A Policy Management System Based on Multi-dimensional Attribution Label | SpringerLink
Skip to main content
Springer Nature Link
Log in

A Policy Management System Based on Multi-dimensional Attribution Label

  • Conference paper
  • First Online:
Mobile Internet Security (MobiSec 2016)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 797))

Included in the following conference series:

Abstract

Due to complex and diverse attributes and dimension information of users, the existing policy system cannot control the multi-dimensional users in fine-grained manner, which results in rigid, coarse-grained management configuration and other issues. Therefore, it is extremely urgent to design a new policy system to meet the requirement for controlling multi-dimensional users. This paper proposes a unified naming mechanism of multidimensional attribute label and designs an efficient policy matching algorithm called Improved Sunday with Map mapping container (ISMM). The ISMM algorithm can deal with repeat pattern string by virtue of the idea of Map container, whose structure is orderly called key-value. ISMM firstly preprocesses and transforms the policies stored in policy server, and then matches the transformed information with the attribution information carried by client. If matching succeeds, we use a policy server to return the matching result as well as value information stored in Map container to client in advance, otherwise policy server would return failure information and submits errors to client. The matching result of ISMM algorithm is 13626 items per second in a given testing environment, comparing to 9764 of Sunday algorithm, 8967 of BM algorithm, 6698 of KMP algorithm, 5880 of BF algorithm, 5933 of regular matching algorithm. The experimental results show that efficiency of ISMM is significantly better than the classic policy matching algorithms (BM, KMP, BF, etc.). Moreover, the designed system can not only solve the problems but also control the multi-dimensional attribute information of user and ensuring the integrity, confidentiality and uniqueness. abstract environment.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
¥17,985 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
JPY 3498
Price includes VAT (Japan)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
JPY 5719
Price includes VAT (Japan)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
JPY 7149
Price includes VAT (Japan)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Shih, H., Guo, X., Lai, K., Cheng, T.C.E.: Taking promotion and prevention mechanisms matter for information systems security policy in Chinese SMEs. In: 2016 2nd International Conference on Information Management (ICIM), pp. 110–115. IEEE Press (2016)

    Google Scholar 

  2. Tarkhanov, T.: Policy algebra for access control in enterprise document management systems. In: 2015 9th International Conference on Application of Information and Communication Technologies (AICT), pp. 225–228. IEEE Press (2015)

    Google Scholar 

  3. Promyslov, V.G.: Tool for I&C system security policy verification. In: 2015 9th International Conference on Application of Information and Communication Technologies (AICT), pp. 221–224. IEEE Press (2015)

    Google Scholar 

  4. Li, S., Meng, J., Yu, L.: Buffer filter: a Last-level cache management policy for CPU-GPGPU heterogeneous system. In: 2015 IEEE 17th International Conference on Embedded Software and Systems (ICESS), pp. 266–271. IEEE Press (2015)

    Google Scholar 

  5. Huang, Y., Weng, Y., Zhou, M.: Design of traffic safety control systems for emergency vehicle preemption using timed petri nets. IEEE Trans. Intell. Transp. Syst. 16(4), 2113–2120 (2015). IEEE Press

    Article  Google Scholar 

  6. Desnitsky, V., Levshun, D., Chechulin, A., Kotenko, I.V.: Design technique for secure embedded devices: application for creation of integrated cyber-physical security system. J. Wirel. Mob. Netw. Ubiquitous Comput. Dependable Appl. (JoWUA), 7(2), 60–80 (2016). IEEE Press

    Google Scholar 

  7. Baiardi, F., Tonelli, F., Isoni, L.: Application Vulnerabilities in Risk Assessment and Management. J. Wirel. Mob. Netw. Ubiquitous Comput. Dependable Appl. (JoWUA), 7(2), 41–59 (2016). IEEE Press

    Google Scholar 

  8. Debnath, M.K., Samet, S., Vidyasankar, K.: A secure revocable personal health record system with policy-based fine-grained access control. In: 2015 13th Annual Conference on Privacy, Security and Trust (PST), pp. 109–116. IEEE Press (2015)

    Google Scholar 

  9. Amthor P.: A uniform modeling pattern for operating systems access control policies with an application to SELinux. In: 2015 12th International Joint Conference on e-Business and Telecommunications (ICETE), pp. 88–99. IEEE Press (2015)

    Google Scholar 

  10. Lopes, I.M., Oliveira, P.: Evaluation of the adoption of an information systems security policy. In: 2015 10th Iberian Conference on Information Systems and Technologies (CISTI), pp. 1–6. IEEE Press (2015)

    Google Scholar 

  11. Cheminod, M., Durante, L., Seno, L., Valenzano, A.: Analysis of access control policies in networked embedded systems: a case study. In: 2015 10th IEEE International Symposium on Industrial Embedded Systems (SIES), pp. 1–10. IEEE Press (2015)

    Google Scholar 

  12. Enqvist, O., Jiang, F., Kahl, F.: A Brute-Force algorithm for reconstructing a scene from two projections. In: IEEE Conference on Computer Vision and Pattern Recognition (CVPR), pp. 2961–2968. IEEE Press (2011)

    Google Scholar 

  13. An, D., Shao, M., Yuan, Z., Shi, H. Pan, Q.: Speaker recognition method based on CPSO clustering and KMP algorithm. In: Seventh International Symposium on Computational Intelligence and Design (ISCID), pp. 556–559. IEEE Press (2014)

