and f Ks (g Ks (Q))-Q is the consequent of the implication, , V represents the logical operator "or"; Represents the logical operator "NOT";
B4:从访问控制实例的初始集合KO中取出一个权限分配不符合蕴涵关系式Q->fKs(gKs(Q))-Q的实例o,即实例o拥有权限集合Q但是不拥有权限fKs(gKs(Q))-Q,将这个实例添加到确定的访问控制实例的无冗余集合KS中,将用户o所拥有的权限作为初始答案,并将离散数学中蕴涵关系式Q->fKs(gKs(Q))-Q的等值式 和初始答案加入验证问题集合D中,然后进入步骤B8;B4: Take out an instance o whose permission assignment does not conform to the implication formula Q->f Ks (g Ks (Q))-Q from the initial set K O of access control instances, that is, the instance o has the permission set Q but does not have the permission f Ks (g Ks (Q))-Q, add this instance to the non-redundant set K S of certain access control instances, take the authority possessed by user o as the initial answer, and use the implication formula in discrete mathematics Q->f Ks (g Ks (Q))-Q equivalent formula Add the initial answer to the verification question set D, and then enter step B8;
B5:从验证问题集合D中随机取出一个问题,重新对权限集合Q进行验证并得到对比答案;若验证得到的对比答案与验证问题集合D中的初始答案一致,则进入步骤B6,否则进入步骤B7;B5: Randomly take a question from the verification question set D, re-verify the authority set Q and get a comparison answer; if the comparison answer obtained by verification is consistent with the initial answer in the verification question set D, then go to step B6, otherwise go to step B5 B7;
B6:根据形式概念分析中集合与蕴含集合相关性定理,在集合Mq中找出下一个与待验证的蕴含关系集合Ja相关的权限集合Q′,令Q=Q′,然后进入步骤B8;B6: According to the set and implication set correlation theorem in the formal concept analysis, find out the next permission set Q' related to the implication set Ja to be verified in the set M q , let Q = Q', and then go to step B8 ;
B7:令设定的正确答案为Or、步骤B5中得到的验证问题集合D中有误的初始答案为Oe、发现出错的权限集合为Bi、当前验证的权限集合为Bj、字典序中小于Bi的待验证的子蕴涵关系式集合为U、字典序大于Bi小于Bj的待验证的子蕴涵关系式集合为P,根据发现出错的权限集合Bi、正确答案Or、有误的初始答案Oe和蕴涵关系式集合内在逻辑关系,通过计算得到正确的蕴涵关系式集合Jr,令Ja=Jr,然后进入步骤B8;B7: Let the set correct answer be Or, the wrong initial answer in the verification question set D obtained in step B5 is Oe, the set of permissions found to be wrong is B i , the set of permissions currently verified is B j , and the smallest in the lexicographical order The set of sub-implications to be verified in B i is U, and the set of sub-implications to be verified whose lexicographical order is greater than B i and less than B j is P, according to the set of permissions found to be wrong B i , correct answer Or, wrong The initial answer Oe of , and the inherent logical relationship of the implication relation set, the correct implication relation set J r is obtained through calculation, let Ja = J r , and then enter step B8;
B8:若Q=M,进入步骤B9,否则返回步骤B2;B8: If Q=M, go to step B9, otherwise return to step B2;
B9:将计算后的待验证的蕴含关系集合Ja中蕴涵关系式后件为的蕴涵关系式加入到角色集合R中,并得到该部门的确定的访问控制实例的无冗余集合Ks和验证后的蕴涵关系式集合Ja。B9: The consequent expression of the implication relation in the implication relation set to be verified after the calculation is set as The implication formula of , is added to the role set R, and the non-redundant set K s of the determined access control instance of the department and the verified implication formula set Ja are obtained.
