Please wait a minute...
 首页  期刊介绍 期刊订阅 联系我们 横山亮次奖 百年刊庆
 
最新录用  |  预出版  |  当期目录  |  过刊浏览  |  阅读排行  |  下载排行  |  引用排行  |  横山亮次奖  |  百年刊庆
清华大学学报(自然科学版)  2017, Vol. 57 Issue (11): 1150-1158    DOI: 10.16511/j.cnki.qhdxxb.2017.26.059
  计算机科学与技术 本期目录 | 过刊浏览 | 高级检索 |
一种基于角色和属性的云计算数据访问控制模型
王于丁, 杨家海
清华大学 网络科学与网络空间研究院, 北京 100084
Data access control model based on data's role and attributes for cloud computing
WANG Yuding, YANG Jiahai
Institute for Network Sciences and Cyberspace, Tsinghua University, Beijing 100084, China
全文: PDF(1236 KB)  
输出: BibTeX | EndNote (RIS)      
摘要 云计算具有开放性、共享性和弹性等特点,这使得传统的访问控制模型不再适应云计算中大规模用户对海量数据灵活动态的访问控制。针对这一不足,该文从云计算实体的属性角度出发,提出一种基于角色和属性的云计算数据访问控制模型,该模型在基于角色的访问控制模型基础上为相关实体引入了属性元素,用户能够通过自身和所在租户的属性及当前的状态分配角色,从而访问不同属性的数据;对该模型进行了详细的设计,阐述了工作流程,并做了安全性证明和综合分析。结果表明:该模型能够在云计算环境下,为用户访问数据提供动态、安全、细粒度的访问控制保障。
服务
把本文推荐给朋友
加入引用管理器
E-mail Alert
RSS
作者相关文章
王于丁
杨家海
关键词 云计算访问控制模型属性角色访问权限    
Abstract:The key cloud computing characteristics, such as data openness, elasticity, and sharing, complicate data access control. Traditional access control models cannot provide flexible, dynamic access control to large numbers of users with massive data files. This paper presents a data access control model based on the data's role and attribute for cloud computing. An attribute element is assigned to the data to provide role-based access control so that users can be assigned roles based on their own attributes and the tenant's attributes and current status, and can access data with different attributes. The paper illustrates the design of this model and the work processes and provides a theoretical security analysis. The results show that the model can provide dynamic, safe, fine-grained access control for users accessing data in a cloud environment.
Key wordscloud computing    access control model    attribute    role    access permission
收稿日期: 2017-05-11      出版日期: 2017-11-15
ZTFLH:  TP309.2  
通讯作者: 杨家海,研究员,E-mail:yang@cernet.edu.cn     E-mail: yang@cernet.edu.cn
引用本文:   
王于丁, 杨家海. 一种基于角色和属性的云计算数据访问控制模型[J]. 清华大学学报(自然科学版), 2017, 57(11): 1150-1158.
WANG Yuding, YANG Jiahai. Data access control model based on data's role and attributes for cloud computing. Journal of Tsinghua University(Science and Technology), 2017, 57(11): 1150-1158.
链接本文:  
http://jst.tsinghuajournals.com/CN/10.16511/j.cnki.qhdxxb.2017.26.059  或          http://jst.tsinghuajournals.com/CN/Y2017/V57/I11/1150
  图1 DACRA 模型
  表1 DACRA 模型实体描述
  表2 DACRA 模型关系描述
  图2 用户访问数据流程
  图3 算法1
  图4 算法2
  图5 状态转换
  表3 访问控制模型综合分析对比
[1] Sandhu R, Coyne E J, Feinstein H L, et al. Role-based access control models[J]. IEEE Computer, 1996, 29(2):38-47.
[2] Sandhu R, Bhamidipati V, Munawer Q. The ARBAC97 model for role-based administration of roles[J]. ACM Trans on Information and System Security, 1999, 2(1):105-135.
[3] Gedare B, Rahul S. Hardware-enhanced distributed access enforcement for role-based access controls[C]//SACMAT'14. London, Canada:ACM, 2014:5-16.
[4] Wouter K, Victor E. Sorting out role based access control.[C]//SACMAT'14. London, Canada:ACM, 2014:63-74.
[5] 王于丁, 杨家海, 徐聪, 等. 云计算访问控制研究综述[J]. 软件学报, 2015, 26(5):1129-1150.WANG Yuding, YANG Jiahai, XU Cong, et al. Survey on access control technologies for cloud computing[J]. Journal of Software, 2015, 26(5):1129-1150. (in Chinese)
[6] Thomas P, Jean B, Jatinder S, et al. Data-centric access control for cloud computing[C]//SACMAT'16. Shanghai, China:ACM, 2016:81-88.
[7] Eric Y, Jin T. Attributed based access control (ABAC) for web service[C]//Proceedings of the IEEE International Conference on Web Services. Orlando, FL, USA:IEEE, 2005:561-569.
[8] Jin X, Krishnan R, Sandhu R. A unified attribute-based access control model covering DAC, MAC, and RBAC[C]//The 26Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy. Berlin, Germany:Springer, 2012:41-55.
[9] Huang J W, David M N, Rakesh B, et al. A framework integrating attribute-based policies into role-based access control[C]//SACMAT'12. Newark, New Jersey:ACM, 2012:187-199.
