Research on the multi-granularity method of role

Introduction The development of the information system has made information sharing between people more convenient and fast. However, the explosive growth of the information system has not only provided people with convenient and fast access to information but also created the problem of information security. For example, the “ZTE Incident” caused a huge loss to ZTE because the legal staff had access to confidential documents and information. The disclosure of prism makes people pay more attention to the protection of personal privacy. Ransomware attacks at hospitals, universities, and enterprises and on personal computers uses encryption algorithms to illegally encrypt the files of the victim host, forcing victims to pay a certain ransom to decrypt the files, causing huge losses to enterprises and individuals. An increasing number of security attacks and information leaks have seriously affected cyberspace security, personal privacy, and national security (Michel and King, 2019; Qiu et al., 2020). To prevent the intrusion of illegal users, access control limits the access ability and scope of the access subject to the access object using predefined methods or policies and limits the access to resources in the information system. Access control consists of an access subject, an access object, and the operation (Fang et al., 2017). In this case, the subject is the user or the access behavior initiated by the user (such as process and thread). The object is the entity that is accessed by the subject, and all the information, resources, and objects that can be regarded as the object in access control, such as files and disks, can be operated. An operation is an action that a subject can perform, such as a read operation and a write operation. Traditional access control models include the autonomous access control model and the mandatory access control model. In the autonomous access control model, users can freely transfer their permissions, which makes the access control very flexible, but the arbitrary transfer of permissions leads to the risk of illegal access. In the mandatory access control model, the direction of information flow is from a high-security level to a low-security level, which can guarantee that the information system cannot be accessed by illegal elements. However, the mandatory access control model can not be flexibly applied to the current flexible and changeable market environment. The role-based access control model (RBAC) is considered an access control strategy that can effectively guarantee the security of an information system, which ensures not only the security of the system but also its flexibility. The RBAC model introduces the concept of roles between users and access by assigning (revoking) roles to users. Thus, the purpose of granting (revoking) access permissions is achieved. In this way, system management only needs to consider the granting or revoking of roles, instead of considering the granting or revoking of each permission one by one, which simplifies the work tasks of system administrators. The role discovery method based on concept lattice can obtain the non-redundant role system semiautomatically, but with the increase in the number of access objects in the system, the number of access permissions in the system will increase sharply. In this case, the role-based access control model can reduce the tasks of system administrators to some extent, but the expansion of the number of roles makes the tasks of administrators very complex. At present, we are seeking a way to ensure the security of the system without being affected by the massive size of the role system, which becomes difficult to manage effectively. Granular computing can be used to study the same question in different granularity of discussion (Qian and Liang, 2006). In the case of ensuring a satisfactory solution, appropriately reducing the role partition granularity can effectively reduce the number of roles and reduce the complexity of the work of the system security administrator. This study begins with a discussion on the role exploration method based on concept lattice, introduces the concept of granularity calculation into this method, finds out the appropriate calculation granularity, uses the larger granularity, reduces the size of the role system, and thus reduces the complexity of the problem. Basic definition The concept lattice definitions used in this study are as follows (Zhao et al., 2009; Ganter and Wille, 2012; Wei et al., 2020): Definition 1: A context K = (U, M, I) is composed of two sets U and M and there exists a relation I between U and M. The elements of U are called objects and the elements of M are called attributes. (u, m) ∈ I or (uIm) means that the object u has an attribute m. We use (u, m)∉I to denote that object U does not possess property M. Definition 2: Let K = (U, M, I) be a context. For A ⊆ U, B ⊆ M, denote f(A) = {m ∈ M|∀u ∈ A, (u, m) ∈ I} and g(B) = {u ∈ U|∀m ∈ B, (u, m) ∈ I }. If A and B satisfy that f(A) = B and g(B) = A, then we call the binary group (A, B) as a concept, where A is the extent of the concept (A, B) and B is the intent of the concept (A, B). The set of all formal concepts is denoted as L = (U, M, I), ∀u ∈ U, with object concepts as (g(f(u)),f(u)). Similarly, for ∀m ∈ M, (g(m), f(g(m))) is called an attribute concept. In addition, for ∀(X1, B1), (X2, B2) ∈ L = (U, M, I), a partial order relationship ≤ can be defined in the sense that (X1, B1) ≤ (X2, B2) is equivalent to X1 ⊆ X2 and B2 ⊆ B1. Definition 3: Let (U, M, I) be a formal context and if Y ⊆ M satisfies. (1) Y≠f(g(Y)) (Y ⊆ f(g(Y))) and (2) Each pseudo-intent Y1⊂Y has f(g(Y1)) ⊆ Y, then, Y is called a pseudo-intent. Definition 4: Assume that set K = (U, M, I) is a context and Y1, Y2 ⊆ M. If g(Y1) ⊆ g(Y2), then Y1 → Y2 is true in K. Definition 5: If K = (U, M, I) is a formal context, then the value dependency set {X → f(g(X))|X is the pseudo-intent of K} is the Duquenne–Guigues of K. Definition 6: Given access security context K = (U, M, I), implication set J(K), and implication formula C → D ∈ J(K), if the attribute set T ⊆ M is equivalent to C⊈T or D ⊆ T, then T is related to C → D. If T is related to all the implication forms in J(K), then T is related to J(K). Definition 7: Let R1and R2 be non-empty equivalence relations in the field of argument. If R1 ⊆ R2, it is said that R1 is thinner than R2 and it is denoted as R2 ≤ R1 or R2≥R1. The concept of granular computing involves the theory of granulation, projection, and synthesis operation of quotient space (Wang et al., 2018). Quotient space theory is a kind of theory that can imitate human beings to analyze problems from coarse to fine, from surface to interior, and from multilevel to multidimensional, to effectively reduce the complexity of problems (Li et al., 2017). The information theory
Read More