面向IaaS云的TRSAC访问控制策略研究与实现  被引量:1

Task and Role-Based and Service-Oriented Access Control for IaaS in Cloud Computing

在线阅读下载全文

作  者:陶威[1,2] 赵波[1,2] 向騻[1,2] 李逸帆[1,2] 

机构地区:[1]武汉大学计算机学院,湖北武汉430072 [2]空天信息安全与可信计算教育部重点实验室,湖北武汉430072

出  处:《武汉大学学报(理学版)》2014年第5期377-385,共9页Journal of Wuhan University:Natural Science Edition

基  金:国家重点基础研究发展计划(973)项目(2014CB340600);国家自然科学基金重点项目(61332019);国家自然科学基金资助项目(61173138;61272452);湖北省重点新产品新工艺研究开发项目(2012BAA03004);湖北省企业合作项目(YB2012120174;YB2013110084)资助

摘  要:针对当前云计算基础设施服务资源访问越权问题,本文提出了一种基于任务和角色面向服务的访问控制(TRSAC)策略.该策略基于服务实例对工作流进行分解,细化授权对象的范围并结合角色信任规则计算交互实体的信任程度,动态授予角色权限,然后综合任务节点服务需求和访问角色安全等级,求解服务实体的最小授权单元,实现面向云计算基础设施服务(IaaS)层的访问控制策略.理论分析与实验结果表明,该方法虽少量增加了实时评估主客体安全属性的次数,但能较好地保证访问控制中的动态授权原则和最小授权原则,有效地增强了云计算基础设施服务整体的安全性.In order to solve the security problems of accessing to the resources in IaaS (infrastructure as a service), a access control strategy is designed based on task and role based and service oriented (TRSAC) in this paper. In this strategy , firstly the workflow is decomposed based on service instances to refine the granularity of authorized objects . Then according to the trusted role rules, the trusted level of the interactive entities can be computed in order to grant rights to the role dynamically. Finally, the minimum authorized units are computed by combining task nodes' security attribution with accessing roles' secur ty level . Thereby the fine-grained access control in dynamic environ ment can be realized. Theoretical analysis and experimental results show that although the mechanism marginally add the times of real-time assessment to the subject and the object security properties, it can grantee the principle of dynamic authorization and minimum authorization , thus the security of IaaS is enhanced effectively.

关 键 词:云计算 基础设施服务 动态授权 最小授权 访问控制 

分 类 号:TP309[自动化与计算机技术—计算机系统结构]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象