Journal of Computer Applications ›› 2021, Vol. 41 ›› Issue (6): 1604-1610.DOI: 10.11772/j.issn.1001-9081.2020121954

Special Issue: 2020年全国开放式分布与并行计算学术年会(DPCS 2020)

• National Open Distributed and Parallel Computing Conference 2020 (DPCS 2020) • Previous Articles     Next Articles

Reverse hybrid access control scheme based on object attribute matching in cloud computing environment

GE Lina1,2,3, HU Yugu1, ZHANG Guifen1,2, CHEN Yuanyuan1   

  1. 1. School of Artificial Intelligence, Guangxi University for Nationalities, Nanning Guangxi 530006, China;
    2. Key Laboratory of Network Communication Engineering, Guangxi University for Nationalities, Nanning Guangxi 530006, China;
    3. Guangxi Key Laboratory of Hybrid Computation and IC Design Analysis, Nanning Guangxi 530006, China
  • Received:2020-11-04 Revised:2021-04-01 Online:2021-06-10 Published:2021-06-21
  • Supported by:
    This work is partially supported by the National Natural Science Foundation of China (61862007), the Natural Science Foundation of Guangxi (2018GXNSFAA138147, 2018GXNSFAA281269).

云计算环境基于客体属性匹配的逆向混合访问控制方案

葛丽娜1,2,3, 胡雨谷1, 张桂芬1,2, 陈园园1   

  1. 1. 广西民族大学 人工智能学院, 南宁 530006;
    2. 广西民族大学 网络通信工程重点实验室, 南宁 530006;
    3. 广西混杂计算与集成电路设计分析重点实验室, 南宁 530006
  • 通讯作者: 葛丽娜
  • 作者简介:葛丽娜(1969-),女,广西环江人,教授,博士,CCF高级会员,主要研究方向:信息安全、人工智能;胡雨谷(1991-),男,江苏淮安人,硕士研究生,主要研究方向:信息安全;张桂芬(1974-),女,广西凌云人,副教授,硕士,主要研究方向:数据处理、信息安全;陈园园(1995-),女,广西北海人,硕士研究生,主要研究方向:信息安全。
  • 基金资助:
    国家自然科学基金资助项目(61862007);广西自然科学基金资助项目(2018GXNSFAA138147,2018GXNSFAA281269)。

Abstract: Cloud computing improves the efficiency of the use, analysis and management of big data, but also brings the worry of data security and private information disclosure of cloud service to the data contributors. To solve this problem, combined with the role-based access control, attribute-based access control methods and using the architecture of next generation access control, a reverse hybrid access control method based on object attribute matching in cloud computing environment was proposed. Firstly, the access right level of the shared file was set by the data contributor, and the minimum weight of the access object was reversely specified. Then, the weight of each attribute was directly calculated by using the variation coefficient weighting method, and the process of policy rule matching in the attribute centered role-based access control was cancelled. Finally, the right value of the data contributor setting to the data file was used as the threshold for the data visitor to be allowed to access, which not only realized the data access control, but also ensured the protection of private data. Experimental results show that, with the increase of the number of visits, the judgment standards of the proposed method for malicious behaviors and insufficient right behaviors tend to be stable, the detection ability of the method becomes stronger and stronger, and the success rate of the method tends to a relatively stable level. Compared with the traditional access control methods, the proposed method can achieve higher decision-making efficiency in the environment of large number of user visits, which verifies the effectiveness and feasibility of the proposed method.

Key words: access control, weight calculation, access policy, data sharing, cloud computing

摘要: 云计算提高了大数据的使用、分析和管理的效率,但也给数据贡献者带来了对云服务的数据安全及隐私信息泄露的担忧。针对这个问题,结合了基于角色的访问控制、基于属性的访问控制方法并采用了下一代访问控制的体系结构,提出了云计算环境下的基于客体属性匹配的逆向混合访问控制方法。首先,数据贡献者设置共享文件访问权限级别,逆向规定了访问客体的最低权值;然后,采用变异系数加权的方法直接计算各属性的权值,取消了以属性为中心的基于角色的访问控制中策略规则匹配的过程;最后,把数据贡献者对数据文件设定的权限值定为数据访问者被允许访问的阈值,这样既实现了数据访问控制,又保障了对隐私数据的保护。实验结果表明,随着访问次数的增多,所提方法对恶意行为、权限不足行为等的判断基准趋于稳定,检测能力越来越强,成功率趋于一个较为平稳的水平。该方法在用户访问数量较大的环境下相较传统的访问控制方法能够实现更高的决策效率,验证了所提方法的有效性和可行性。

关键词: 访问控制, 权值计算, 访问策略, 数据共享, 云计算

CLC Number: