在跨域环境下基于用户意图的访问控制

doi:10.3969/j.issn.1000-1565.2026.03.011

摘要/Abstract

摘要： 现有的访问控制主要侧重于保护组织资产,往往忽略了访问信息对用户的心理影响.为了获得对用户行为意图的全面理解,提出一个基于用户行为意图的跨域访问控制模型,将访问控制的重点从保护组织资产转移到保护用户安全上.该模型通过引入两阶段评估过程,增强传统的基于属性的访问控制: 第1阶段,根据用户属性和上下文评估基本访问权限;第2阶段,系统对用户意图和情绪状态进行评估,以确定潜在的行为风险.为支持意图分析,整合了基于YOLOv9的多模态数据融合和基于愉悦度和唤醒度的情感建模,以捕捉用户行为和所请求内容的情感倾向.实验结果表明,在3种不同的场景下,该模型的F1分数分别提高0.23、0.16、0.18,证明了所提出的方法在跨域环境中能够提供细粒度的访问控制.

关键词: 访问控制, 跨域, 多模态, 意图分析

Abstract: In the field of access control, existing paradigms predominantly prioritize the protection of organizational assets, often overlooking the potential adverse psychological effects of accessed content on users. To address this limitation, this paper proposes an intent-driven cross-domain access control model that extends the primary security objective from solely safeguarding resources to ensuring user safety. The proposed model enhances traditional Attribute-Based Access Control(ABAC)via a dual-stage evaluation framework. In the first stage, basic access permissions are determined based on user attributes and contextual conditions. In the second stage, the system dynamically assesses the user’s behavioral intentions- 引用格式:张文恺,杨术明,马永龙,等.基于EDEM的牧场推料机器人参数优化设计与试验［J］.河北大学学报(自然科学版),2026,46(3):225-236.引用格式:牛鹤,刘一凡,柴文磊,等.在跨域环境下基于用户意图的访问控制［J］.河北大学学报(自然科学版),2026,46(3):327-336.DOI:10.3969/j.issn.1000-1565.2026.03.011在跨域环境下基于用户意图的访问控制牛鹤^1,2,刘一凡^1,2,柴文磊³,冯凡³,刘亿³(1.河北大学网络空间安全与计算机学院,河北保定 071002;2.河北省高可信信息系统重点实验室,河北保定 071002;3.河北大学信息技术中心,河北保定 071002)摘要:现有的访问控制主要侧重于保护组织资产,往往忽略了访问信息对用户的心理影响.为了获得对用户行为意图的全面理解,提出一个基于用户行为意图的跨域访问控制模型,将访问控制的重点从保护组织资产转移到保护用户安全上.该模型通过引入两阶段评估过程,增强传统的基于属性的访问控制: 第1阶段,根据用户属性和上下文评估基本访问权限;第2阶段,系统对用户意图和情绪状态进行评估,以确定潜在的行为风险.为支持意图分析,整合了基于YOLOv9的多模态数据融合和基于愉悦度和唤醒度的情感建模,以捕捉用户行为和所请求内容的情感倾向.实验结果表明,在3种不同的场景下,该模型的F1分数分别提高0.23、0.16、0.18,证明了所提出的方法在跨域环境中能够提供细粒度的访问控制.关键词:访问控制;跨域;多模态;意图分析中图分类号:TP391.7 文献标志码:A 文章编号:1000-1565(2026)03-0327-10DOI:10.3969/j.issn.1000-1565.2026.03.011Cross-domain access control based on user intentNIU He^1,2, LIU Yifan^1,2, CHAI Wenlei³, FENG Fan³, LIU Yi³(1.School of Cyber Security and Computer, Hebei University, Baoding 071002, China;2.Key Laboratory on High Trusted Information System in Hebei Province, Baoding 071002, China;3.Information Technology Center, Hebei University, Baoding 071002, China)Abstract: In the field of access control, existing paradigms predominantly prioritize the protection of organizational assets, often overlooking the potential adverse psychological effects of accessed content on users. To address this limitation, this paper proposes an intent-driven cross-domain access control model that extends the primary security objective from solely safeguarding resources to ensuring user safety. The proposed model enhances traditional Attribute-Based Access Control(ABAC)via a dual-stage evaluation framework. In the first stage, basic access permissions are determined based on user attributes and contextual conditions. In the second stage, the system dynamically assesses the user’s behavioral intentions- 收稿日期:2025-10-16;修回日期:2026-03-13 基金项目:河北省自然科学基金项目(F2025201052);河北省教育厅科学研究项目(QN2025014);河北大学校长基金项目(XZJJ202303) 第一作者:牛鹤(2000—),男,河北大学在读硕士研究生,主要从事访问控制方向研究. E-mail:20237019017@stumail.hbu.edu.cn 通信作者:刘一凡(1995—),女,河北大学讲师,博士,主要从事异常数据检测、可信数据空间、数据治理、软件定义网络等方向研究. E-mail:lyf@hbu.edu.cn 第3期牛鹤等:在跨域环境下基于用户意图的访问控制河北大学学报(自然科学版) 第46卷and emotional state to identify potential risks. In order to support intention analysis, multimodal data fusion based on YOLOv9 and emotional modeling based on valence and arousal are integrated to capture user behavior and the emotional tendency of the requested content. Experimental results across three distinct scenarios demonstrate that the model improves F1 scores by 0.23, 0.16, and 0.18, respectively, confirming its effectiveness in enabling fine-grained, access control in cross-domain environments.