所述的步骤B7包含以下具体步骤:The described step B7 includes the following specific steps:
B71:根据设定的正确答案Or、步骤B5中得到的验证问题集合D中有误的初始答案Oe、发现出错的权限集合Bi、当前验证的权限集合Bj、字典序中小于Bi的待验证的子蕴涵关系式集合U、字典序大于Bi小于Bj的待验证的子蕴涵关系式集合P;令正确的蕴涵关系式集合Jr=U,进入步骤B72;B71: According to the set correct answer Or, the wrong initial answer Oe in the verification question set D obtained in step B5, the wrong authority set B i , the currently verified authority set B j , and the lexicographically smaller than B i Set U of sub-implications to be verified, set P of sub-implications to be verified whose lexicographic order is greater than B i and less than Bj; set the correct set of implication J r =U, and enter step B72;
B72:计算出字典序中Bi的下一个与正确的蕴涵关系式集合Jr相关的权限集合T,令Bi=T;如果以T为前件的蕴涵关系式属于待验证的子蕴涵关系式集合P,进入步骤B73,否则进入步骤B75;B72: Calculate the next permission set T related to the correct implication set J r of B i in lexicographical order, let B i =T; if the implication with T as the antecedent belongs to the sub-implication to be verified formula set P, go to step B73, otherwise go to step B75;
B73:如果并且则将待验证的子蕴涵关系式集合P中前件为T的蕴涵关系式加入正确的蕴涵关系式集合Jr中,然后进入步骤B76;否则进入B74;B73: If and Then add the implication relation whose antecedent is T in the sub-implication relation set P to be verified into the correct implication relation set J r , and then go to step B76; otherwise, go to B74;
B74:如果T∩Oe=c或者T∩Or=c,且c∈P,则将待验证的子蕴涵关系式集合P中前件为T的蕴涵关系式加入到正确的蕴涵关系式集合Jr中,然后进入步骤B76;否则进入步骤B75;B74: If T∩Oe=c or T∩Or=c, and c∈P, then add the implication relation whose antecedent is T in the sub-implication relation set P to be verified to the correct implication relation set J r , then go to step B76; otherwise, go to step B75;
其中,集合c是权限集合T与正确答案Or的交集或者是权限集合T与有误的答案Oe的交集;Wherein, the set c is the intersection of the authority set T and the correct answer Or or the intersection of the authority set T and the wrong answer Oe;
B75:在访问控制实例的初始集合KO中计算fKO(gKO(T))并将T->fKO(gKO(T))加入正确的蕴涵关系式集合Jr中,然后进入步骤B76; B75 : Calculate f KO (g KO (T)) in the initial set KO of access control instances and add T->f KO (g KO (T)) to the correct set of implication relations J r , and then enter the step B76;
B76:如果T<Bj,则进入步骤B72,否则进入步骤B77;B76: If T<B j , go to step B72, otherwise go to step B77;
B77:令待验证的蕴含关系集合Ja等于正确的蕴涵关系式集合Jr,令Q=Bj,然后进入步骤B8。B77: Let the implication relation set Ja to be verified equal to the correct implication relation expression set J r , let Q = B j , and then go to step B8.
本发明能够发现并修正由于系统宕机而导致使用传统基于属性探索的RBAC角色构建方法构建访问控制系统角色时的错误,准确实现角色构建,为现代工业和信息产业生产中操作角色及操作权限的安全科学的设定提供基础数据支撑,杜绝安全隐患。The present invention can discover and correct errors when using the traditional RBAC role construction method based on attribute exploration to construct the role of the access control system due to system downtime, accurately realize the construction of the role, and improve the operation role and operation authority in the production of modern industry and information industry. The setting of safety science provides basic data support to eliminate potential safety hazards.
附图说明Description of drawings
图1为本发明的流程示意图。FIG. 1 is a schematic flow chart of the present invention.
具体实施方式Detailed ways
以下结合附图和实施例对本发明作以详细的描述:Below in conjunction with accompanying drawing and embodiment, the present invention is described in detail:
如图1所示,本发明所述的一种基于属性探索的RBAC角色容错辅助构建方法,依次包括以下步骤:As shown in FIG. 1 , a fault-tolerant auxiliary construction method for RBAC roles based on attribute exploration according to the present invention includes the following steps in turn:
A:从某个部门的信息系统中,获取该部门的访问控制日志记录,并对访问日志记录进行数据预处理,得到该部门的访问控制实例的初始集合KO和所有权限集合M;A: From the information system of a certain department, obtain the access control log records of the department, and perform data preprocessing on the access log records to obtain the initial set K O and all permission sets M of the access control instances of the department;
所述的步骤A包含以下具体步骤:The described step A includes the following specific steps:
A1:从某个部门的信息系统中,获取该部门的访问控制日志记录,将访问控制日志中访问成功的记录,记为该部门下该用户拥有访问该资源的权限;例如在大型炼钢企业中,员工甲在6月21日操作生产环节中炼钢炉温度更改成功,则记录甲具有操作炼钢炉温度更改的权限;A1: Obtain the access control log records of a department from the information system of a department, and record the successful access records in the access control log as the user under the department has access to the resource; for example, in a large steel-making enterprise , employee A successfully changed the temperature of the steelmaking furnace during the operation and production process on June 21, then record that A has the authority to operate the temperature change of the steelmaking furnace;
A2:将访问控制日志中访问失败的记录,记为该部门下该用户不拥有访问该资源的权限;例如员工甲在6月21日操作生产环节中加氧量更改失败,则记录甲不具有操作生产环节中加氧量更改的权限;A2: Record the access failure record in the access control log as that the user under the department does not have permission to access the resource; for example, if employee A fails to change the oxygen supply during the operation and production process on June 21, then record A does not have the right to access the resource. The authority to change the amount of oxygen added in the production process;
A3:经数据处理,得到该部门下各个用户所具有的权限和不具有的权限。A3: After data processing, the authority and authority that each user under the department has and does not have are obtained.
