An Improved Genetic Algorithm for Safety and Availability Checking in Cyber-Physical Systems

Cross-IoT infrastructure access frequently occurs when performing tasks in a distributed computing infrastructure of a cyber-physical system (CPS). The access control technology that ensure secure access cross-IoT infrastructure usually automatically establish relationships between user-attribute/role-permission. How to efficiently determine whether an automatic authorization access control state satisfies the safety and availability requirements of a system is a huge challenge. Existing work often focuses on a single aspect of safety or availability, while ignoring the differences between permissions and the differences between users. In this paper, we first propose a fine-grained personalization policy that takes into account the specificity of permissions/users and describes the safety, availability and efficiency requirements of an access control system in CPS. Second, we define a Personalization Policy Checking (PPC) Problem to determine whether a given personalization policy is satisfied in an access control state. We give the computational complexity of the PPC problem in different subcases, and show that it is NP-complete in general. Third, we design a binary genetic search algorithm, whose improvements mainly include continuous update and selection of the best chromosomes in the population for iteration, and exploring and determining the optimal crossover and mutation probabilities, thereby improving the convergence efficiency of the algorithm. Finally, simulation results show the effectiveness of our proposed algorithm, which is especially fit for the case that the computational overhead is even more important than the accuracy in a large-scale CPS system.


