一种新的访问控制策略描述语言及其权限划分方法  被引量：13

作　　者：罗杨 沈晴霓[1] 吴中海[1,2] LUO Yang;SHEN Qing-Ni;WU Zhong-Hai(School of Software and Microelectronics,Peking University,Beijing 102600;National Engineering Research Center for Software Engineering,Peking University,Beijing 100871)

机构地区：[1]北京大学软件与微电子学院,北京102600 [2]北京大学软件工程国家工程研究中心,北京100871

出　　处：《计算机学报》2018年第6期1189-1206,共18页Chinese Journal of Computers

基　　金：国家自然科学基金(61232005;61672062);国家"八六三"高技术研究发展(2015AA016009)资助~~

摘　　要：云平台RESTful接口往往暴露在Internet上,为保证云资源的安全,防止数据泄露和非授权访问,必须实施安全策略对这些接口进行访问控制.然而,目前RESTful接口缺乏统一的访问控制策略描述语言及相应的权限划分机制.这导致两个问题:(1)用户不得不学习不同的策略语言来管理不同云平台上的权限;(2)云服务提供商缺乏对RESTful接口的细粒度的访问控制,不符合最小特权原则.对此,该文提出了一种新的访问控制策略描述语言.该语言定义了RESTful的标准请求格式,从而可以直接从一个RESTful请求中构造样本策略,为RESTful接口访问控制提供语法一致的策略语言.在该语言的基础上,进而提出了一种基于遗传算法的RESTful权限划分方法,采用2维矩阵表示一个权限划分,并作为遗传算法的种群个体.接着定义了选择算子、变异算子和交叉算子,提出了权限划分的三个原则:分类个数、测试用例覆盖、权限重叠,并设计适应度函数.该文基于OpenStack云平台给出了策略语言评估机制的参考实现,验证了方法的可行性.实验结果表明,相比OpenStack原有策略,该文策略评估开销降低了19.4%.在学习成本方面,与XACML策略语言相比,该文策略能够减少策略管理员41.6%的策略设计成本.该文的权限划分方法可以产生符合用户预期、可理解的划分结果,从而为云服务提供商进行权限划分提供指导.Cloud computing platforms usually employ representational state transfer（REST）interfaces to expose their services to the Internet,including computing service,storage service,network service,etc.To avoid data leak and unauthorized access,service providers prefer to control the access to the cloud interface through security policy enforcement.However,there is no widely-accepted standard for the authorization of the cloud public interfaces,including the security policy language and corresponding permission classification method.In a cloud,besides the cloud provider,the tenants can modify his own policy too.Without a unified authorization language,the tenants have to learn and design different security policies if they want to use multiple clouds.To address this issue,in this paper,we propose a novel access control language to control the access to a cloud interface.An automatic policy generation algorithm is proposed toautomatically generate access control policies from the cloud requests.It reduces the human intervention in the policy design process.The generated policy can be used to assign permissions to certain groups or roles for fine-grained access control.So that when one administrator account is compromised,the adversary can only utilize the permissions that are assigned to that administrator,which reduces the attack surface.A permission classification method based on matrix operations is proposed to solve the permission classification issue.The integration test is an important input of our algorithm.The dependency on the integration test will not affect our method＇s applicability.Because nowadays,most of the large-scale software like a cloud platform is already shipped with a complete integration test set.Our permission classification method supports three goals：expected number of classification groups,the coverage of the original management tasks and the number of permission overuse.The expected number of classification groups can be customized by the cloud provider.The coverage of original managem

关 键 词：云安全 权限管理 权限划分 权限分析 授权策略 云计算 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]