例如本实施例中,经数据处理,得到用户甲所具有的权限和不具有的权限,如表1所示。For example, in this embodiment, through data processing, the permissions that User A has and permissions that User A does not have are obtained, as shown in Table 1.
表1Table 1
其中,用户甲具有(adfhi)权限,不具有(bceg)权限;Among them, user A has (adfhi) authority and does not have (bceg) authority;
A4:得到该部门的访问控制实例的初始集合KO和所有权限集合M。A4: Obtain the initial set K O of access control instances of the department and the set M of all permissions.
B:利用蕴涵等值式,查找由于访问控制系统宕机导致A步骤中得到的错误的访问控制实例,然后根据错误的访问控制实例,结合设定的正确答案,计算出待验证的蕴涵关系式集合Ja中需要删除和需要添加的蕴涵关系式,并根据计算得到的需要删除和需要添加的蕴涵关系式对待验证的蕴涵关系式集合Ja进行修正,最终得到步骤A中该部门的确定的访问控制实例的无冗余集合KS和验证后的蕴涵关系式集合Ja,同时确定角色集合R;a为all的首字母缩写;B: Use the implication equivalence formula to find the wrong access control instance obtained in step A due to the downtime of the access control system, and then calculate the implication formula to be verified according to the wrong access control instance and the set correct answer The implication formulas that need to be deleted and added in the set Ja are revised according to the implication formulas that need to be deleted and need to be added. The non-redundant set K S of the access control instance and the verified implication relation set Ja , and the role set R is determined at the same time; a is the acronym of all;
所述的步骤B包括以下具体步骤:Described step B includes the following specific steps:
B1:根据步骤A中得到的权限集合M=(a1,a2,a3,…,an-1,an),将所有权限集合M进行字典序排列后得到集合 初始化确定的访问控制实例的无冗余集合待验证的蕴涵关系式集合从集合Mq中取字典序排第一的权限集合验证问题集合n为正整数;B1: According to the permission set M=(a 1 , a 2 , a 3 , ..., a n-1 , a n ) obtained in step A, lexicographically arrange all permission sets M to obtain a set Initializes a non-redundant set of identified access control instances The set of implication relations to be verified Take the lexicographically ranked first permission set from the set M q set of validation questions n is a positive integer;
其中,字典序为形式概念分析中一种排序规则,验证问题集合D中包含以权限集合为前件诱导的蕴涵关系式的等值表达式,以及对权限集合进行验证得到的初始答案。Among them, lexicographical order is a sorting rule in formal concept analysis. The verification question set D contains the equivalent expression of the implication relation induced by the permission set as an antecedent, and the initial answer obtained by verifying the permission set.
B2:对权限集合Q进行验证并得到初始答案,即在确定的访问控制实例的无冗余集合KS中计算fKs(gKs(Q)),若则进入步骤B3;否则进入步骤B4;B2: Verify the permission set Q and get the initial answer, that is, calculate f Ks (g Ks (Q)) in the non-redundant set K S of the determined access control instance, if Then go to step B3; otherwise go to step B4;
其中,gKs(Q)为在确定的访问控制实例的无冗余集合KS中找出所有拥有权限集合Q的用户,fKs(gKs(Q))为在确定的访问控制实例的无冗余集合KS中找出所有拥有权限集合Q的用户所共同拥有的权限集合,gKo(fKs(gKs(Q))-Q)为在访问控制实例的初始集合KO中找出所有拥有权限fKs(gKs(Q))-Q的用户;权限集合Q为当前验证的权限集合;Among them, g Ks (Q) is to find all users who have the permission set Q in the non-redundant set K S of the determined access control instance, and f Ks (g Ks (Q)) is the non-redundant set of access control instances in the determined access control instance. Find out the permission set shared by all users who have permission set Q in the redundant set K S , g Ko (f Ks (g Ks (Q))-Q) is found in the initial set K O of the access control instance All users with permission f Ks (g Ks (Q))-Q; permission set Q is the currently verified permission set;
B3:将蕴涵关系式Q->fKs(gKs(Q))-Q,即某个用户拥有权限集合Q那么该用户一定拥有权限fKs(gKs(Q))-Q,添加到蕴涵关系式集合Ja中,将离散数学中蕴涵关系式Q->fKs(gKs(Q))-Q的等值式 和初始答案加入验证问题集合D中,然后进入步骤B5;B3: Add the implication relation Q->f Ks (g Ks (Q))-Q, that is, if a user has the permission set Q, then the user must have the permission f Ks (g Ks (Q))-Q, to the implication In the relational set J a , the equivalent expression of the implication relation Q->f Ks (g Ks (Q))-Q in discrete mathematics is and initial answer Add to the verification question set D, and then enter step B5;