Key words: access control, cross-domain, multimodal, intention analysis

中图分类号:

TP391.7

牛鹤,刘一凡,柴文磊,冯凡,刘亿. 在跨域环境下基于用户意图的访问控制[J]. 河北大学学报(自然科学版), 2026, 46(3): 327-336.

NIU He, LIU Yifan, CHAI Wenlei, FENG Fan, LIU Yi. Cross-domain access control based on user intent[J]. Journal of Hebei University(Natural Science Edition), 2026, 46(3): 327-336.

参考文献

[1] Wang X, Yu M, Wang Y, et al. Attribute-based access control encryption[J]. IEEE Trans Dependable Secur Comput, 2025, 22(3): 2227-2242. DOI:10.1109/TDSC.2024.3481497.
[2] Pokhrel S R, Li G, Doss R, et al. Toward decentralized operationalization of zero trust architecture for next generation networks[J]. IEEE J Sel Areas Commun, 2025, 43(6): 1998-2010. DOI:10.1109/JSAC.2025.356003.
[3] Musa N S, Murugan T, N N A, et al. Research study on securing the cloud: utilizing conventional and blockchain-based access control mechanisms[J]. J Cloud Comput, 2025, 14(1): 88. DOI:10.1186/s13677-025-00803-3.
[4] 尹晓帆, 李晓会, 张思琪. 基于区块链和属性基加密的用户分类分级访问控制模型[J]. 计算机工程与科学, 2025, 47(9): 1609-1618. DOI:10.3969/j.issn.1007-130X.2025.09.009.
[5] Sun J, Xu G, Li H, et al. Sanitizable cross-domain access control with policy-driven dynamic authorization[J]. IEEE Trans Dependable Secur Comput, 2025, 22(4): 4126-42. DOI:10.1109/TDSC.2025.3541819.
[6] Arshad H, Johansen C, Owe O. Semantic attribute-based access control: A review on current status and future perspectives[J]. J Syst Architect, 2022, 129: 102625.DOI: 10.1016/j.sysarc.2022.102625.
[7] Zhang R N, Liu G, Kang H Z N, et al. Anonymity in attribute-based access control: framework and metric[J]. IEEE Trans Dependable Secur Comput, 2024, 21(1): 463-75.DOI: 10.1109/TDSC.2023.3261309.
[8] Logrippo L. Data flow security in role-based access control[J]. J Inf Secur Appl, 2025, 90: 103997. DOI:10.1016/j.jisa.2025.103997.
[9] Yang H, Si Z, Zhao Y, et al. Macsa: A multimodal aspect-category sentiment analysis dataset with multimodal fine-grained aligned annotations[J]. Multimedia Tools Appl, 2024: 1-19. DOI:10.1007/s11042-024-18796-7.
[10] Siyuan S, Aodi L, Xuehui D, et al. ABAC policy mining method for heterogeneous access control system[J]. J Supercomput, 2025, 81(9): 1065. DOI:10.1007/s11227-025-07539-6.
[11] Bimbinov A A. Criminal Liabilityforvirtual "comparticipation" in thesuicide of minors[J]. Suicidology, 2023, 14(1): 154-68.DOI: 10.32878/suiciderus.23-14-01(50)-154-168.
[12] Zhang Y, Chen L, Zhu Y, et al. Privacy-enhanced role-based access control for IoT systems[J]. IEEE Internet Things J, 2025, 12(14): 27269-79. DOI:10.1109/JIOT.2025.3562155.
[13] Mukta R, Pal S, Chowdhury K, et al. Zero trust-driven access control delegation using blockchain[J]. Blockchain Res Appl, 2026, 7(1): 100319. DOI:10.1016/j.bcra.2025.100319.
[14] Khan S, Khan S, Si W, et al. Privacy-preserving graph similarity search with attribute-based access control[J]. Cybersecurity, 2026, 9(1): 27. DOI:10.1186/s42400-025-00457-3.
[15] Lu H, Du X, Hu D, et al. BPFGuard: Multi-granularity container runtime mandatory access control[J]. IEEE Trans Cloud Comput, 2025, 13(2): 629-40. DOI:10.1109/TCC.2025.3551838.
[16] Kern S, Baumer T, Groll S, et al. Optimization of access control policies[J]. J Inf Secur Appl, 2022, 70: 103301.DOI: 10.1016/j.jisa.2022.103301.
[17] Xu S, Chen X, Guo Y, et al. Toward efficient multi-user access control encrypted search for web data management[J]. IEEE Trans Dependable Secur Comput, 2026, 23(1): 1203-18. DOI:10.1109/TDSC.2025.3615931.
[18] Wang F, Hu Z, Wang H, et al. Cross-domain dynamic access control based on "blockchain+ artificial intelligence"[J]. Neural Comput Appl, 2023, 35(35): 24575-24585.DOI: 10.1007/s00521-023-08360-z.
[19] Huan R, Zhong G, Chen P, et al. Unimf: A unified multimodal framework for multimodal sentiment analysis in missing modalities and unaligned multimodal sequences[J]. IEEE Trans Multimedia, 2024, 26:5753-5768.DOI: 10.1109/TMM.2023.3338769.
[20] Salehi A, Han R, Rudolph C, et al. DACP: Enforcing a dynamic access control policy in cross-domain environments[J]. Comput Netw, 2023, 237: 110049.DOI: 10.1016/j.comnet.2023.110049.
[21] Madani M A, Kerkri A, Aissaoui M. MC-ABAC: An ABAC-based model for collaboration in multi-cloud environment[J]. Int J Adv Comput Sci Appl, 2023, 14(6): 1182-1190.
[22] Du Z, Li Y, Fu Y, et al. Blockchain-based access control architecture for multi-domain environments[J]. Pervasive Mob Comput, 2024, 98: 101878. DOI:10.1016/j.pmcj.2024.101878.
[23] 权学良, 曾志刚, 蒋建华, 等. 基于生理信号的情感计算研究综述[J]. 自动化学报, 2021, 47(8): 1769-1784. DOI: 10.16383/j.aas.c200783.
[24] 张国防, 袁国强, 赵胜利. 面向虚假信息的多模态在线评论情感分析[J]. 河北大学学报(自然科学版), 2025, 45(2): 216-24. DOI: 10.3969/j.issn.1000-1565.2025.02.012.
[25] Russell J A. A circumplex model of affect[J]. J Pers Soc Psychol, 1980, 39(6): 1161–1178. DOI: 10.1037/h0077714.
[26] Wang C Y, Yeh I H, Mark L H Y. Yolov9: Learning what you want to learn using programmable gradient information[C] //European conference on computer vision(ECCV 2024),Lecture Notes in Computer Science, 15089: 1-21. DOI: 10.1007/978-3-031-72751-1_1.
[27] Zaabar L S, Yacob A A, Isa M R M, et al. Sentiment and emotion analysis with large language models for political security prediction framework[J]. Int J Adv Comput Sci Appl, 2025, 16(1):954-60.DOI: 10.14569/IJACSA.2025.0160192.
[28] Liu S, Deng N, Sabour S, et al. Task-adaptive tokenization: enhancing long-form text generation efficacy in mental health and beyond[EB/OL]. arXiv preprint arXiv:231005317, 2023.DOI: 10.48550/arXiv.2310.05317. (