I. INTRODUCTION
Cyber-physical system is a controllable, credible, scalable and heterogeneous distributed cyber-physical equipment system. It acquires information based on the IoT perception environment, and processes the information through deeply integrated computing, communication and control capabilities to complete a given task [1], [2]. CPS can bring huge economic benefits and is widely used in digital medical instruments and systems adopting automatic acquisition and control technology, distributed energy systems, aerospace and aircraft control, industrial control, etc [3]- [5]. CPS has aroused great interest of industry investment and researchers.
The associate editor coordinating the review of this manuscript and approving it for publication was Po Yang . In the CPS environment, if users in local nodes or nodes across IoT infrastructure access sensitive data without authorization, huge losses will occur [2], [6]. For cyber-physical systems, safety is facing increasing challenges, because illegal access may also come from various networks and physical interfaces in an increasing number of non-local IoT infrastructures [7]- [9]. Due to the heterogeneity of different IoT infrastructures, traditional access control are less effective in protecting sensitive data across IoT infrastructures. In the field of distributed cyber-physical systems, the research of access control is becoming more and more important for CPS designers and users.
The autonomy, heterogeneity and distribution of CPS nodes make access control mainly focus on multi-entity access control between different trust domains, while taking VOLUME 9, 2021 This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/ into account geographic location and resource ownership [10], [11]. The subject and object of access control are highly dynamic in the CPS environment and there exists a huge number of terminals and users. Therefore, the authorization relationship between users and permissions cannot be presented in advance, and the system authorization can only be performed automatically [11], [12]. However, whether this automatically authorized access control state satisfies the safety and availability requirements of the access control system needs to be determined by corresponding access control policies. Therefore, the study of access control policies cross-IoT infrastructure in the CPS environment has practical theoretical significance and application value. Access control policies restrict the assignment of permissions to ensure the safety and availability of the access control system [13], [14]. However, there are still shortcomings in the existing research on access control policies. (1) Access control policies often focus on security or availability, and cannot effectively balance these two [11]. Multiple CPS nodes or even cloud nodes may be involved when performing tasks. These autonomous nodes have their own role-permission relationship and may not be able to accurately satisfy task requirements. The redundant permissions generated by ensuring availability will bring security risks to the system. If security is strictly ensured, it may lead to insufficient permissions and affect the smooth execution of tasks. (2) Existing access control policies consider a large number of access permissions with negligible impact on task execution, which will increase the scale of the problem and reduce the efficiency of access control decision-making. Ignoring the difference in nature importance between permissions and treating important permissions as ordinary permissions will also bring unpredictable risks to the system. (3) Determining whether a certain access control policy is satisfied in a system state is the key issue to efficient access control decision-making. However, this problem is difficult to solve, especially for access control systems authorized across autonomous domains in CPS environments. This is because the access control subjects and objects involved in the execution of a task may come from different CPS nodes with a large number of users and permissions. It is necessary to determine whether the access control state composed of these nodes satisfies the goals and constraints of considering the weight. This greatly increases the computational complexity. For example, an access control policy may require mutually disjoint user groups that can perform tasks independently to satisfy a certain number, and the weight of the permissions owned by a single user is less than a certain threshold.
It can be seen that existing access control policies are difficult to effectively ensure the safety and availability in CPS, and it is intractable to improve the decision-making efficiency of access control under a large amount of data. For this reason, this paper introduces the concept of weight of users and permissions, which expresses the importance of permissions/users from the attributes of operations, the sensitivity of objects and user attributes. Subsequently, we propose a refined personalization policy based on weights to improve the efficiency of access control decision-making while enhancing the safety and availability of the system. Then, we analyze the computational complexity of the problem that a given access control state satisfies the requirements of a personalization policy. To address this problem of general case, we design an efficient solution based on the idea of genetic algorithm. Generally, a given access control policy is the minimum requirement of the system. For example, there are three groups of mutually disjoint users in an access control system, and each group has all the permissions to perform sensitive tasks. But the access control policy requires two groups of mutually disjoint users to ensure the availability of the system. Therefore, verifying that the policy is satisfied only needs to find two sets of mutually disjoint users. It can be seen that this solution is more effective when the parameters required by the policy are smaller than the actual parameters of the system.
Briefly, the main contributions of this paper can be summarized as follows: * We propose a personalization policy that considers the different natural importance of permissions and users. This policy describes the safety, availability and efficiency requirements of the access control system in a fine-grained way. * We give a formal definition of the PPC problem which determines whether an access control state in CPS environment satisfies a given personalization policy, and present the computational complexity analysis of PPC problem in different subcases. In particular, we show that this problem is NP-complete in the general case. * We design a Binary Genetic Search (BGS) algorithm, which first considers the efficiency of solving PPC problems. This algorithm improves the selection operation and crossover and mutation probability of genetic algorithm. * Simulation results further demonstrate the effectiveness of the BGS algorithm, which is especially fit for the case that the computational overhead is even more important than the accuracy in a large-scale CPS system. The rest of this paper is organized as follows. In Section II, we start with an overview of previous literature. Section III presents the formal definition of the personalization policy and the PPC problem, and studies computational complexity of its variants subcases. We present an algorithm for the PPC problem in Section IV. In Section V, we implement the proposed algorithm. We conclude this paper in Section VI.