其中,对蕴涵关系式Q->fKs(gKs(Q))-Q的验证结果即为步骤B2中对权限集合Q进行验证后得到的初始答案,蕴涵关系式Q->fKs(gKs(Q))-Q中Q是该蕴涵关系式的前件,fKs(gKs(Q))-Q是该蕴涵关系式的后件,中,V表示逻辑运算符“或”;表示逻辑运算符“非”;Among them, the verification result of the implication relation Q->f Ks (g Ks (Q))-Q is the initial answer obtained after verifying the authority set Q in step B2, and the implication relation Q->f Ks (g In Ks (Q))-Q, Q is the antecedent of the implication, and f Ks (g Ks (Q))-Q is the consequent of the implication, , V represents the logical operator "or"; Represents the logical operator "NOT";
B4:从访问控制实例的初始集合KO中取出一个权限分配不符合蕴涵关系式Q->fKs(gKs(Q))-Q的实例o,即实例o拥有权限集合Q但是不拥有权限fKs(gKs(Q))-Q,将这个实例添加到确定的访问控制实例的无冗余集合KS中,将用户o所拥有的权限作为初始答案,并将离散数学中蕴涵关系式Q->fKs(gKs(Q))-Q的等值式 和初始答案加入验证问题集合D中,然后进入步骤B8;B4: Take out an instance o whose permission assignment does not conform to the implication formula Q->f Ks (g Ks (Q))-Q from the initial set K O of access control instances, that is, the instance o has the permission set Q but does not have the permission f Ks (g Ks (Q))-Q, add this instance to the non-redundant set K S of certain access control instances, take the authority possessed by user o as the initial answer, and use the implication formula in discrete mathematics Q->f Ks (g Ks (Q))-Q equivalent formula Add the initial answer to the verification question set D, and then enter step B8;
B5:从验证问题集合D中随机取出一个问题,重新对权限集合Q进行验证并得到对比答案;若验证得到的对比答案与验证问题集合D中的初始答案一致,则进入步骤B6,否则进入步骤B7;B5: Randomly take a question from the verification question set D, re-verify the authority set Q and get a comparison answer; if the comparison answer obtained by verification is consistent with the initial answer in the verification question set D, then go to step B6, otherwise go to step B5 B7;
B6:根据形式概念分析中集合与蕴含集合相关性定理,在集合Mq中找出下一个与待验证的蕴含关系集合Ja相关的权限集合Q′,令Q=Q′,然后进入步骤B8;B6: According to the set and implication set correlation theorem in the formal concept analysis, find out the next permission set Q' related to the implication set Ja to be verified in the set M q , let Q = Q', and then go to step B8 ;
B7:令设定的正确答案为Or、步骤B5中得到的验证问题集合D中有误的初始答案为Oe、发现出错的权限集合为Bi、当前验证的权限集合为Bj、字典序中小于Bi的待验证的子蕴涵关系式集合为U、字典序大于Bi小于Bj的待验证的子蕴涵关系式集合为P,根据发现出错的权限集合Bi、正确答案Or、有误的初始答案Oe和蕴涵关系式集合内在逻辑关系,通过计算得到正确的蕴涵关系式集合Jr,令Ja=Jr,然后进入步骤B8;r为right的首字母缩写;B7: Let the set correct answer be Or, the wrong initial answer in the verification question set D obtained in step B5 is Oe, the set of permissions found to be wrong is B i , the set of permissions currently verified is B j , and the smallest in the lexicographical order The set of sub-implications to be verified in B i is U, and the set of sub-implications to be verified whose lexicographical order is greater than B i and less than B j is P, according to the set of permissions found to be wrong B i , correct answer Or, wrong The initial answer Oe and the inherent logical relationship of the implication relation set, the correct implication relation set J r is obtained by calculation, let J a =J r , and then enter step B8; r is the acronym of right;
其中,e是error的首字母缩写;下角标i和j均为正整数;待验证的子蕴涵关系式集合U和待验证的子蕴涵关系式集合P均为待验证的蕴涵关系式集合Ja的子集合;发现出错的权限集合Bi为验证问题集合D中有误的答案Oe所对应的权限集合,正确答案Or为正确的访问控制实例所拥有的权限集合;有误的初始答案Oe为错误的访问控制实例所拥有的权限集合;Among them, e is the acronym of error; the subscripts i and j are positive integers; the sub-implication relation set U to be verified and the sub-implication relation set P to be verified are both the implication relation set to be verified J a The sub-set of ; the permission set B i that found the error is the permission set corresponding to the wrong answer Oe in the verification question set D, the correct answer Or is the permission set owned by the correct access control instance; the wrong initial answer Oe is The set of permissions owned by the wrong access control instance;
所述步骤B7包括以下具体步骤:The step B7 includes the following specific steps:
B71:根据设定的正确答案Or、步骤B5中得到的验证问题集合D中有误的初始答案Oe、发现出错的权限集合Bi、当前验证的权限集合Bj、字典序中小于Bi的待验证的子蕴涵关系式集合U、字典序大于Bi小于Bj的待验证的子蕴涵关系式集合P;令正确的蕴涵关系式集合Jr=U,进入步骤B72;B71: According to the set correct answer Or, the wrong initial answer Oe in the verification question set D obtained in step B5, the wrong authority set B i , the currently verified authority set B j , and the lexicographically smaller than B i Set U of sub-implications to be verified, set P of sub-implications to be verified whose lexicographical order is greater than B i and less than B j ; set the correct set of implication J r =U, and enter step B72;
其中,发现出错的权限集合Bi与当前验证的权限集合Bj均属于集合Mq;Wherein, it is found that the wrong permission set B i and the currently verified permission set B j both belong to the set M q ;
B72:计算出字典序中Bi的下一个与正确的蕴涵关系式集合Jr相关的权限集合T,令Bi=T;如果以T为前件的蕴涵关系式属于待验证的子蕴涵关系式集合P,进入步骤B73,否则进入步骤B75;B72: Calculate the next permission set T related to the correct implication set J r of B i in lexicographical order, let B i =T; if the implication with T as the antecedent belongs to the sub-implication to be verified formula set P, go to step B73, otherwise go to step B75;
B73:如果并且则将待验证的子蕴涵关系式集合P中前件为T的蕴涵关系式加入正确的蕴涵关系式集合Jr中,然后进入步骤B76;否则进入B74;B73: If and Then add the implication relation whose antecedent is T in the sub-implication relation set P to be verified into the correct implication relation set J r , and then go to step B76; otherwise, go to B74;
B74:如果T∩Oe=c或者T∩Or=c,且c∈P,则将待验证的子蕴涵关系式集合P中前件为T的蕴涵关系式加入到正确的蕴涵关系式集合Jr中,然后进入步骤B76;否则进入步骤B75;B74: If T∩Oe=c or T∩Or=c, and c∈P, then add the implication relation whose antecedent is T in the sub-implication relation set P to be verified to the correct implication relation set J r , then go to step B76; otherwise, go to step B75;
其中集合c是权限集合T与正确答案Or的交集或者是权限集合T与有误的答案Oe的交集;The set c is the intersection of the permission set T and the correct answer Or or the intersection of the permission set T and the wrong answer Oe;
B75:在访问控制实例的初始集合KO中计算fKO(gKO(T))并将T->fKO(gKO(T))加入正确的蕴涵关系式集合Jr中,然后进入步骤B76; B75 : Calculate f KO (g KO (T)) in the initial set KO of access control instances and add T->f KO (g KO (T)) to the correct set of implication relations J r , and then enter the step B76;
B76:如果T<Bj,则进入步骤B72,否则进入步骤B77;B76: If T<B j , go to step B72, otherwise go to step B77;
步骤B76中,在字典序中递增,依次计算下一个与正确的蕴涵关系式集合Jr相关的权限集合T,直至T=Bj。In step B76, increasing in the lexicographical order, calculating the next permission set T related to the correct implication set J r in turn, until T=B j .
B77:令待验证的蕴含关系集合Ja等于正确的蕴涵关系式集合Jr,令Q=Bj,然后进入步骤B8;B77: Make the implication relation set to be verified Ja equal to the correct implication relation set J r , let Q = B j , and then go to step B8;
B8:若Q=M,进入步骤B9,否则返回步骤B2;B8: If Q=M, go to step B9, otherwise return to step B2;
步骤B8中,在字典序中递增,依次计算下一个与蕴涵关系式集合Ja相关的权限集合Q,直至Q=M。In step B8, increment in the lexicographical order, and sequentially calculate the next permission set Q related to the implication set Ja, until Q = M.
B9:将计算后的待验证的蕴含关系集合Ja中蕴涵关系式后件为的蕴涵关系式加入到角色集合R中,并得到该部门的确定的访问控制实例的无冗余集合KS和验证后的蕴涵关系式集合Ja。B9: Set the consequent expression of implication relation in the implication relation set Ja to be verified as The implication formula of , is added to the role set R, and the non-redundant set K S of the determined access control instance of the department and the verified implication formula set Ja are obtained.
如果不出现错误,步骤9中待验证的蕴含关系集合Ja,就是正确的蕴涵关系式集合。如果出现错误,在步骤B77中将每次修正后正确的蕴涵关系式集合Jr赋值给待验证的蕴含关系集合Ja,在循环结束后,验证后的蕴含关系集合Ja,就是已修改后正确的蕴涵关系式集合。If no error occurs, the implication relation set Ja to be verified in step 9 is the correct implication relation expression set. If there is an error, in step B77, assign the correct implication relation set J r after each revision to the implication relation set to be verified Ja , and after the loop ends, the verified implication relation set Ja is the modified implication relation set J a . The correct set of implication relations.
下面以某大型炼钢企业中构建RBAC角色为例:The following is an example of building an RBAC role in a large steelmaking enterprise:
步骤如下:Proceed as follows:
A:从某大型炼钢企业中部门的信息系统中获取该部门的访问控制日志记录,并对访问日志记录进行数据预处理;得到访问控制实例如表2所示:A: Obtain the access control log records of the department from the information system of a large steel-making enterprise, and perform data preprocessing on the access log records; the access control examples are shown in Table 2:
表2访问控制实例KO Table 2 Access control example K O
所有权限M=(a,b,c,d,e,f,g,h,i)。All rights M=(a, b, c, d, e, f, g, h, i).
B:利用蕴涵等值式,查找由于访问控制系统宕机导致A步骤中得到的错误的访问控制实例,然后根据错误的访问控制实例,结合设定的正确答案,计算出待验证的蕴涵关系式集合Ja中需要删除和需要添加的蕴涵关系式,并根据计算得到的需要删除和需要添加的蕴涵关系式对待验证的蕴涵关系式集合Ja进行修正,最终得到步骤A中该部门的确定的访问控制实例的无冗余集合KS和验证后的蕴涵关系式集合Ja,同时确定角色集合R;a为all的首字母缩写;B: Use the implication equivalence formula to find the wrong access control instance obtained in step A due to the downtime of the access control system, and then calculate the implication formula to be verified according to the wrong access control instance and the set correct answer The implication formulas that need to be deleted and added in the set Ja are revised according to the implication formulas that need to be deleted and need to be added. The non-redundant set K S of the access control instance and the verified implication relation set Ja , and the role set R is determined at the same time; a is the acronym of all;
B1:权限集合M中的字典序排列应该为 初始化确定的访问控制实例的无冗余集合蕴涵关系式集合从集合Mq中取字典序排第一的集合验证问题集合进入步骤B2;n为正整数;B1: The lexicographic order in the permission set M should be Initializes a non-redundant set of identified access control instances set of implication relations Take the lexicographically first set from the set M q set of validation questions Enter step B2; n is a positive integer;
B2:对权限集合Q进行验证并得到初始答案,即在确定的访问控制实例的无冗余集合KS中计算f(g(Q))=(abcdefghi),KS中g(Q)=(甲,乙,丙,丁),KO中不满足KS中在KO中g(f(g(Q))-Q)的条件,进入步骤B4;B2: Verify the permission set Q and get the initial answer, that is, calculate f(g(Q))=(abcdefghi ) in the non-redundant set K S of the determined access control instance, and g(Q)=( A, B, C, D), K O Not satisfied with K S Under the condition of g(f(g(Q))-Q) in KO , go to step B4;
B4:从访问控制实例的初始集合KO中取出一个权限分配不符合这条蕴涵规则的实例甲(cdefg),并将这个实例添加到确定的访问控制实例的无冗余集合KS中,将用户o所拥有的权限cdefg作为初始答案,并将离散数学中蕴涵关系式Q->fKs(gKs(Q))-Q的等值式 和初始答案加入验证问题集合D中,然后进入步骤B8;B4: Take out an instance A (cdefg) whose permission assignment does not conform to this implication rule from the initial set K O of access control instances, and add this instance to the determined non-redundant set K S of access control instances, The authority cdefg owned by user o is used as the initial answer, and the equivalent formula of the implication relation Q->f Ks (g Ks (Q))-Q in discrete mathematics Add the initial answer to the verification question set D, and then enter step B8;
B8:因为Q≠M,返回步骤B2;B8: Because Q≠M, go back to step B2;
本文着重描述在发现错误时的过程,下面从步骤B5发现错误开始。This article focuses on the process of finding errors, starting with step B5 to find errors.