    Google Scholar 

  14. Kurniawan, D.H., Munir, R.: A new string matching algorithm based on logical indexing. In: IEEE 26th International Conference on Data Engineering (ICDE 2010), pp. 394–399. IEEE Press (2010)

    Google Scholar 

  15. Hong, I., Bong, K., Shin, D., Park, S., Lee, K.J., Kim, Y., Yoo, H.J.: A 2.71 nJ/Pixel Gaze-activated object recognition system for low-power mobile Dmart glasses. J. Solid-State Circuits, 51(1), 45–55 (2016)

    Google Scholar 

  16. Ou, Z.: Data structuring and effective retrieval in the mining of web sequential characteristic. In: International Conference on Electronic and Mechanical Engineering and Information Technology (EMEIT), pp. 3551–3554. IEEE Press (2011)

    Google Scholar 

  17. Hou, X., Yan, Y., Lu, X.: Hybrid pattern-matching algorithm based on BM-KMP algorithm. In: 3rd International Conference on Advanced Computer Theory and Engineering (ICACTE), pp. 310–313. IEEE Press (2010)

    Google Scholar 

  18. Zhu, Y.: Two enhanced BM Algorithm in pattern matching. In: Workshop on Digital Media and Digital Content Management (DMDCM), pp. 341–346. IEEE Press (2011)

    Google Scholar 

  19. Qiao, J., Zhang, H.: Improvement of BM algorithm in Intrusion detection system. In: 6th IEEE International Conference on Software Engineering and Service Science (ICSESS), pp. 652–655. IEEE Press (2015)

    Google Scholar 

  20. Sunday, D.M.: A very fast substring search algorithm. Commun. ACM 33(8), 132–142 (1990)

    Article  Google Scholar 

  21. Yin, C.: A deterministic finite automata based on improved BM algorithm. In: International Conference on Computer Design and Applications (ICCDA), pp. 389–391. IEEE Press (2010)

    Google Scholar 

  22. Lu, H., Zheng, K., Liu, B., Zhang, X., Liu, Y.: A memory-efficient parallel string matching architecture for high-speed intrusion detection. IEEE J. Sel. Areas Commun. 24(10), 1793–1804 (2006). IEEE Press

    Article  Google Scholar 

  23. Krishnamurthy, R., Li, Y., Raghavan, S.: SystemT: a system for declarative information extraction. Newsletter 37(4), 7–13 (2008)

    Google Scholar 

  24. Lenka, R.K., Ranjan, P.: A comparative study on DFA-based pattern matching for deep packet inspection. In: Third International Conference on Computer and Communication Technology (ICCCT), pp. 255–260. IEEE Press (2012)

    Google Scholar 

  25. Peng, K., Tang, S., Chen, M., Dong, Q.: Chain-based DFA deflation for fast and scalable regular expression matching using TCAM. In: Seventh ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS), pp. 24–35. IEEE Press (2011)

    Google Scholar 

  26. Wang, X., Xu, Y., Jiang, J., Ormond, O., Liu, B., Wang, X.: StriFA: Stride Finite Automata for high speed regular expression matching in network intrusion detection systems. IEEE J. Sel. Areas Commun. 7(3), 374–384 (2013). IEEE Press

    Google Scholar 

  27. Sun, Y., Valgenti, V.C., Kim, M.S.: NFA-based pattern matching for deep packet inspection. In: Proceedings of 20th International Conference on Computer Communications and Networks (ICCCN), pp. 1–6 (2011)

    Google Scholar 

  28. Jiang, J., Xu, Y., Pan, T., Tang, Y., Liu, B.: Pattern-based DFA for memory-efficient and scalable multiple regular expression matching. In: IEEE International Conference on Communications (ICC), pp. 1–5. IEEE Press (2010)

    Google Scholar 

Download references

Acknowledgments

This work was partially supported by the National Basic Research Program of China (973 Program) under Grant No. 2013CB329102, in part by the National Natural Science Foundation of China (NSFC) under Grant No. 61232017, 61372112 and 61003283.

Author information

Authors and Affiliations

  1. State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing, 100876, China

    Bosong Liu, Jianfeng Guan & Zhongbai Jiang

Authors
  1. Bosong Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jianfeng Guan
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Zhongbai Jiang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jianfeng Guan .

Editor information

Editors and Affiliations

  1. Department of Information Security Engineering, Soonchunhyang University, Chungcheongnam-do, Korea (Republic of)

    Ilsun You

  2. Tunghai University, Taichung, Taiwan

    Fang-Yie Leu

  3. Asia University, Taichung, Taiwan

    Hsing-Chung Chen

  4. SPIRAS, St. Petersburg, Russia

    Igor Kotenko

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Liu, B., Guan, J., Jiang, Z. (2018). A Policy Management System Based on Multi-dimensional Attribution Label. In: You, I., Leu, FY., Chen, HC., Kotenko, I. (eds) Mobile Internet Security. MobiSec 2016. Communications in Computer and Information Science, vol 797. Springer, Singapore. https://doi.org/10.1007/978-981-10-7850-7_12

Download citation

  • DOI: https://doi.org/10.1007/978-981-10-7850-7_12

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-10-7849-1

  • Online ISBN: 978-981-10-7850-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation