一种基于角色和属性的云计算数据访问控制模型

王于丁; 杨家海

doi:10.16511/j.cnki.qhdxxb.2017.26.059

PDF(1236 KB)

清华大学学报（自然科学版） ›› 2017, Vol. 57 ›› Issue (11) : 1150-1158. DOI: 10.16511/j.cnki.qhdxxb.2017.26.059

计算机科学与技术

一种基于角色和属性的云计算数据访问控制模型

王于丁, 杨家海

作者信息 +

Data access control model based on data's role and attributes for cloud computing

WANG Yuding, YANG Jiahai

Author information +

文章历史 +

摘要

云计算具有开放性、共享性和弹性等特点，这使得传统的访问控制模型不再适应云计算中大规模用户对海量数据灵活动态的访问控制。针对这一不足，该文从云计算实体的属性角度出发，提出一种基于角色和属性的云计算数据访问控制模型，该模型在基于角色的访问控制模型基础上为相关实体引入了属性元素，用户能够通过自身和所在租户的属性及当前的状态分配角色，从而访问不同属性的数据；对该模型进行了详细的设计，阐述了工作流程，并做了安全性证明和综合分析。结果表明：该模型能够在云计算环境下，为用户访问数据提供动态、安全、细粒度的访问控制保障。

Abstract

The key cloud computing characteristics, such as data openness, elasticity, and sharing, complicate data access control. Traditional access control models cannot provide flexible, dynamic access control to large numbers of users with massive data files. This paper presents a data access control model based on the data's role and attribute for cloud computing. An attribute element is assigned to the data to provide role-based access control so that users can be assigned roles based on their own attributes and the tenant's attributes and current status, and can access data with different attributes. The paper illustrates the design of this model and the work processes and provides a theoretical security analysis. The results show that the model can provide dynamic, safe, fine-grained access control for users accessing data in a cloud environment.

导出引用

王于丁, 杨家海. 一种基于角色和属性的云计算数据访问控制模型[J]. 清华大学学报（自然科学版）. 2017, 57(11): 1150-1158 https://doi.org/10.16511/j.cnki.qhdxxb.2017.26.059

WANG Yuding, YANG Jiahai. Data access control model based on data's role and attributes for cloud computing[J]. Journal of Tsinghua University(Science and Technology). 2017, 57(11): 1150-1158 https://doi.org/10.16511/j.cnki.qhdxxb.2017.26.059

中图分类号： TP309.2

参考文献

[1] Sandhu R, Coyne E J, Feinstein H L, et al. Role-based access control models[J]. IEEE Computer, 1996, 29(2):38-47.[2] Sandhu R, Bhamidipati V, Munawer Q. The ARBAC97 model for role-based administration of roles[J]. ACM Trans on Information and System Security, 1999, 2(1):105-135.[3] Gedare B, Rahul S. Hardware-enhanced distributed access enforcement for role-based access controls[C]//SACMAT'14. London, Canada:ACM, 2014:5-16.[4] Wouter K, Victor E. Sorting out role based access control.[C]//SACMAT'14. London, Canada:ACM, 2014:63-74.[5] 王于丁, 杨家海, 徐聪, 等. 云计算访问控制研究综述[J]. 软件学报, 2015, 26(5):1129-1150.WANG Yuding, YANG Jiahai, XU Cong, et al. Survey on access control technologies for cloud computing[J]. Journal of Software, 2015, 26(5):1129-1150. (in Chinese)[6] Thomas P, Jean B, Jatinder S, et al. Data-centric access control for cloud computing[C]//SACMAT'16. Shanghai, China:ACM, 2016:81-88.[7] Eric Y, Jin T. Attributed based access control (ABAC) for web service[C]//Proceedings of the IEEE International Conference on Web Services. Orlando, FL, USA:IEEE, 2005:561-569.[8] Jin X, Krishnan R, Sandhu R. A unified attribute-based access control model covering DAC, MAC, and RBAC[C]//The 26Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy. Berlin, Germany:Springer, 2012:41-55.[9] Huang J W, David M N, Rakesh B, et al. A framework integrating attribute-based policies into role-based access control[C]//SACMAT'12. Newark, New Jersey:ACM, 2012:187-199.[10] Joshi J, Bertino E, Latif U, et al. A generalized temporal role-based access control model[J]. IEEE Trans on Knowledge and Data Engineering, 2005, 17(1):4-23.[11] Ray I, Kumar M, Yu L. LRBAC:A location-aware role-based access control model[C]//Proc of the Second Int Conf on Information Systems Security. Berlin, Germany:Springer, 2006:147-161.[12] Ei E M, Thinn T N. The privacy-aware access control system using attribute-and role-based access control in private cloud[C]//20114th IEEE IC-BNMT. Shenzhen, China:IEEE, 2011:447-451.[13] 李凤华, 熊金波. 复杂网络环境下访问控制技术[M]. 北京:人民邮电出版社, 2015.LI Fenghua, XIONG Jinbo. Access Control Technology for Complex Network Environment[M]. Beijing:Posts & Telecom Press, 2015. (in Chinese)[14] 林果园, 贺珊, 黄皓, 等. 基于行为的云计算访问控制安全模型[J]. 通信学报, 2012, 33(3):59-66.LIN Guoyuan, HE Shan, HUANG Hao, et al. Access control security model based on behavior in cloud computing environment[J]. Journal on Communications, 2012, 33(3):59-66. (in Chinese)[15] 常玲霞, 王凤英, 赵连军, 等. CT-RBAC:一个云计算环境下的访问控制模型[J]. 微电子学与计算机, 2014, 31(6):152-157.CHANG Lingxia, WANG Fengying, ZHAO Lianjun, et al. CT-RBAC:An access control model in cloud computing[J]. Microelectronics & Computer, 2014, 31(6):152-157. (in Chinese)[16] Xin J, Ram K, Ravi S. Role and attribute based collaborative administration of intra-tenant cloud iaas[C]//10th IEEE International Conference on Collaborative Computing:Networking, Applications and Worksharing. Miami, FL, USA:IEEE, 2014:261-274.[17] Bo T, Qi L, Ravi S. A mulit-tenant RBAC model for collaborative cloud services[C]//2013 Eleventh Annual Conference on Privacy, Security and Trust (PST). Tarragona, Spain:IEEE, 2013:229-238.[18] Dancheng L, Cheng L, Qiang W, et al. RBAC-based access control for saas systems[C]//20102nd International Conference on Information Engineering and Computer Science. Wuhan, China:IEEE, 2010:1-4.[19] Li N, Tripunitara M. Security analysis in role based access control[J]. ACM Trans on Information and System Secruity, 2006, 9(4):391-420.[20] 王婷. 面向授权管理的资源管理模型研究[D]. 郑州:中国人民解放军信息工程大学, 2011.WANG Ting. Research on Resource Management Model Oriented to Authorization Management[D]. Zhengzhou:PLA Information Engineering University, 2011. (in Chinese)

PDF(1236 KB)

Accesses

Citation

Detail

段落导航

收稿日期	出版日期
2017-05-11	2017-11-15
发布日期
2017-11-15

选择文件类型/文献管理软件名称

选择包含的内容

摘要

Abstract

关键词

Key words

引用本文

{{custom_sec.title}}

{{custom_sec.title}}

参考文献

访问统计

模态框（Modal）标题

选择文件类型/文献管理软件名称

选择包含的内容

摘要

Abstract

关键词

Key words

引用本文

{{custom_sec.title}}

{{custom_sec.title}}

参考文献

访问统计