B5:从验证问题集合D中随机取出一个问题,重新对权限集合Q进行验证并得到对比答案;得到的对比答案与验证问题集合D中的初始答案不一致,进入步骤B7;B5: randomly select a question from the verification question set D, re-verify the authority set Q and obtain a comparison answer; the obtained comparison answer is inconsistent with the initial answer in the verification question set D, and then go to step B7;
B7:根据设定的正确答案Or、步骤B5中得到的验证问题集合D中有误的初始答案Oe、发现出错的权限集合Bi、当前验证的权限集合Bj、字典序中小于Bi的待验证的子蕴涵关系式集合U和字典序大于Bi小于Bj的待验证的子蕴涵关系式集合P,根据出错的权限集合Bi、正确答案Or、有误的初始答案Oe和蕴涵关系式集合内在逻辑关系,计算得到正确的蕴涵关系式集合Jr,令Ja=Jr,然后进入步骤B8;B7: According to the set correct answer Or, the wrong initial answer Oe in the verification question set D obtained in step B5, the wrong authority set B i , the currently verified authority set B j , and the lexicographically smaller than B i The set U of sub-implications to be verified and the set of sub-implications P to be verified whose lexicographical order is greater than B i and less than B j , according to the set of wrong permissions B i , the correct answer Or, the wrong initial answer Oe and the implication relation The internal logical relationship of the formula set is calculated, and the correct implication formula set J r is obtained by calculation, let J a =J r , and then enter step B8;
B71:根据设定的正确答案Or=cdeg、步骤B5中得到的验证问题集合D中有误的初始答案Oe=cde。发现出错的权限集合Bi=e、当前验证的权限集合Bj=b、字典序中小于Bi的待验证的子蕴涵关系式集合U={i->g,h->abcd,f->cdeg,e->cdg}、字典序大于Bi小于Bj的待验证的子蕴涵关系式集合 令正确的蕴涵关系式集合Jr=U,进入步骤B72;B71: According to the set correct answer Or=cdeg, the incorrect initial answer Oe=cde in the verification question set D obtained in step B5. Found wrong permission set B i =e, currently verified permission set B j =b, lexicographically less than B i to be verified sub-implication set U={i->g, h->abcd, f- >cdeg, e->cdg}, the set of sub-implication relations to be verified whose lexicographical order is greater than B i and less than B j Let the correct set of implication relations J r =U, go to step B72;
B72:计算出字典序中Bi的下一个与正确的蕴涵关系式集合Jr相关的权限集合T=d,以d为前件的蕴涵关系式属于待验证的子蕴涵关系式集合P,进入步骤B74;B72: Calculate the next permission set T=d related to the correct implication set J r of B i in the lexicographical order, and the implication with d as the antecedent belongs to the sub-implication set P to be verified, enter the Step B74;
B74:d∩Or=d,d∩Oe=d,将待验证的子蕴涵关系式集合P中前件为T的蕴涵关系式d->c加入蕴涵关系式集合Jr中,进入步骤B76;B74: d∩Or=d, d∩Oe=d, add the implication relation d->c whose antecedent is T in the sub-implication relation set P to be verified into the implication relation set J r , and go to step B76;
B76:如果d<b,则进入步骤B71;B76: If d<b, go to step B71;
……;...;
由于篇幅有限,重复过程本文不再赘述。Due to the limited space, the repeated process is not repeated in this paper.
得到该部门的角色集合R为:Get the role set R of the department as:
权限间蕴涵关系式集合Ja为:The set of implication relations between permissions Ja is:
Ja={i->g,h->abcd,f->cdeg,e->cdg,d->c,c->d,cdg->e,cdefgi->abfh,b->acdh,a->bcdh,abcdeh->fgi};J a = {i->g, h->abcd, f->cdeg, e->cdg, d->c, c->d, cdg->e, cdefgi->abfh, b->acdh, a ->bcdh,abcdeh->fgi};
得到该部门确定的访问控制实例的无冗余集合KS为:The non-redundant set K S of the access control instances determined by the department is obtained as:
即该部门系统中应该设置角色应包含R中所有权限的集合,同时得到了该部门的蕴涵关系式集合为Ja,这些权限间蕴涵关系式更加地方便系统管理员管理角色系统。例如权限蕴涵关系式i->g,系统管理就会知晓如果某员工具有i权限那么该员工必定拥有g权限。That is, the role should be set in the department system, which should include the set of all permissions in R, and the set of implication relations of the department is Ja , which is more convenient for system administrators to manage the role system. For example, the authority implication relationship i->g, the system management will know that if an employee has the i authority, then the employee must have the g authority.
