计算机应用 ›› 2015, Vol. 35 ›› Issue (2): 393-396.DOI: 10.11772/j.issn.1001-9081.2015.02.0393

• 信息安全 • 上一篇    下一篇

基于上下文和角色的云计算访问控制模型

黄晶晶, 方群   

  1. 安徽师范大学 数学计算机科学学院, 安徽 芜湖 241001
  • 收稿日期:2014-09-15 修回日期:2014-11-05 出版日期:2015-02-10 发布日期:2015-02-12
  • 通讯作者: 黄晶晶
  • 作者简介:黄晶晶(1990-),女,安徽阜阳人,硕士研究生,主要研究方向:网络安全、云计算; 方群(1972-),男,安徽寿县人,教授,博士,主要研究方向:虚拟计算、网络安全。
  • 基金资助:

    国家自然科学基金资助项目(61201252)。

Context and role based access control for cloud computing

HUANG Jingjing, FANG Qun   

  1. School of Mathematics and Computer Science, Anhui Normal University, Wuhu Anhui 241001, China
  • Received:2014-09-15 Revised:2014-11-05 Online:2015-02-10 Published:2015-02-12

摘要:

云计算环境的开放性和动态性容易引发安全问题,数据资源的安全和用户的隐私保护面临严峻考验。针对云计算中用户和数据资源动态变化的特性,提出了一种基于上下文和角色的访问控制模型。该模型综合考虑云计算环境中的上下文信息和上下文约束,将用户的访问请求和服务器中的授权策略集进行评估验证,能够动态地授予用户权限。给出用户访问资源的具体实现过程,经分析比较,进一步阐明该模型在访问控制方面具有较为突出的优点。该方案不仅能够降低管理的复杂性,而且能限制云服务提供商的特权,从而有效地保证云资源的安全。

关键词: 云计算, 访问控制, 上下文, 角色, 权限

Abstract:

The open and dynamic characteristics of cloud computing environment is easy to cause security problems, so security of the data resource and the privacy of user are facing severe challenges. According to the characteristics of dynamic user and data resources in cloud computing, a context and role based access control model was proposed. This model took context information and context restrict of cloud computing environment into account, and evaluated the user access request and the authorization policy in server, which could dynamically grant user's permission. The implementation process of cloud users accessing the resource were given, and the analysis and comparison further illuminated that the model has more advantages in the aspect of access control. This scheme can not only reduce the complexity of management, but also limit the privileges of cloud service providers, so it can effectively ensure the safety of cloud resources.

Key words: cloud computing, access control, context, role, permission

中图分类号: