检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]广东工业大学计算机学院,广东广州510006
出 处:《计算机应用与软件》2014年第7期9-12,17,共5页Computer Applications and Software
基 金:国家自然科学基金项目(60970054;61173094)
摘 要:混合云计算环境下,服务资源组合灵活、迁移频繁,资源之间的访问授权不易建立与维护。采用传统的访问控制机制对跨域资源进行授权,存在性能瓶颈与共谋攻击等问题。在研究混合云架构的基础上,提出一种基于XACML属性协商机制的混合云跨域资源访问控制方案。采用XACML架构作为跨域资源间授权访问模型,为细粒度的资源授权访问提供支持。在该模型基础上,通过属性协商策略推理引擎对协商属性进行扩展,提高协商效率。采用树状结构的XML语言描述协商策略,便于进行属性授权推理。针对协商推理过程中产生的属性暴露树结构,设计协商策略剪枝算法。最后,通过实验验证方案的可行性和高效性。In hybrid cloud computing environment, the services resource are combined flexibly and migrated in domains frequently, the access authorisation between services resources is hard to be established and maintained. Traditional access control mechanism for authorising the cross-domain resources will cause some problems, such as performance bottleneck and collusion attacks. In this paper, we propose an access control solution for cress-domain resources in hybrid cloud computing environment. "By adopting XACML architecture as the authorised access model between the cross-domain resources, it provides the support for fine-grained resources authorised access. And based on this model, we expand the negotiation attributes by reasoning engine of attributes negotiation policy for promoting the negotiation efficiency. To facilitate the attribute authorisation reasoning, we describe the negotiation policy by XML with tree structure. For the attributes disclosure tree structure generated in negotiation reasoning process, we design the negotiation policy prune algorithm. At last, the feasibility and high efficiency of this scheme are verified through experiment.
分 类 号:TP309[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.15