Claims (4)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010891207.8A CN111967034B (en) | 2020-08-30 | 2020-08-30 | RBAC role fault tolerance auxiliary construction method based on attribute exploration |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010891207.8A CN111967034B (en) | 2020-08-30 | 2020-08-30 | RBAC role fault tolerance auxiliary construction method based on attribute exploration |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111967034A true CN111967034A (en) | 2020-11-20 |
CN111967034B CN111967034B (en) | 2022-09-16 |
Family
ID=73401018
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010891207.8A Active CN111967034B (en) | 2020-08-30 | 2020-08-30 | RBAC role fault tolerance auxiliary construction method based on attribute exploration |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111967034B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114268649A (en) * | 2021-12-21 | 2022-04-01 | 河南大学 | A method for modifying RBAC permissions for the Internet of Things |
CN114448659A (en) * | 2021-12-16 | 2022-05-06 | 河南大学 | Yellow river dam bank monitoring Internet of things access control optimization method based on attribute exploration |
CN114528333A (en) * | 2022-01-20 | 2022-05-24 | 河南大学 | Test question implicit knowledge attribute association mining and related test question pushing method and system based on attribute exploration |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060089932A1 (en) * | 2004-10-22 | 2006-04-27 | International Business Machines Corporation | Role-based access control system, method and computer program product |
US20060218394A1 (en) * | 2005-03-28 | 2006-09-28 | Yang Dung C | Organizational role-based controlled access management system |
CN102354357A (en) * | 2011-09-28 | 2012-02-15 | 上海电力学院 | Lattice implication reasoning algorithm of bug in partitioning protection system of smart grid |
CN103701801A (en) * | 2013-12-26 | 2014-04-02 | 四川九洲电器集团有限责任公司 | Resource access control method |
CN106056270A (en) * | 2016-05-13 | 2016-10-26 | 西安工程大学 | Data safety design method of textile production management system based on improved RBAC |
-
2020
- 2020-08-30 CN CN202010891207.8A patent/CN111967034B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060089932A1 (en) * | 2004-10-22 | 2006-04-27 | International Business Machines Corporation | Role-based access control system, method and computer program product |
US20060218394A1 (en) * | 2005-03-28 | 2006-09-28 | Yang Dung C | Organizational role-based controlled access management system |
CN102354357A (en) * | 2011-09-28 | 2012-02-15 | 上海电力学院 | Lattice implication reasoning algorithm of bug in partitioning protection system of smart grid |
CN103701801A (en) * | 2013-12-26 | 2014-04-02 | 四川九洲电器集团有限责任公司 | Resource access control method |
CN106056270A (en) * | 2016-05-13 | 2016-10-26 | 西安工程大学 | Data safety design method of textile production management system based on improved RBAC |
Non-Patent Citations (4)
Title |
---|
DAU,F ETC.: "Access Policy Design Supported by FCA Methods", 《17TH INTERNATIONAL CONFERENCE ON CONCEPTUAL STRUCTURES》 * |
张劲松等: "形式背景的蕴涵规则提取算法", 《电脑开发与应用》 * |
张磊等: "基于概念格的RBAC模型中角色最小化问题的理论与算法", 《电子学报》 * |
栾俊清: "基于概念格的大数据访问控制技术研究", 《硕士电子期刊》 * |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114448659A (en) * | 2021-12-16 | 2022-05-06 | 河南大学 | Yellow river dam bank monitoring Internet of things access control optimization method based on attribute exploration |
CN114448659B (en) * | 2021-12-16 | 2022-10-11 | 河南大学 | Yellow river dam bank monitoring Internet of things access control optimization method based on attribute exploration |
CN114268649A (en) * | 2021-12-21 | 2022-04-01 | 河南大学 | A method for modifying RBAC permissions for the Internet of Things |
CN114268649B (en) * | 2021-12-21 | 2022-09-13 | 河南大学 | RBAC permission modification method facing to Internet of things |
CN114528333A (en) * | 2022-01-20 | 2022-05-24 | 河南大学 | Test question implicit knowledge attribute association mining and related test question pushing method and system based on attribute exploration |
Also Published As
Publication number | Publication date |
---|---|
CN111967034B (en) | 2022-09-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111967034B (en) | RBAC role fault tolerance auxiliary construction method based on attribute exploration | |
CN103150517B (en) | Concerning security matters e-file stores archive method, user right and opening of documents permission match method of calibration | |
CN111950013B (en) | RBAC role rapid auxiliary construction method based on attribute exploration | |
US20180089331A1 (en) | Pattern-based searching of log-based representations of graph databases | |
KR20140097445A (en) | Control program management system and method for changing control program | |
US20200111188A1 (en) | Digitized test management center | |
KR20200029029A (en) | How to set authority in the user's information exchange unit in the system | |
WO2021169300A1 (en) | Method and apparatus for exporting database table structure, and terminal device | |
KR20200017514A (en) | How to Authorize Field Values in Form Fields Through Third-Party Fields | |
CN111783043B (en) | Multi-department collaborative interactive RBAC role construction method based on attribute exploration | |
CN116579012A (en) | Enterprise safety information management system based on big data | |
CN112464189A (en) | Software development management system | |
CN110427770B (en) | A database access control method and system supporting business security marking | |
Chen et al. | System Quality Requirements Engineering (SQUARE) Methodology: Case Study on Asset Management System | |
Odeh et al. | Reliability of statistical software | |
Wurzenberger et al. | Discovering insider threats from log data with high-performance bioinformatics tools | |
CN116956332A (en) | BIM data processing method, BIM data processing equipment and computer readable storage medium | |
CN117933924A (en) | Flow management method for equal-protection evaluation | |
CN117034368A (en) | Data integrity protection method, device, equipment and storage medium | |
CN116225511A (en) | Data model management method, system, medium and product | |
CN111274579B (en) | Enterprise document encryption protection system based on computer | |
CN114238273A (en) | Database management method, device, equipment and storage medium | |
CN114268649B (en) | RBAC permission modification method facing to Internet of things | |
CN115270162A (en) | Multi-party calculation-based auditing and auditing pricing heterogeneous data online integration method and system | |
Geng et al. | Ensuring Consistency in Interagency Government Data Exchange: A Blockchain‐based Solution |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |