Data access control model based on data's role and attributes for cloud computing

doi:10.16511/j.cnki.qhdxxb.2017.26.059

Abstract
Figures/Tables
References
Related Articles
Metrics

Download: PDF(1236 KB)
Export: BibTeX | EndNote | Reference Manager | ProCite | RefWorks

Abstract The key cloud computing characteristics, such as data openness, elasticity, and sharing, complicate data access control. Traditional access control models cannot provide flexible, dynamic access control to large numbers of users with massive data files. This paper presents a data access control model based on the data's role and attribute for cloud computing. An attribute element is assigned to the data to provide role-based access control so that users can be assigned roles based on their own attributes and the tenant's attributes and current status, and can access data with different attributes. The paper illustrates the design of this model and the work processes and provides a theoretical security analysis. The results show that the model can provide dynamic, safe, fine-grained access control for users accessing data in a cloud environment.

Keywords cloud computing access control model attribute role access permission

ZTFLH:

TP309.2

Issue Date: 15 November 2017

	Service

	E-mail this article
	E-mail Alert
	RSS
	Articles by authors

	WANG Yuding
	YANG Jiahai

Cite this article:

WANG Yuding,YANG Jiahai. Data access control model based on data's role and attributes for cloud computing[J]. Journal of Tsinghua University(Science and Technology), 2017, 57(11): 1150-1158.

URL:

http://jst.tsinghuajournals.com/EN/10.16511/j.cnki.qhdxxb.2017.26.059 OR http://jst.tsinghuajournals.com/EN/Y2017/V57/I11/1150

[1]	Sandhu R, Coyne E J, Feinstein H L, et al. Role-based access control models[J]. IEEE Computer, 1996, 29(2):38-47.
[2]	Sandhu R, Bhamidipati V, Munawer Q. The ARBAC97 model for role-based administration of roles[J]. ACM Trans on Information and System Security, 1999, 2(1):105-135.
[3]	Gedare B, Rahul S. Hardware-enhanced distributed access enforcement for role-based access controls[C]//SACMAT'14. London, Canada:ACM, 2014:5-16.
[4]	Wouter K, Victor E. Sorting out role based access control.[C]//SACMAT'14. London, Canada:ACM, 2014:63-74.
[5]	王于丁, 杨家海, 徐聪, 等. 云计算访问控制研究综述[J]. 软件学报, 2015, 26(5):1129-1150.WANG Yuding, YANG Jiahai, XU Cong, et al. Survey on access control technologies for cloud computing[J]. Journal of Software, 2015, 26(5):1129-1150. (in Chinese)
[6]	Thomas P, Jean B, Jatinder S, et al. Data-centric access control for cloud computing[C]//SACMAT'16. Shanghai, China:ACM, 2016:81-88.
[7]	Eric Y, Jin T. Attributed based access control (ABAC) for web service[C]//Proceedings of the IEEE International Conference on Web Services. Orlando, FL, USA:IEEE, 2005:561-569.
[8]	Jin X, Krishnan R, Sandhu R. A unified attribute-based access control model covering DAC, MAC, and RBAC[C]//The 26Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy. Berlin, Germany:Springer, 2012:41-55.
[9]	Huang J W, David M N, Rakesh B, et al. A framework integrating attribute-based policies into role-based access control[C]//SACMAT'12. Newark, New Jersey:ACM, 2012:187-199.
[10]	Joshi J, Bertino E, Latif U, et al. A generalized temporal role-based access control model[J]. IEEE Trans on Knowledge and Data Engineering, 2005, 17(1):4-23.
[11]	Ray I, Kumar M, Yu L. LRBAC:A location-aware role-based access control model[C]//Proc of the Second Int Conf on Information Systems Security. Berlin, Germany:Springer, 2006:147-161.
[12]	Ei E M, Thinn T N. The privacy-aware access control system using attribute-and role-based access control in private cloud[C]//20114th IEEE IC-BNMT. Shenzhen, China:IEEE, 2011:447-451.
[13]	李凤华, 熊金波. 复杂网络环境下访问控制技术[M]. 北京:人民邮电出版社, 2015.LI Fenghua, XIONG Jinbo. Access Control Technology for Complex Network Environment[M]. Beijing:Posts & Telecom Press, 2015. (in Chinese)
[14]	林果园, 贺珊, 黄皓, 等. 基于行为的云计算访问控制安全模型[J]. 通信学报, 2012, 33(3):59-66.LIN Guoyuan, HE Shan, HUANG Hao, et al. Access control security model based on behavior in cloud computing environment[J]. Journal on Communications, 2012, 33(3):59-66. (in Chinese)
[15]	常玲霞, 王凤英, 赵连军, 等. CT-RBAC:一个云计算环境下的访问控制模型[J]. 微电子学与计算机, 2014, 31(6):152-157.CHANG Lingxia, WANG Fengying, ZHAO Lianjun, et al. CT-RBAC:An access control model in cloud computing[J]. Microelectronics & Computer, 2014, 31(6):152-157. (in Chinese) url: http://dx.doi.org/electronics
[16]	Xin J, Ram K, Ravi S. Role and attribute based collaborative administration of intra-tenant cloud iaas[C]//10th IEEE International Conference on Collaborative Computing:Networking, Applications and Worksharing. Miami, FL, USA:IEEE, 2014:261-274.
[17]	Bo T, Qi L, Ravi S. A mulit-tenant RBAC model for collaborative cloud services[C]//2013 Eleventh Annual Conference on Privacy, Security and Trust (PST). Tarragona, Spain:IEEE, 2013:229-238.
[18]	Dancheng L, Cheng L, Qiang W, et al. RBAC-based access control for saas systems[C]//20102nd International Conference on Information Engineering and Computer Science. Wuhan, China:IEEE, 2010:1-4.
[19]	Li N, Tripunitara M. Security analysis in role based access control[J]. ACM Trans on Information and System Secruity, 2006, 9(4):391-420.
[20]	王婷. 面向授权管理的资源管理模型研究[D]. 郑州:中国人民解放军信息工程大学, 2011.WANG Ting. Research on Resource Management Model Oriented to Authorization Management[D]. Zhengzhou:PLA Information Engineering University, 2011. (in Chinese)

[1]	CAO Laicheng, LI Yuntao, WU Rong, GUO Xian, FENG Tao. Multi-key privacy protection decision tree evaluation scheme[J]. Journal of Tsinghua University(Science and Technology), 2022, 62(5): 862-870.
[2]	LI Qing, FAN Yiping, LI Dachuan, JIANG Xin, LIU Enyu, CHEN Jia. Architecture of a microservice-based flight management system simulation[J]. Journal of Tsinghua University(Science and Technology), 2020, 60(7): 589-596.
[3]	WANG Kai, LIU Ronghua, WEI Jiahua, LIU Qi, WANG Guangqian. Model integration methods in the hydro-modeling platform (HydroMP) based on cloud computing[J]. Journal of Tsinghua University(Science and Technology), 2019, 59(12): 1006-1015.
[4]	XUE Yanguang, DENG Xiaomei, SU Guiliang. Reinsurance auction for surety bonds based on multi-attribute reverse auctions[J]. Journal of Tsinghua University(Science and Technology), 2018, 58(9): 841-848.
[5]	LI Taoshen, LIU Qing, HUANG Ruwei. Multi-user fully homomorphic encryption scheme based on proxy re-encryption for cloud computing[J]. Journal of Tsinghua University(Science and Technology), 2018, 58(2): 143-149.
[6]	CAO Laicheng, LIU Yufei, DONG Xiaoye, GUO Xian. User privacy-preserving cloud storage scheme on CP-ABE[J]. Journal of Tsinghua University(Science and Technology), 2018, 58(2): 150-156.
[7]	DONG Li, KONG Jiangping. Phonatory characteristics of the vibrato voice in Young woman roles in Kunqu Opera[J]. Journal of Tsinghua University(Science and Technology), 2017, 57(6): 625-630.
[8]	LIU Jinzhao, ZHOU Yuezhi, ZHANG Yaoxue. Wavelet-based approach for anomaly detection of online services in cloud computing systems[J]. Journal of Tsinghua University(Science and Technology), 2017, 57(5): 550-554.
[9]	LI Yu, ZHAO Yong, GUO Xiaodong, LIU Guole. An assurance model for accesscontrol on cloud computing systems[J]. Journal of Tsinghua University(Science and Technology), 2017, 57(4): 432-436.
[10]	LIU Yang, WEI Wei. Fast Nash bargaining algorithm for resource scheduling problems with a large number of media streaming channels[J]. Journal of Tsinghua University(Science and Technology), 2017, 57(10): 1056-1062.
[11]	XUE Yanguang, DENG Xiaomei, FENG Ke. Game analysis of reverse multiple attribute electronic bidding in construction markets for end users[J]. Journal of Tsinghua University(Science and Technology), 2016, 56(8): 836-843.
[12]	QIU Tong, CHEN Jincai, FANG Zhou. Molecular reconstruction model for petroleum fractions based on structure oriented lumping[J]. Journal of Tsinghua University(Science and Technology), 2016, 56(4): 424-429.
[13]	ZHANG Xu, WANG Shengjin. Attributed object detection based on natural language processing[J]. Journal of Tsinghua University(Science and Technology), 2016, 56(11): 1137-1142.
[14]	Ronghua LIU, Jiahua WEI, Yanzhang WENG, Guangqian WANG, Shuang TANG. HydroMP: A cloud computing based platform for hydraulic modeling and simulation service[J]. Journal of Tsinghua University(Science and Technology), 2014, 54(5): 575-583.
[15]	Zhihua WANG, Haibo PANG, Zhanbo LI. Access control for Hadoop-based cloud computing[J]. Journal of Tsinghua University(Science and Technology), 2014, 54(1): 53-59.

Viewed

Full text

Abstract

Cited

Shared

Discussed