[10] Joshi J, Bertino E, Latif U, et al. A generalized temporal role-based access control model[J]. IEEE Trans on Knowledge and Data Engineering, 2005, 17(1):4-23.
[11] Ray I, Kumar M, Yu L. LRBAC:A location-aware role-based access control model[C]//Proc of the Second Int Conf on Information Systems Security. Berlin, Germany:Springer, 2006:147-161.
[12] Ei E M, Thinn T N. The privacy-aware access control system using attribute-and role-based access control in private cloud[C]//20114th IEEE IC-BNMT. Shenzhen, China:IEEE, 2011:447-451.
[13] 李凤华, 熊金波. 复杂网络环境下访问控制技术[M]. 北京:人民邮电出版社, 2015.LI Fenghua, XIONG Jinbo. Access Control Technology for Complex Network Environment[M]. Beijing:Posts & Telecom Press, 2015. (in Chinese)
[14] 林果园, 贺珊, 黄皓, 等. 基于行为的云计算访问控制安全模型[J]. 通信学报, 2012, 33(3):59-66.LIN Guoyuan, HE Shan, HUANG Hao, et al. Access control security model based on behavior in cloud computing environment[J]. Journal on Communications, 2012, 33(3):59-66. (in Chinese)
[15] 常玲霞, 王凤英, 赵连军, 等. CT-RBAC:一个云计算环境下的访问控制模型[J]. 微电子学与计算机, 2014, 31(6):152-157.CHANG Lingxia, WANG Fengying, ZHAO Lianjun, et al. CT-RBAC:An access control model in cloud computing[J]. Microelectronics & Computer, 2014, 31(6):152-157. (in Chinese)
[16] Xin J, Ram K, Ravi S. Role and attribute based collaborative administration of intra-tenant cloud iaas[C]//10th IEEE International Conference on Collaborative Computing:Networking, Applications and Worksharing. Miami, FL, USA:IEEE, 2014:261-274.
[17] Bo T, Qi L, Ravi S. A mulit-tenant RBAC model for collaborative cloud services[C]//2013 Eleventh Annual Conference on Privacy, Security and Trust (PST). Tarragona, Spain:IEEE, 2013:229-238.
[18] Dancheng L, Cheng L, Qiang W, et al. RBAC-based access control for saas systems[C]//20102nd International Conference on Information Engineering and Computer Science. Wuhan, China:IEEE, 2010:1-4.
[19] Li N, Tripunitara M. Security analysis in role based access control[J]. ACM Trans on Information and System Secruity, 2006, 9(4):391-420.
[20] 王婷. 面向授权管理的资源管理模型研究[D]. 郑州:中国人民解放军信息工程大学, 2011.WANG Ting. Research on Resource Management Model Oriented to Authorization Management[D]. Zhengzhou:PLA Information Engineering University, 2011. (in Chinese)
[1] 曹来成, 李运涛, 吴蓉, 郭显, 冯涛. 多密钥隐私保护决策树评估方案[J]. 清华大学学报(自然科学版), 2022, 62(5): 862-870.
[2] 李清, 樊一萍, 李大川, 蒋欣, 刘恩钰, 陈甲. 基于微服务的飞行管理系统仿真:体系与方法[J]. 清华大学学报(自然科学版), 2020, 60(7): 589-596.
[3] 王开, 刘荣华, 魏加华, 刘启, 王光谦. 水力模拟云平台HydroMP的模型集成方法[J]. 清华大学学报(自然科学版), 2019, 59(12): 1006-1015.
[4] 薛彦广, 邓晓梅, 苏贵良. 基于多属性逆向拍卖的工程担保分保竞拍[J]. 清华大学学报(自然科学版), 2018, 58(9): 841-848.
[5] 李陶深, 刘青, 黄汝维. 云环境中基于代理重加密的多用户全同态加密方案[J]. 清华大学学报(自然科学版), 2018, 58(2): 143-149.
[6] 曹来成, 刘宇飞, 董晓晔, 郭显. 基于属性加密的用户隐私保护云存储方案[J]. 清华大学学报(自然科学版), 2018, 58(2): 150-156.
[7] 刘金钊, 周悦芝, 张尧学. 基于小波分析的云计算在线业务异常负载检测方法[J]. 清华大学学报(自然科学版), 2017, 57(5): 550-554.
[8] 刘扬, 魏蔚. 面向海量流媒体信道资源分配快速Nash议价算法[J]. 清华大学学报(自然科学版), 2017, 57(10): 1056-1062.
[9] 薛彦广, 邓晓梅, 冯珂. 面向最终用户的建筑市场逆向多属性电子招投标博弈分析[J]. 清华大学学报(自然科学版), 2016, 56(8): 836-843.
[10] 张旭, 王生进. 基于自然语言处理的特定属性物体检测[J]. 清华大学学报(自然科学版), 2016, 56(11): 1137-1142.
[11] 刘荣华, 魏加华, 翁燕章, 王光谦, 唐爽. HydroMP:基于云计算的水动力学建模及计算服务平台[J]. 清华大学学报(自然科学版), 2014, 54(5): 575-583.
[12] 王志华, 庞海波, 李占波. 一种适用于Hadoop云平台的访问控制方案[J]. 清华大学学报(自然科学版), 2014, 54(1): 53-59.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
版权所有 © 《清华大学学报(自然科学版)》编辑部
本系统由北京玛格泰克科技发展有限公司设计开发 技术支持:support@magtech.com.cn