基于上下文和角色的云计算访问控制模型

doi:10.11772/j.issn.1001-9081.2015.02.0393

摘要
图/表
参考文献(0)
相关文章 (15)

全文: PDF (653 KB) HTML (1 KB)
输出: BibTeX | EndNote (RIS)

摘要

云计算环境的开放性和动态性容易引发安全问题,数据资源的安全和用户的隐私保护面临严峻考验。针对云计算中用户和数据资源动态变化的特性,提出了一种基于上下文和角色的访问控制模型。该模型综合考虑云计算环境中的上下文信息和上下文约束,将用户的访问请求和服务器中的授权策略集进行评估验证,能够动态地授予用户权限。给出用户访问资源的具体实现过程,经分析比较,进一步阐明该模型在访问控制方面具有较为突出的优点。该方案不仅能够降低管理的复杂性,而且能限制云服务提供商的特权,从而有效地保证云资源的安全。

	服务

	把本文推荐给朋友
	加入我的书架
	加入引用管理器
	E-mail Alert
	RSS
	作者相关文章
	黄晶晶
	方群

关键词 ：云计算, 访问控制, 上下文, 角色, 权限

Abstract：

The open and dynamic characteristics of cloud computing environment is easy to cause security problems, so security of the data resource and the privacy of user are facing severe challenges. According to the characteristics of dynamic user and data resources in cloud computing, a context and role based access control model was proposed. This model took context information and context restrict of cloud computing environment into account, and evaluated the user access request and the authorization policy in server, which could dynamically grant user's permission. The implementation process of cloud users accessing the resource were given, and the analysis and comparison further illuminated that the model has more advantages in the aspect of access control. This scheme can not only reduce the complexity of management, but also limit the privileges of cloud service providers, so it can effectively ensure the safety of cloud resources.

Key words： cloud computing access control context role permission

收稿日期: 2014-09-15

基金资助:

国家自然科学基金资助项目(61201252)。

通讯作者: 黄晶晶 E-mail: jenniferhwang@sina.cn

作者简介: 黄晶晶(1990-),女,安徽阜阳人,硕士研究生,主要研究方向:网络安全、云计算; 方群(1972-),男,安徽寿县人,教授,博士,主要研究方向:虚拟计算、网络安全。

引用本文:

黄晶晶, 方群. 基于上下文和角色的云计算访问控制模型[J]. 计算机应用, 2015, 35(2): 393-396. HUANG Jingjing, FANG Qun. Context and role based access control for cloud computing. Journal of Computer Applications, 2015, 35(2): 393-396.

链接本文:

http://www.joca.cn/CN/10.11772/j.issn.1001-9081.2015.02.0393 或 http://www.joca.cn/CN/Y2015/V35/I2/393

[1]	TIAN L, LIN C, NI Y. Evaluation of user behavior trust in cloud computing [C]//ICCASM 2010: Proceedings of the 2010 International Conference on Computer Application and System Modeling. Piscataway: IEEE, 2010, 7: 567-572.
[2]	FENG D, ZHANG M, ZHANG Y, et al. Study on cloud computing security [J]. Journal of Software, 2011, 22(1): 71-83. (冯登国, 张敏, 张妍, 等. 云计算安全研究[J].软件学报, 2011, 22(1): 71-83.)
[3]	ZHU T, LIU W, SONG J. An efficient role based access control system for cloud computing [C]//CIT 2011: Proceedings of the 2011 IEEE 11th International Conference on Computer and Information Technology. Piscataway: IEEE, 2011: 97-102.
[4]	SANDHU R S, COYNE E J, FEINSTEIN H L, et al. Role-based access control models [J]. IEEE Computer, 1996, 29(2): 38-47.
[5]	LI F, SU M, SHI G, et al. Research status and development trends of access control model [J]. Acta Electronica Sinica, 2012, 40(4): 805-813. (李凤华,苏铓, 史国振, 等. 访问控制模型研究进展及发展趋势[J].电子学报, 2012, 40(4): 805-813.)
[6]	LIN G, HE S, HUANG H, et al. Access control security model based on behavior in cloud computing environment [J]. Journal on Communications, 2012, 33(3): 59-66. (林果园, 贺珊, 黄皓, 等. 基于行为的云计算访问控制安全模型[J]. 通信学报, 2012, 33(3): 59-66.)
[7]	WANG X, FU H, ZHANG L. Research progress on attribute-based access control [J]. Acta Electronica Sinica, 2010, 38(7): 1660-1667. (王小明, 付红, 张立臣. 基于属性的访问控制研究进展[J]. 电子学报, 2010, 38(7): 1660-1667.)
[8]	LI W, WAN H, REN X, et al. A refined RBAC model for cloud computing [C]//ICIS 2012: Proceedings of the 2012 IEEE/ACIS 11th International Conference on Computer and Information Science. Piscataway: IEEE, 2012: 43-48.
[9]	WANG W, HAN J, SONG M, et al. The design of a trust and role based access control model in cloud computing [C]//ICPCA 2011: Proceedings of the 2011 6th International Conference on Pervasive Computing and Applications. Piscataway: IEEE, 2011: 330-334.
[10]	WU C, LI Z, CUI X. An access control method of cloud computing resources based on quantified-role [C]//ICCT 2012: Proceedings of the 2012 14th International Conference on Communication Technology. Piscataway: IEEE, 2012: 919-923.
[11]	ZHAO M, YAO Z. Access control model based on RBAC in cloud computing [J]. Journal of Computer Applications, 2012, 32(S2): 267-270. (赵明斌, 姚志强. 基于RBAC的云计算访问控制模型[J]. 计算机应用, 2012, 32(S2): 267-270.)
[12]	YAO H, HU H, LU Z, et al. Dynamic role and context-based access control for grid applications [J]. Computer Science, 2006, 33(1): 41-44. (姚寒冰, 胡和平, 卢正鼎, 等. 基于角色和上下文的动态网格访问控制研究[J]. 计算机科学, 2006, 33(1): 41-44.)