Please wait a minute...
 首页  期刊介绍 期刊订阅 联系我们
 
最新录用  |  预出版  |  当期目录  |  过刊浏览  |  阅读排行  |  下载排行  |  引用排行  |  百年期刊
Journal of Tsinghua University(Science and Technology)    2017, Vol. 57 Issue (4) : 432-436     DOI: 10.16511/j.cnki.qhdxxb.2017.25.017
COMPUTER SCIENCE AND TECHNOLOGY |
An assurance model for accesscontrol on cloud computing systems
LI Yu1,2,3, ZHAO Yong2,3, GUO Xiaodong1, LIU Guole1
1. National Secrecy Science and Technology Evaluation Center, Beijing 100044, China;
2. College of Computer Science, Beijing University of Technology, Beijing 100124, China;
3. Beijing Key Laboratory of Trusted Computing, Beijing 100124, China
Download: PDF(1029 KB)  
Export: BibTeX | EndNote | Reference Manager | ProCite | RefWorks    
Abstract  An access control points in cloud computing are difficult to link. An assurance model for access control on the whole system was developed based on formal definitions of the access request equivalence relation and the support relation, the analysis formally proves that the assurance algorithm can ensure the credibility of access requests. The implementation methods are given for the network layer, application layer and operating system kernel layer in cloud computing. An access semantic encapsulation shows that the algorithm meets the access control linkage requirements and can ensure the credibility of access requests.
Keywords cloud computing security      access control      assurance model      access control linkage     
ZTFLH:  TP393.08  
Issue Date: 15 April 2017
Service
E-mail this article
E-mail Alert
RSS
Articles by authors
LI Yu
ZHAO Yong
GUO Xiaodong
LIU Guole
Cite this article:   
LI Yu,ZHAO Yong,GUO Xiaodong, et al. An assurance model for accesscontrol on cloud computing systems[J]. Journal of Tsinghua University(Science and Technology), 2017, 57(4): 432-436.
URL:  
http://jst.tsinghuajournals.com/EN/10.16511/j.cnki.qhdxxb.2017.25.017     OR     http://jst.tsinghuajournals.com/EN/Y2017/V57/I4/432
  
[1] 俞能海, 郝卓, 徐甲甲, 等. 云安全研究进展综述[J]. 电子学报, 2013, 41(2): 371-381.YU Nenghai, HAO Zhuo, XU Jiajia, et al. Review of cloud computing security[J]. Acta Electronica Sinica, 2013, 41(2):371-381. (in Chinese)
[2] Gentry C. Fully homomorphic encryption using ideal lattices[C]//Symposium on Theory of Computing, STOC 2009. New York, USA: ACM, 2009: 169-178.
[3] Dijk M V, Gentry C, Halevi S, et al. Fully homomorphic encryption over the integers[C]//Advances in Cryptology- EUROCRYPT 2010: 29th Annual International Conference on the Theory and Applications of Cryptographic Techniques. Berlin, Germany: Springer, 2010: 24-43.
[4] Gentry C. A Fully Homomorphic Encryption Scheme[D]. Palo Alto, USA: Stanford University, 2009.
[5] Amazon. Amazon simple storage service . (2012-10-07). http://aws.amazon.com/s3/.
url: http://aws.amazon.com/s3/.
[6] Amazon. Amazon elastic block storage. (2012-10-07). http://aws.amazon.com/ebs/.
url: http://aws.amazon.com/ebs/.
[7] Hao F, Lakshman T V, Mukherjee S, et al. Secure cloud computing with a virtualized network infrastructure[C]//Usenix Conference on Hot Topics in Cloud Computing. Berkeley, USA: USENIX Association, 2010: 57-61.
[8] Oberheide J, Cooke E, Jahanian F. Cloud AV: N-version antivirus in the network cloud[C]//Proceedings of the 17th Conference on Security Symposium. Berkeley, USA: USENIX Association, 2008: 91-106.
[9] Yu S, Wang C, Ren K, et al. Achieving secure, scalable, and fine-grained data access control in cloud computing[C]//Proceedings of the IEEE INFOCOM 2010. San Diego, USA: IEEE, 2010: 1-9.
[10] Wang G, Liu Q, Wu J. Hierarchical attribute-based encryption for fine-grained access control in cloud storage services[C]//Proceedings of the 2010 ACM Conference on Computer & Communications Security. New York, USA: ACM, 2010: 735-737.
[11] 赵勇, 刘吉强, 韩臻, 等. 信息泄露防御模型在企业内网安全中的应用[J]. 计算机研究与发展, 2007, 44(5): 761-767.ZHAO Yong, LIU Jiqiang, HAN Zhen, et al. The application of information leakage defense model in enterprise intranet security[J]. Journal of Computer Research and Development, 2007, 44(5): 761-767. (in Chinese)
[12] 石文昌, 孙玉芳, 梁洪亮. 经典BLP安全公理一种适应性标记实施方法及其正确性[J]. 计算机研究与发展, 2001, 38(11): 1366-1372.SHI Wenchang, SUN Yufang, LIANG Hongliang. An adaptable labeling enforcement approach and its correctness for the classical BLP security axioms[J]. Journal of Computer Research and Development, 2001, 38(11): 1366-1372. (in Chinese)
[13] 郑志蓉, 蔡谊, 沈昌祥. 操作系统安全结构框架中应用类通信安全模型的研究[J]. 计算机研究与发展, 2005, 42(2): 322-328.ZHENG Zhirong, CAI Yi, SHEN Changxiang. Research on an application class communication security model on operating system security framework[J]. Journal of Computer Research and Development, 2005, 42(2): 322-328. (in Chinese)
[14] Bell D E, La Padula L J. Secure Computer System: Unified Exposition and Multics Interpretation. Technical Report ESD-TR-75-306[R]. Bedford, USA: Electronic Systems Division, 1977.