II. RELATED WORK
The unique technical requirements and constraints of CPS make the existing research on automatic authorization of access control focuses on the discovery method of attribute-permission association in attribute-based access control (ABAC). And provides flexible control and management through the mapping mechanism of user-role and role-permission in role-based access control (RBAC) [11].
ABAC regards attributes as the key element of access control, which effectively solves the problem of large-scale, dynamic and private fine-grained access control in the CPS. ABAC first establishes the attribute set and describes the access control policy, and then responds to the access control request and updates the access control policy during execution [12]. RBAC guarantees flexible control and management of objects through a dual authority mapping mechanism, and provides inter-domain role mapping and constraint verification methods in cross-entity access control of CPS [15], [16]. When constructing attribute set and permission mapping, usually use role engineering or attribute engineering topdown or bottom-up method to mine roles or attributes to further authorize users. However, the automatically authorized access control state may not necessarily satisfy the safety and availability requirements of the access control system.
The access control policy which used to restrict permission assignment to ensure safety and availability in access control system is a main research for several decades [17]. The research of access control policy originated from the safety analysis of access control system, which determines whether an access control system can reach a state in which an unsafe access is allowed [18]. In the earliest work, the safety of the access control system is the focus of consideration, its purpose is to ensure the safety of the access control system when performing tasks and prevent abuse of authority. The separation of duty (SOD) policies is a typical policy used to ensure safety [19]. It prevent a set of users less than a certain threshold from being fully authorized to perform sensitive tasks [15], [16], [20]. Excessive pursuit of system safety may lead to unavailability of the system. For example, an access control state that satisfies strict safety requirements does not have the full permissions to perform tasks. Therefore, subsequent research also focuses on the availability of the access control system. Resiliency policy requires that absent any s users, there is still exist d mutually disjointed set of users which number is less than t and each set has all permissions in P to perform tasks to ensure availability of system [21], [22].
The problem of determine whether a certain access control state satisfies a given access control policy in the CPS environment is difficult to solve. For example, the problem of checking whether an access control state satisfies a resiliency policy is intractable (NP-hard) in the general case, and is in the Polynomial Hierarchy (in coNP NP ) [21]. In this paper, although we have comprehensively optimized the description of the policy to ensure that it is easier to solve while enhancing the safety and available effect. However, the policy proposed in this paper takes into account the weight of users and permissions, which obviously increases the difficulty of analyzing the problem.
The policy checking problem is difficult to solve under general case. The existing access control policy checking problem is to reduce the system scale through preprocessing, and then solve it by a satisfiability problem (SAT) solver [22]. However, due to the massive data scale of the CPS environment, which makes the implementation of this scheme require a great system overhead. Genetic algorithm has been proved to be effective in dealing with many problems, especially in dealing with NP-complete problems [23]- [29]. This is because the fitness value of the optimal solution can be calculated for this type of problem. The optimization goal of genetic algorithm is to make the solution set convergence to the optimal solution with higher efficiency. For example, the literature [24] proposed multi-granularity genetic algorithm that adopts a multi-granularity space strategy based on a random tree, which accelerates the searching speed of the algorithm in the multi-granular space. The literature [25] optimized crossover and mutation operations were devised to make the algorithm converge more quickly in solving the multi-processor scheduling problem in cloud data-centers. Aiming at the policy checking problem, this paper optimizes the genetic algorithm in many aspects to achieve the ideal solution effect.
In summary, the existing access control policy describes the safety or availability of the access control system, but it does not give a good balance between these two aspects, and it is difficult to apply in a distributed CPS environment. This paper proposes an access control policy applied in the CPS environment, defines and analyzes the computational complexity of the weighted policy check problem. Through the analysis of genetic algorithm, it can be seen that the algorithm can efficiently obtain the approximate solution of the problem. Therefore, this paper improves the algorithm to obtain better efficiency and accuracy.

III. PROBLEM FORMULATION
The individuality of every permission/user means that it has different nature and importance. It is a key topic that should be introduced to access control policy of CPS environment, but ignored. In this section, we propose a personalization policy that takes into account the specificity of permissions/users and be used to ensure the safety, availability, and efficiency of the access control system.

A. PERSONALIZATION POLICY
The personalization policy considers the particularity of permissions that have different natural and importance. In financial institution's access control systems, for example, the permission writes asset data is more important than the permission reads asset data. The weight is a value attached to a permission/user representing its importance and we introduce it to personalization policy. Here, we present an example to motivate the new features of the notation about the weight of permission/user to optimize the access control policy. Let us assume that the permission set is p 1 , p 2 , p 3 , p 4 , permissions p 1 and p 2 are assigned to u 1 , permissions p 3 and p 4 are assigned to u 2 , permissions p 1 and p 3 are assigned to u 3 , permissions p 2 and p 4 are assigned to u 4 . It is obvious that both {u 1 , u 2 } and {u 3 , u 4 } are the solutions and each solution has all permissions to perform tasks. However, it may not make any sense for choosing {u 1 , u 2 }, if the permissions p 1 and p 2 are more important resulting weighted u 1 beyond a certain threshold. This is because that it is easier to put the system at unpredictable risk if a user has too important permissions. Furthermore, certain permissions that may be more critical for system can only be owned by special users, other users cannot be authorized in the process of performing sensitive tasks. Safety is an important factor that we consider, and availability also needs to be considered because it is related to the smooth execution of the task. For example, in the previous example, there are two mutually disjoint user sets to perform sensitive task, this means that even if any one of the users is absent, the task can still be executed.
There are a lot of resources in the CPS environment. If the access permissions of these resources are all taken into account in the access control system, it will bring great system overhead and affect the efficiency of access control decisionmaking. Therefore, in order to enhance the availability of the system, we do not consider non-essential permissions into the access control system. We use weights to indicate the importance of these resource access permissions to the system. We set a threshold according to the importance of the task, and do not add permissions with a weight less than a certain threshold to the access control policy. This is because the abuse of these permissions with lower weights has a tolerable impact on the smooth execution of tasks, and the deficiencies of these permissions can be resolved through temporary authorization.
The weight of permissions/users is a value between 0-1 that weighs the importance of permissions/users from the attributes of operations, the sensitivity of objects, and user attributes [30]. In this section, formal definition of the weight of permission and methods of calculating them is not discussion. We assume that the weight of permissions is determined by the system and the weight of users is the sum of the weighted user's permissions. The personalization policy is defined as follows.
Definition 1 (Personalization Policy): Given a set U of users, a set P of permissions, the personalization policy satisfy the following constraints: * Safety constraint: A safety constraints is denoted as and W (u j ) denotes the weight of the u j . * Efficiency constraint: A efficiency constraints is denoted as PP ω 0 , where 1 ≥ ω 0 ≥ 0, We say that PP U , P, ω 0 is satisfied if and only if the following conditions hold: -∃p i ∈ P P and P P = (W (p j )>ω 0 ) p j − P F , where p j ∈ P and P F = p f denotes the permissions set of all p f .

* Available constraint:
