Abstract:The key cloud computing characteristics, such as data openness, elasticity, and sharing, complicate data access control. Traditional access control models cannot provide flexible, dynamic access control to large numbers of users with massive data files. This paper presents a data access control model based on the data's role and attribute for cloud computing. An attribute element is assigned to the data to provide role-based access control so that users can be assigned roles based on their own attributes and the tenant's attributes and current status, and can access data with different attributes. The paper illustrates the design of this model and the work processes and provides a theoretical security analysis. The results show that the model can provide dynamic, safe, fine-grained access control for users accessing data in a cloud environment.
王于丁, 杨家海. 一种基于角色和属性的云计算数据访问控制模型[J]. 清华大学学报(自然科学版), 2017, 57(11): 1150-1158.
WANG Yuding, YANG Jiahai. Data access control model based on data's role and attributes for cloud computing. Journal of Tsinghua University(Science and Technology), 2017, 57(11): 1150-1158.
Sandhu R, Coyne E J, Feinstein H L, et al. Role-based access control models[J]. IEEE Computer, 1996, 29(2):38-47.
[2]
Sandhu R, Bhamidipati V, Munawer Q. The ARBAC97 model for role-based administration of roles[J]. ACM Trans on Information and System Security, 1999, 2(1):105-135.
[3]
Gedare B, Rahul S. Hardware-enhanced distributed access enforcement for role-based access controls[C]//SACMAT'14. London, Canada:ACM, 2014:5-16.
[4]
Wouter K, Victor E. Sorting out role based access control.[C]//SACMAT'14. London, Canada:ACM, 2014:63-74.
[5]
王于丁, 杨家海, 徐聪, 等. 云计算访问控制研究综述[J]. 软件学报, 2015, 26(5):1129-1150.WANG Yuding, YANG Jiahai, XU Cong, et al. Survey on access control technologies for cloud computing[J]. Journal of Software, 2015, 26(5):1129-1150. (in Chinese)
[6]
Thomas P, Jean B, Jatinder S, et al. Data-centric access control for cloud computing[C]//SACMAT'16. Shanghai, China:ACM, 2016:81-88.
[7]
Eric Y, Jin T. Attributed based access control (ABAC) for web service[C]//Proceedings of the IEEE International Conference on Web Services. Orlando, FL, USA:IEEE, 2005:561-569.
[8]
Jin X, Krishnan R, Sandhu R. A unified attribute-based access control model covering DAC, MAC, and RBAC[C]//The 26Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy. Berlin, Germany:Springer, 2012:41-55.
[9]
Huang J W, David M N, Rakesh B, et al. A framework integrating attribute-based policies into role-based access control[C]//SACMAT'12. Newark, New Jersey:ACM, 2012:187-199.
[10]
Joshi J, Bertino E, Latif U, et al. A generalized temporal role-based access control model[J]. IEEE Trans on Knowledge and Data Engineering, 2005, 17(1):4-23.
[11]
Ray I, Kumar M, Yu L. LRBAC:A location-aware role-based access control model[C]//Proc of the Second Int Conf on Information Systems Security. Berlin, Germany:Springer, 2006:147-161.
[12]
Ei E M, Thinn T N. The privacy-aware access control system using attribute-and role-based access control in private cloud[C]//20114th IEEE IC-BNMT. Shenzhen, China:IEEE, 2011:447-451.
[13]
李凤华, 熊金波. 复杂网络环境下访问控制技术[M]. 北京:人民邮电出版社, 2015.LI Fenghua, XIONG Jinbo. Access Control Technology for Complex Network Environment[M]. Beijing:Posts & Telecom Press, 2015. (in Chinese)
[14]
林果园, 贺珊, 黄皓, 等. 基于行为的云计算访问控制安全模型[J]. 通信学报, 2012, 33(3):59-66.LIN Guoyuan, HE Shan, HUANG Hao, et al. Access control security model based on behavior in cloud computing environment[J]. Journal on Communications, 2012, 33(3):59-66. (in Chinese)
[15]
常玲霞, 王凤英, 赵连军, 等. CT-RBAC:一个云计算环境下的访问控制模型[J]. 微电子学与计算机, 2014, 31(6):152-157.CHANG Lingxia, WANG Fengying, ZHAO Lianjun, et al. CT-RBAC:An access control model in cloud computing[J]. Microelectronics & Computer, 2014, 31(6):152-157. (in Chinese)
[16]
Xin J, Ram K, Ravi S. Role and attribute based collaborative administration of intra-tenant cloud iaas[C]//10th IEEE International Conference on Collaborative Computing:Networking, Applications and Worksharing. Miami, FL, USA:IEEE, 2014:261-274.
[17]
Bo T, Qi L, Ravi S. A mulit-tenant RBAC model for collaborative cloud services[C]//2013 Eleventh Annual Conference on Privacy, Security and Trust (PST). Tarragona, Spain:IEEE, 2013:229-238.
[18]
Dancheng L, Cheng L, Qiang W, et al. RBAC-based access control for saas systems[C]//20102nd International Conference on Information Engineering and Computer Science. Wuhan, China:IEEE, 2010:1-4.
[19]
Li N, Tripunitara M. Security analysis in role based access control[J]. ACM Trans on Information and System Secruity, 2006, 9(4):391-420.
[20]
王婷. 面向授权管理的资源管理模型研究[D]. 郑州:中国人民解放军信息工程大学, 2011.WANG Ting. Research on Resource Management Model Oriented to Authorization Management[D]. Zhengzhou:PLA Information Engineering University, 2011. (in Chinese)