LI Yu , ZHAO Yong , GUO Xiaodong , LIU Guole . An assurance model for accesscontrol on cloud computing systems[J]. Journal of Tsinghua University(Science and Technology), 2017 , 57(4) : 432 -436 . DOI: 10.16511/j.cnki.qhdxxb.2017.25.017

[1] 俞能海, 郝卓, 徐甲甲, 等. 云安全研究进展综述[J]. 电子学报, 2013, 41(2): 371-381.YU Nenghai, HAO Zhuo, XU Jiajia, et al. Review of cloud computing security[J]. Acta Electronica Sinica, 2013, 41(2):371-381. (in Chinese) [2] Gentry C. Fully homomorphic encryption using ideal lattices[C]//Symposium on Theory of Computing, STOC 2009. New York, USA: ACM, 2009: 169-178. [3] Dijk M V, Gentry C, Halevi S, et al. Fully homomorphic encryption over the integers[C]//Advances in Cryptology- EUROCRYPT 2010: 29th Annual International Conference on the Theory and Applications of Cryptographic Techniques. Berlin, Germany: Springer, 2010: 24-43. [4] Gentry C. A Fully Homomorphic Encryption Scheme[D]. Palo Alto, USA: Stanford University, 2009. [5] Amazon. Amazon simple storage service . (2012-10-07). http://aws.amazon.com/s3/. [6] Amazon. Amazon elastic block storage. (2012-10-07). http://aws.amazon.com/ebs/. [7] Hao F, Lakshman T V, Mukherjee S, et al. Secure cloud computing with a virtualized network infrastructure[C]//Usenix Conference on Hot Topics in Cloud Computing. Berkeley, USA: USENIX Association, 2010: 57-61. [8] Oberheide J, Cooke E, Jahanian F. Cloud AV: N-version antivirus in the network cloud[C]//Proceedings of the 17th Conference on Security Symposium. Berkeley, USA: USENIX Association, 2008: 91-106. [9] Yu S, Wang C, Ren K, et al. Achieving secure, scalable, and fine-grained data access control in cloud computing[C]//Proceedings of the IEEE INFOCOM 2010. San Diego, USA: IEEE, 2010: 1-9. [10] Wang G, Liu Q, Wu J. Hierarchical attribute-based encryption for fine-grained access control in cloud storage services[C]//Proceedings of the 2010 ACM Conference on Computer & Communications Security. New York, USA: ACM, 2010: 735-737. [11] 赵勇, 刘吉强, 韩臻, 等. 信息泄露防御模型在企业内网安全中的应用[J]. 计算机研究与发展, 2007, 44(5): 761-767.ZHAO Yong, LIU Jiqiang, HAN Zhen, et al. The application of information leakage defense model in enterprise intranet security[J]. Journal of Computer Research and Development, 2007, 44(5): 761-767. (in Chinese) [12] 石文昌, 孙玉芳, 梁洪亮. 经典BLP安全公理一种适应性标记实施方法及其正确性[J]. 计算机研究与发展, 2001, 38(11): 1366-1372.SHI Wenchang, SUN Yufang, LIANG Hongliang. An adaptable labeling enforcement approach and its correctness for the classical BLP security axioms[J]. Journal of Computer Research and Development, 2001, 38(11): 1366-1372. (in Chinese) [13] 郑志蓉, 蔡谊, 沈昌祥. 操作系统安全结构框架中应用类通信安全模型的研究[J]. 计算机研究与发展, 2005, 42(2): 322-328.ZHENG Zhirong, CAI Yi, SHEN Changxiang. Research on an application class communication security model on operating system security framework[J]. Journal of Computer Research and Development, 2005, 42(2): 322-328. (in Chinese) [14] Bell D E, La Padula L J. Secure Computer System: Unified Exposition and Multics Interpretation. Technical Report ESD-TR-75-306[R]. Bedford, USA: Electronic Systems Division, 1977. [15] Biba K J. Integrity Considerations for Secure Computer Systems. Technical Report ESD-TR-76-372[R]. Bedford, USA: Electronic Systems Division, 1977. [16] Chadwick D W, Otenko A. The PERMIS X.509 role based privilege management infrastructure[J]. Future Generation Computer Systems, 2003, 19(2): 277-289. [17] Nochta Z, Ebinger P, Abeck S. PAMINA: A certificate based privilege management system[C]//Proceedings of Network and Distributed System Security Symposium Conference, 2002. San Diego, USA: NDSS, 2002. [18] Osborn S. Configuring role-based access control to enforce mandatory and discretionary access control policies[J]. ACM Transactions on Information & System Security, 2000, 3(2): 85-106. [19] Jansen W A. A Revised Model for Role-based Access Control[R]. Gaithersburg, Maryland: NISTIR 6192, National Institute of Standards and Technology (NIST), 1998. [20] Ahn G J. Role-based Authorization Constraints Specification[M]. Berlin Heidelberg, Germany: Springer, 2010. [21] Park J S, Sandhu R, Ahn G J. Role-based access control on the web[J]. ACM Transactions on Information & System Security, 2001, 4(1): 37-71. [22] Sandhu R, Park J. Usage Control: A Vision for Next Generation Access Control[M]. Berlin Heidelberg, Germany: Springer, 2003. [23] Park J, Sandhu R. Towards usage control models: Beyond traditional access control[C]//Proceedings of the 7th ACM Symposium on Access Control Models and Technologies. New York, USA: ACM Press, 2002: 57-64. [24] Park J, Sandhu R. The UCON ABC usage control model[J]. ACM Transactions on Information & System Security, 2004, 7(1): 128-174. [25] Zhang X, Park J, Parisi-Presicce F, et al. A logical specification for usage control[C]//Proceedings of the 9th ACM Symposium on Access Control Models and Technologies. New York, USA: ACM, 2004: 2-12. [26] Park J, Sandhu R. Originator control in usage control[C]//International Workshop on Policies for Distributed Systems and Networks, 2002. Monterey, USA: IEEE, 2002: 60-66. [27] 胡浩, 冯登国, 秦宇, 等. 分布式环境下可信使用控制实施方案[J]. 计算机研究与发展, 2011, 48(12): 2201-2211.HU Hao, FENG Dengguo, QIN Yu, et al. An approach of trusted usage control in distributed environment[J]. Journal of Computer Research and Development, 2011, 48(12): 2201-2211. (in Chinese) [28] 初晓博, 秦宇. 一种基于可信计算的分布式使用控制系统[J]. 计算机学报, 2010, 33(1): 93-102.CHU Xiaobo, QIN Yu. A distributed usage control system based on trusted computing[J]. Chinese Journal of Computers, 2010, 33(1): 93-102. (in Chinese) [29] 洪帆, 崔永泉, 崔国华, 等. 多域安全互操作的可管理使用控制模型研究[J]. 计算机科学, 2006, 33(3): 38-47.HONG Fan, CUI Yongquan, CUI Guohua, et al. Administrative usage control model for secure interoperability between administrative domains[J]. Computer Science, 2006, 33(3): 38-47. (in Chinese) [30] Chiueh T C, Sankaran H, Neogi A. Spout: A transparent distributed ution engine for Java applets[C]//Proceedings of the 20th International Conference on Distributed Computing Systems (ICDCS' 00). Taipei, China: IEEE, 2000: 394-401. [31] Malkhi D, Reiter M K. Secure ution of Java applets using a remote playground[C]//Proceedings of IEEE Symposium on Security and Privacy, 1998. Oakland, USA: IEEE, 2000: 40-51. [32] Kamp P H, Watson R N. Jails: Confining the omnipotent root[C]//Proceedings of the 2nd International System Administration and Network Engineering Conference (SANE'00). Maastricht, The Netherlands: USENIX, 2000: 1-15. [33] Evan S. Securing free BSD using jail[J]. Syst Admin, 2001, 10(5): 31-37. [34] Price D, Tucker A. Solaris zones: Operating system support for consolidating commercial workloads[C]//Proceedings of the 18th Large Installation System Administration Conference (LISA'04). Atlanta, USA: USENIX, 2004: 241-254. [35] Tucker A, Comay D. Solaris zones: Operating system support for server consolidation[C]//Proceedings of the 3rd Virtual Machine Research and Technology Symposium (VM'04). San Jose, USA: USENIX, 2004: 1-2.