计算机应用 ›› 2018, Vol. 38 ›› Issue (6): 1614-1619.DOI: 10.11772/j.issn.1001-9081.2017122940

• 网络空间安全 • 上一篇    下一篇

云平台访问控制自适应风险评估指标权重分配方法

杨宏宇, 宁宇光   

  1. 中国民航大学 计算机科学与技术学院, 天津 300300
  • 收稿日期:2017-12-15 修回日期:2018-02-07 出版日期:2018-06-10 发布日期:2018-06-13
  • 通讯作者: 杨宏宇
  • 作者简介:杨宏宇(1969-),男,吉林长春人,教授,博士,CCF会员,主要研究方向:网络信息安全;宁宇光(1991-),男,四川攀枝花人,硕士研究生,主要研究方向:网络信息安全。
  • 基金资助:
    中国民航科技基金资助项目(MHRD201205)。

Adaptive weight allocation method of risk assessment index for access control of cloud platform

YANG Hongyu, NING Yuguang   

  1. College of Computer Science and Technology, Civil Aviation University of China, Tianjin 300300, China
  • Received:2017-12-15 Revised:2018-02-07 Online:2018-06-10 Published:2018-06-13
  • Supported by:
    This work is partially supported by the Science and Technology Foundation of Civil Aviation of China (MHRD201205).

摘要: 针对云平台风险访问控制模型中风险评估指标权重主观设定且固定的问题,提出自适应风险评估指标权重分配方法。首先,通过带约束的多元线性回归设计自适应风险评估指标权重分配模型;然后,提出并优化配方回归算法求解相应权重;最后,构建带有自适应权重分配的风险值量化公式,动态计算访问请求的风险值。实验结果表明,该方法与动态风险访问控制(DRAC)模型、基于系统安全风险的访问控制模型相比,在训练集数量级相同的条件下,其风险值的准确率和灵敏度平均提升了2.8%和18.5%、1.7%和18.7%。该方法与DRAC模型、基于动态属性的风险感知访问控制(DA-RAAC)模型以及基于系统安全风险的访问控制模型相比,在访问请求数量相同的条件下,响应时间平均缩短了9.2%、34.6%和96.6%。所提方法在大并发用户数情况下所得风险值有较高的准确率和灵敏度,且响应时间更短,更适用于云环境。

关键词: 访问控制, 指标权重, 配方回归, 自适应, 云平台

Abstract: Aiming at the subjective and fixed setting problems of risk assessment index weight in risk access control model of cloud platform, an adaptive weight allocation method of risk assessment index was proposed. Firstly, the the adaptive weight allocation model of risk assessment index was designed through a multivariate linear regression with constraints. Secondly, the programming regression algorithm was proposed and optimized to solve the corresponding weight. Finally, the quantitative formula of risk value with adaptive weight allocation was constructed to calculate the risk value of access request dynamically. The experimental results show that, compared with the Dynamic Risk-based Access Control (DRAC) model and the access control model based on system security risk, the accuracy and sensitivity of risk value of the proposed method are averagely increased by 2.8% and 18.5%, 1.7% and 18.7% with the same order of magnitude training set. Compared with the DRAC model, Dynamic Attribute-based Risk Aware Access Control (DA-RAAC) model and the access control model based on system security risk, the response time of the proposed method is averagely shortened by 9.2%, 34.6% and 96.6% with the same number of access requests. The proposed method has higher accuracy and sensitivity in the risk value of large concurrent users, and its response time is shorter, which is more suitable for cloud environment.

Key words: access control, index weight, programming regression, adaptability, cloud platform

中图分类号: