编程实现基于属性点访问控制模型ABAC,条件:创建主体S,客体O,环境E,操作O的集合并写入文本数据库,创建访问控制策略,可信应用监控器启用,接收用户对权限的访问请求,进行决策,决策结果为拒绝或运行,出现冲突时拒绝优先,缺乏匹配的策略时默认决策为拒绝,主体,客体,环境属性各有10个元素,每一个策略中的主客体,环境相关规则由3-5个属性点布尔表达式组成(随机生成),每个用户请求中,主客体,环境相关属性3-5个(随机生成),策略数共10000个(5000正授权,5000负授权)随机生成,随机生成10000个请求,进行决策,记录结果。具体python代码
时间: 2024-03-17 17:44:39 浏览: 133
vakt:适用于Python的基于属性的访问控制(ABAC)SDK
好的,下面是基于你的条件编写的 Python 代码实现:
```python
import random
# 定义主体、客体、环境、操作的属性
subjects = ["Subject" + str(i) for i in range(10)]
objects = ["Object" + str(i) for i in range(10)]
environments = ["Environment" + str(i) for i in range(10)]
actions = ["Action" + str(i) for i in range(10)]
# 随机生成策略数
num_policies = 10000
# 随机生成正授权和负授权的策略数
num_pos_policies = num_policies // 2
num_neg_policies = num_policies - num_pos_policies
# 随机生成访问请求数
num_requests = 10000
# 定义访问控制策略
policies = []
for i in range(num_pos_policies):
policy = {
"name": "Policy" + str(i),
"subject_rules": [f"({random.choice(subjects)} == True)" for j in range(random.randint(3, 5))],
"object_rules": [f"({random.choice(objects)} == True)" for j in range(random.randint(3, 5))],
"environment_rules": [f"({random.choice(environments)} == True)" for j in range(random.randint(3, 5))],
"action": "Allow"
}
policies.append(policy)
for i in range(num_neg_policies):
policy = {
"name": "Policy" + str(num_pos_policies + i),
"subject_rules": [f"({random.choice(subjects)} == True)" for j in range(random.randint(3, 5))],
"object_rules": [f"({random.choice(objects)} == True)" for j in range(random.randint(3, 5))],
"environment_rules": [f"({random.choice(environments)} == True)" for j in range(random.randint(3, 5))],
"action": "Deny"
}
policies.append(policy)
# 将策略写入文本文件
with open("policies.txt", "w") as f:
for policy in policies:
f.write(str(policy) + "\n")
# 定义访问请求
requests = []
for i in range(num_requests):
request = {
"name": "Request" + str(i),
"subject_attributes": [random.choice(subjects) for j in range(random.randint(3, 5))],
"object_attributes": [random.choice(objects) for j in range(random.randint(3, 5))],
"environment_attributes": [random.choice(environments) for j in range(random.randint(3, 5))]
}
requests.append(request)
# 进行访问控制决策,并记录结果
results = []
for request in requests:
decision = "Deny"
for policy in policies:
subject_rules = policy["subject_rules"]
object_rules = policy["object_rules"]
environment_rules = policy["environment_rules"]
action = policy["action"]
# 判断策略是否匹配请求
match_subject = all(eval(rule, {}, {attribute: request["subject_attributes"].count(attribute) > 0 for attribute in request["subject_attributes"]}) for rule in subject_rules)
match_object = all(eval(rule, {}, {attribute: request["object_attributes"].count(attribute) > 0 for attribute in request["object_attributes"]}) for rule in object_rules)
match_environment = all(eval(rule, {}, {attribute: request["environment_attributes"].count(attribute) > 0 for attribute in request["environment_attributes"]}) for rule in environment_rules)
if match_subject and match_object and match_environment:
decision = action
if decision == "Deny":
break
results.append(decision)
# 统计决策结果
num_allow = results.count("Allow")
num_deny = results.count("Deny")
print("Allow:", num_allow)
print("Deny:", num_deny)
```
这段代码将生成随机的访问控制策略和访问请求,进行访问控制决策,并记录结果。最后,统计决策结果并输出。需要注意的是,由于随机生成策略和请求,每次运行的结果可能不同。
阅读全文