A available constraints is denoted as PP U , P, κ , where 0 ≤ κ ≤ n are positive integer. We say that PP κ is satisfied if and only if the following conditions hold: In order to distinguish different types of permissions and user groups. We define P P , U P , P F , U F as pivotal permissions, pivotal users, fixed authorized permissions and fixed authorized users respectively, as shown in definition 1. We define P N = P/P F as non-fixed authorized permissions. We define the permissions with a weight less than ω 0 as general permission, denoted as P G , and users with a weight greater than ω 0 are dangerous users, denoted as U D .
To specify a subcase of the personalization policy, we combine the three constraints and write it followed by the list of constraints within a pair of braces. For instance, PP P, U , κ, ω 0 , ω, {U f 1 (p i ), . . . , U fn (p j )} . An access control state satisfies such a personalization policy if and only if fixed authorized permissions {p i , . . . , p j }only belongs fixed authorized users {U f 1 , . . . , U fn } respectively, exist at least κ mutually disjoint sets of users such that each set has all authorized pivotal permissions and total weight of permissions authorized by each users is no more than ω.
Suppose we now give a personalization policy as PP P, U , κ, ω 0 , ω, {Mike(Ratify)} . This policy requires that fixed authorizations permission ratify only assigned to user Mike. If κ = 2 and ω 0 = 0 is set, the policy requires that overall permissions except ratify are assigned to at least two mutually disjointed sets of users. If κ = 2 and ω 0 = 0.35 is set, the permission excepted not only ratify but also permissions with a weight less than 0.35. If ω = 1.2 is set, this means that the weight of each user in each mutually disjointed user groups is no more than 1.2. If we set ω = ∞, this means that the weight of users is unrestricted.
Example 1: Given the access control state shown in Figure 1, all permissions in a fund publishing task are P = {input, issue, view, ratify} and weighted to 0.7,0.5,0.3 and 0.9, respectively. All users are U = {Alice, Bob, Ed, Mik, Harry, Jack}.
As shown in Figure 1, the personalization policy PP P, U , 2, 0, 1.2, {Mike(Ratify)} is satisfied, because existence of U 1 = {alice, ed} and U 2 = {bob, jack} have full pivotal permissions and weighted each user no more than 1.2. However, PP P, U , 2, 0, 1, {Mike(Ratify)} is not satisfied, because the weight of U 2 alone does not exceed 1. PP P, U , 3, 0, ∞, {Mike(Ratify)} is not satisfied, because this access control state has only two mutually disjoint sets of pivotal users with all pivotal permissions. But PP P, U , 3, 0.35, ∞, {Mike(Ratify)} is satisfied, because this access control state has three mutually disjoint sets of pivotal users has pivotal permissions input and issue, the weight of permission view is less than 0.35 means that it's not importance for the task, so the access control system is not considered. The parameters κ requires that existing κ mutually disjoint sets of users can be perform tasks respectively, mean that any κ − 1 pivotal users to be absent in emergency situations, there is still exist one independent team of users to perform tasks. Such as in the example 1, the access control state satisfies κ = 2, mean that the system can be able to tolerate any one pivotal user absent. Furthermore, even if absents any number of pivotal users in κ −1 user sets, the system can still perform tasks. The parameters ω requires that the weight of a single user in any user set is no more than ω, which prevents a single user has more importance permissions to ensure the system safety. Obviously, if the parameters ω is given, then the number of users in each sets is no less than W (P P )/ω , where W (P P ) is weight of all pivotal permissions. Such as in the Example 1, if given ω = 0.8 then W (P P )/ω = 2, it means the number of users in each sets is no less than 2.

B. PERSONALIZATION POLICY CHECKING PROBLEM
In access control system, U represents all users and P represents all permissions, assignment relationship between the user and the permission is represented as UP ⊆ U × P. How to efficiently determine whether the existing access control state UP satisfies a given access control policy is the key to the access control decision. For this reason, we now give a formal definition of the problem and analyze its computational complexity.

Determining whether sat PP (UP) is true is called Personalization Policy Checking Problem.
In special cases, the parameters of personalization policy PP are not always fully consider. For example, a personalization policy in the subcase PPC κ = 1 has the form PP P, U , 1, ω 0 , ω, {U f 1 (p i ), . . . , U fn (p j )} which means determines whether there exists a set of users have all pivotal permissions in P and weight of each user no more than ω. The subcase PPC ω = ∞ determines whether exist κ sets of users and each set has all pivotal permissions in P. The computational complexity results for PPC problem and it's various subcases are given as following theorem.  Figure 2.

Theorem 1: The computational complexity of PPC problem and its subcases is shown in
We study the computational complexity of PPC problem in various subcases. The following lemma shows that the PPC κ = 1 , PPC ω = ∞ , PPC are NP-complete. Lemma 1: PPC κ = 1 is NP-complete Proof: We prove that the PPC κ = 1 is an NP problem: given a solution of the PPC κ = 1 problem, it can be verified in polynomial time whether the solution is correct.
Next, we convert the NP-complete weighted set covering decision problem [31] to PPC κ = 1 problem in Polynomial time, and show PPC κ = 1 is NP-complete. In the weighted set covering problem, given a finite set S, a family F = {S 1 , . . . , S m } of subsets of S, and a budget B, the goal is to determine whether the weight of each S i is less than B, where the union of S i is S. Given an instance of the weighted set cover problem, we now construct an instance of PPC κ = 1 in the following way: We create permissions p 1 , . . . , p m for each element in S, let ω = B, m is the cardinality of the set S. we create PP P, U , 1, ω 0 , ω, {U f 1 (p i ), . . . , U fn (p j )} and create an access control state: For each different subset S i (1 ≤ i ≤ m) in F, create a user u i , so that all permissions and their weight values in S i are assigned to u i . Then whether PP P, U , 1, ω 0 , ω, {U f 1 (p i ), . . . , U fn (p j )} is true if and only if there is a union of subsets in F that covers S, and the weight of any set in the subset is less than B. VOLUME 9, 2021 Therefore, the PPC problem when κ = 1 is NP-complete problem.
Lemma 2: PPC ω = ∞ is NP-complete Proof: We prove that the PPC ω = ∞ is an NP problem: given a solution of the PPC ω = ∞ problem, it can be verified in polynomial time whether the solution is correct.
Next, we reduce the NP-complete DOMATIC NUMBER problem [32] to PPC ω = ∞ . Given a graph G(V , E), the DOMATIC NUMBER problem asks whether V can be partitioned into κ mutually disjoint sets V 1 , V 2 , . . . , V k such that each V i is a dominating set for G. V ' is a dominating set for G(V , E) if for every node u in V − V ' , there is a node v in V ' such that (u, v) ∈ E. An instance of PPC ω = ∞ asks whether an access control state UP satisfies a policy PP P, U , κ, ω 0 , ∞, {U f 1 (p i ), . . . , U fn (p j )} . Given a graph G = (V , E), we now construct an instance of PPC ω = ∞ in the following way: We construct an access control state UP with n users u 1 , u 2 , . . . , u n for n nodes in G and n permissions p 1 , p 2 , . . . , p n . v(u i ) denotes the node corresponding to user u i . In UP, user u i is authorized for the permission p j if and only if either i = j or (v(u i ), v(u j )) ∈ E. Let P denote the set Therefore, the PPC problem when ω = ∞ is NP-complete problem.
Lemma 3: PPC is NP-complete Proof: An instance consists of an access control state UP and a policy PP P, U , κ, ω 0 , ω, {U f 1 (p i ), . . . , U fn (p j )} . UP satisfies PP P, U , κ, ω 0 , ω, {U f 1 (p i ), . . . , U fn (p j )} if and only if there exist at least κ mutually disjoint sets of users such that each set has all authorized pivotal permissions and total weight of permissions authorized by each user is no more than ω. If these κ sets are given, they can be verified in polynomial time. Therefore, PPC is in NP, and the subcase of PPC is NP-complete, then the PPC is NP-complete.

IV. THE BINARY GENETIC SEARCH ALGORITHM FOR PPC
The fact that PPC problem is intractable, as shown in Theorem 1, means that there exist difficult problem instances that take exponential time in the worst case. Therefore, we propose a Binary Genetic Search (BGS) algorithm to approximate solve PPC problems, which is inspired by the idea of the Genetic algorithm.
First, this algorithm performs preprocessing to reduce the system scale. Second, this algorithm execute optimized genetic algorithm and search algorithm within T seconds of system tolerance time. During this time, the number of mutually disjointed user sets which found in the first half of the population satisfy the parameters κ of policy, then stop and output result: true. If not, save the mutually disjoint user groups, randomly generate new chromosomes, and continue to iterate until κ groups are found. If the running time more than the system tolerance time of T seconds, it is uncertain whether the policy is satisfied, and the output result: false. This algorithm has a time complexity of O(lmn), where l, m and n denote the number of actually performed iterations, the size of population and the number of all available users, respectively. The main notations used in this paper are shown in Table 1. Algorithm 1 shows the process of BGS for PPC problem. This algorithm is optimized based on the idea of genetic algorithm, and has the characteristics of rapid convergence and evolution to the optimal solution. At the same time, because the PPC problem is an NP-complete problem, it can be determined in polynomial time whether the obtained solution is optimal.The algorithm is divided into three parts as shown in Algorithm 1. The first part is preprocessing, as shown in Algorithm 2; The second part performs optimized genetic algorithm as shown in Algorithm 3; the third part is to find mutually disjoint user groups such as algorithm 4 shown.

A. PREPROCESSING
We first determine whether the fixed authorization permissions in PP P, U , κ, ω 0 , ω, {U f 1 (p i ), . . . , U fn (p j )} in the preprocessing part only belongs to the fixed authorized user, that is, determine whether {U f 1 (p i ), . . . , U fn (p j )} is true, if it is false, the policy is not satisfied. Secondly, we perform static pruning of users and permissions based on PP to reduce the scale of problem solving, which is of great help to improve the access control decision-making efficiency of CPS. Finally, we transform the PPC problem into the chromosome of genetic algorithm through coding. The preprocessing process in this section is shown in Algorithm 2. The access permissions of large-scale resources in the CPS environment are taken into account in the access control decision system, which causes a large system overhead. Therefore, this section uses static pruning to delete users and permissions that do not need to be considered during the execution of the algorithm to improve the decision-making effectiveness of the access control system. Users and permissions in the following situations do not need to be considered. * Fixed authorization permissions: For safety reasons, fixed authorization permissions can only be owned by specific users, while other users cannot be authorized, so we need to exclude these permissions when considering availability. * Permission with weight less than ω 0 : The importance of the permission is less than a certain threshold, so the permission does not need to be considered to improve the efficiency of access control decision-making.
During task execution, the lack of such permissions can be obtained through temporary authorization. * Users whose weight is greater than ω: If a selected user's weight is greater than ω, it does not satisfy the requirements of the access control policy, so there is no need to consider it.

2) ENCODING
After static pruning of users and permissions, a sub-state of the access control state composed of pivotal users and permissions is formed. Next, we optimize the genetic algorithm to discover the user group containing all the pivotal permissions. The genetic algorithm coding rules are as follows: Given an access control state U P P P , U P represents a set of m pivotal users, and P P represents a set of n pivotal permissions. We use m-bit chromosomes to represent m users. When the i-th chromosome is 1, it means that user u i is selected.

B. OPTIMIZATION GENETIC ALGORITHM
In this section, we introduce the optimized genetic algorithm (OGA). The core idea of the OGA function is to carry out genetic iterations according to the optimal crossover and mutation probabilities determined by experiments, updated optimal half of the population after Each iteration completes, and continue iterating with this population. Until the fitness of the first half of the population is the same and it is equal to the maximum value of fitness, and the value of relative fitness is also in a reasonable range. This means that the user set selected by each chromosome in the first half of the population covers all pivotal permissions. The execution steps of the optimized genetic algorithm (OGA) function are as follows, and Algorithm 3 gives the detailed execution process.
step i Select a population of m points x 1 , . . . , x m to represent the users set at random. step ii Compute fitness: Compute the fitness and relative fitness of the role set using the evaluation function respectively. step iii Replacement: Sort the m points according to the fitness value from large to small, sort the points with the same fitness according to the relative fitness, and then replace the latter half with the front half. step iv Mutate: For each point x i that m/2 < i ≤ m in the population and for each bit in x i , with probability p m , alter its value. step v Crossover: For each y j in the pair points x i and x (i+1) from the x m/2 , . . . , x m , with probability p c , exchange x i .y j with x (i+1) .y j . step vi Stop: If the front half of the population has the same fitness and equal to the maximum fitness, at the same time, the value of relative fitness is also in a reasonable range, stop. The BGS algorithm is optimized based on the idea of genetic algorithm, and the improvements are as follows: First, in the process of execution, the optimal half of the population obtained by evolution is always updated, and the population is used to continue iterating. This is because the evolution based on the best solution has a high probability to get the better solution. Second, the mutation and crossover probability are determined through experiments. In the experiment, the value of the mutation probability is an integer multiple of the reciprocal of the population size. Third, the crossover operation selects the chromosome with the closest fitness. These improvements greatly improve the efficiency of the algorithm converging to the optimal solution.

V. IMPLEMENTATION AND EVALUATION
In order to verify the effectiveness of the BGS algorithm, we have implemented it and performed several experiments using randomly generated instances. The implementation of our algorithm was written in C. Experiments have been carried out on a PC with an Intel(R) Core(TM) i5-8500T CPU running at 2.11 GHz, and with 4GB memory, running windows 10. In order to get closer to the real access control environment, we add two interference permissions that are not related to the task. It is assumed that the fixed authorization permissions satisfy the policy requirements and are pruned to generate instances. For each instance, 10 randomly generated test cases are run, the averages time of the test results are used to generate the runtime graphs, and the number of satisfaction in ten instances are used to generate another graph.
The evaluation function is used to evaluate the solutions. The fitness function is defined as P s − wep − 100wmp, for more details, please refer to [23]. The relative fitness function is defined as follows.  Figure 3 shows the average CPU times and number of satisfaction under different probability of crossover and mutation for the two test case (1) U size = 60, permissons = 12 and κ = 3; (2) U size = 105, permissons = 7 and κ = 5, the size of population m = 280, and the system tolerance time t = 30. The x-axis denotes the probability of mutation, and we fix its value as 1/U size , . . . , 8/U size respectively. It can be clearly seen from Figure3(a) and (c) that the average CPU times is least when we choose the parameter P m = 3/U size with fixed P c . This means that it's easier to obtain a solution quickly by simultaneously mutating 3 bits in a chromosome. The average CPU times increases with the maximal P c for the fixed P m , because the less P c will save the CPU times. As shown in Figure3(b)(d), the number of satisfaction is maximum when we choose the parameter P m = 3/U size or P m = 5/U size with fixed P c , and when we choose the parameter P c is close to 0.5 with fixed P m . Together with the observation, we choose the parameters P m = 3/U size and P c = 0.5 for the remainder experiments.
Figure3(c)(d) shows longer CPU time and higher number of satisfaction than Figure3(a)(b). This is because when the ratio of users to permissions is large, it is easier to obtain mutually disjoint user groups, and the CPU time consumed will be reduced. The Figure3(c)(d) is clearer than Figure3(a)(b) on the curve trend of CPU time and the number of satisfaction. This is because if the ratio of users to permissions is small, the number of mutually disjoint user groups in the system is also small. In this case, it is difficult for the system to obtain a solution that satisfies the policy, and it may even not have a solution that satisfies the requirements of the policy. Therefore, if the ratio of users to permissions is small, the running time and the number of satisfactions of different random instances are very different. The runtime and number of satisfaction depend on the total number of the users U size , pivotal authorized permissions P size , and parameter κ of the personalization policy.
In Figure4, as the parameter κ increases for the fixed U size , the number of satisfaction reduces and the overall CPU time increases. This is because the larger the parameters required by the policy, the more difficult to satisfy for the system. As the total number of the users U size increases for the fixed parameter κ, the number of satisfaction reduces and the overall CPU time increases, this change is not obvious when the value of κ is small. But the change is obvious when the value of κ becomes large, as shown in Figure4(g)(h). This is because as the policy parameter κ increases, it is more difficult for the system to obtain a solution that satisfies the policy, and the running time of some instances may reach the system tolerance time. The number of satisfaction increases also with the maximal U size : P size for the fixed U size and κ. The reason is that the more value of U size : P size the more number of mutually disjoint sets of users. In Figure4(f)(h), as the number of U size increases, the number of satisfaction reduced when the parameter κ more than 3. The reason is that the BGS algorithm will stop when CPU times are over the system tolerance time 30 second. Therefore, if we want to obtain the better number of satisfaction, we can increase tolerance time of the system.
Consequently, for the case that the system tolerance time is more important, we can make the BGS algorithm obtain the best possible solution within the system tolerance time. The BGS algorithm is able to solve the PPC problem even though in a larger scale system.

VI. CONCLUSION
In this paper, we have proposed a personalization policy that has reflected in the particularity of permissions/users and has described the safety, availability and efficiency requirements of the access control system in a fine-grained way. We have introduced the definition of PPC problems and have studied the computational complexity analysis of various subcases. We have shown that most instances of PPC problems are intractable. In particular, we have proposed a BGS algorithm to solve PPC problems. This algorithm has greatly improved the efficiency of the algorithm converging to the optimal solution of the PPC problem within the tolerance time of the system.