[15] Biba K J. Integrity Considerations for Secure Computer Systems. Technical Report ESD-TR-76-372[R]. Bedford, USA: Electronic Systems Division, 1977.
[16] Chadwick D W, Otenko A. The PERMIS X.509 role based privilege management infrastructure[J]. Future Generation Computer Systems, 2003, 19(2): 277-289.
[17] Nochta Z, Ebinger P, Abeck S. PAMINA: A certificate based privilege management system[C]//Proceedings of Network and Distributed System Security Symposium Conference, 2002. San Diego, USA: NDSS, 2002.
[18] Osborn S. Configuring role-based access control to enforce mandatory and discretionary access control policies[J]. ACM Transactions on Information & System Security, 2000, 3(2): 85-106.
url: http://dx.doi.org/ransactions on Information
[19] Jansen W A. A Revised Model for Role-based Access Control[R]. Gaithersburg, Maryland: NISTIR 6192, National Institute of Standards and Technology (NIST), 1998.
[20] Ahn G J. Role-based Authorization Constraints Specification[M]. Berlin Heidelberg, Germany: Springer, 2010.
[21] Park J S, Sandhu R, Ahn G J. Role-based access control on the web[J]. ACM Transactions on Information & System Security, 2001, 4(1): 37-71.
url: http://dx.doi.org/ransactions on Information
[22] Sandhu R, Park J. Usage Control: A Vision for Next Generation Access Control[M]. Berlin Heidelberg, Germany: Springer, 2003.
[23] Park J, Sandhu R. Towards usage control models: Beyond traditional access control[C]//Proceedings of the 7th ACM Symposium on Access Control Models and Technologies. New York, USA: ACM Press, 2002: 57-64.
[24] Park J, Sandhu R. The UCON ABC usage control model[J]. ACM Transactions on Information & System Security, 2004, 7(1): 128-174.
url: http://dx.doi.org/ransactions on Information
[25] Zhang X, Park J, Parisi-Presicce F, et al. A logical specification for usage control[C]//Proceedings of the 9th ACM Symposium on Access Control Models and Technologies. New York, USA: ACM, 2004: 2-12.
[26] Park J, Sandhu R. Originator control in usage control[C]//International Workshop on Policies for Distributed Systems and Networks, 2002. Monterey, USA: IEEE, 2002: 60-66.
[27] 胡浩, 冯登国, 秦宇, 等. 分布式环境下可信使用控制实施方案[J]. 计算机研究与发展, 2011, 48(12): 2201-2211.HU Hao, FENG Dengguo, QIN Yu, et al. An approach of trusted usage control in distributed environment[J]. Journal of Computer Research and Development, 2011, 48(12): 2201-2211. (in Chinese)
[28] 初晓博, 秦宇. 一种基于可信计算的分布式使用控制系统[J]. 计算机学报, 2010, 33(1): 93-102.CHU Xiaobo, QIN Yu. A distributed usage control system based on trusted computing[J]. Chinese Journal of Computers, 2010, 33(1): 93-102. (in Chinese)
[29] 洪帆, 崔永泉, 崔国华, 等. 多域安全互操作的可管理使用控制模型研究[J]. 计算机科学, 2006, 33(3): 38-47.HONG Fan, CUI Yongquan, CUI Guohua, et al. Administrative usage control model for secure interoperability between administrative domains[J]. Computer Science, 2006, 33(3): 38-47. (in Chinese)
[30] Chiueh T C, Sankaran H, Neogi A. Spout: A transparent distributed ution engine for Java applets[C]//Proceedings of the 20th International Conference on Distributed Computing Systems (ICDCS' 00). Taipei, China: IEEE, 2000: 394-401.
[31] Malkhi D, Reiter M K. Secure ution of Java applets using a remote playground[C]//Proceedings of IEEE Symposium on Security and Privacy, 1998. Oakland, USA: IEEE, 2000: 40-51.
[32] Kamp P H, Watson R N. Jails: Confining the omnipotent root[C]//Proceedings of the 2nd International System Administration and Network Engineering Conference (SANE'00). Maastricht, The Netherlands: USENIX, 2000: 1-15.
[33] Evan S. Securing free BSD using jail[J]. Syst Admin, 2001, 10(5): 31-37.
[34] Price D, Tucker A. Solaris zones: Operating system support for consolidating commercial workloads[C]//Proceedings of the 18th Large Installation System Administration Conference (LISA'04). Atlanta, USA: USENIX, 2004: 241-254.
[35] Tucker A, Comay D. Solaris zones: Operating system support for server consolidation[C]//Proceedings of the 3rd Virtual Machine Research and Technology Symposium (VM'04). San Jose, USA: USENIX, 2004: 1-2.
[1] GAO Xiaolin, YAN Jian, LU Jianhua. Priority weighted rate control algorithm in aeronautical Ad hoc networks[J]. Journal of Tsinghua University(Science and Technology), 2017, 57(3): 293-298.
[2] WANG Yuding, YANG Jiahai. Data access control model based on data's role and attributes for cloud computing[J]. Journal of Tsinghua University(Science and Technology), 2017, 57(11): 1150-1158.
[3] Zhihua WANG, Haibo PANG, Zhanbo LI. Access control for Hadoop-based cloud computing[J]. Journal of Tsinghua University(Science and Technology), 2014, 54(1): 53-59.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
Copyright © Journal of Tsinghua University(Science and Technology), All Rights Reserved.
Powered by Beijing Magtech Co. Ltd