检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
作 者:马星晨 朱建涛[1] 邵婧[1] 刘明达[1] MA Xing-chen;ZHU Jian-tao;SHAO Jing;LIU Ming-da(Jiangnan Institute of Computing Technology,Wuxi 214083,China)
出 处:《计算机技术与发展》2018年第9期118-122,共5页Computer Technology and Development
基 金:国家核高基重大专项(2013ZX01029002-001);国家重点研发计划战略高技术重点专项(17-H863-01-ZT-004-009-01)
摘 要:随着网络规模与开放程度的不断加大,传统的基于属性的访问控制模型(attribute-based access control,ABAC)在实际应用中存在着中心节点负担过大,决策过程安全风险较高等问题。为了更好地提升基于属性的访问控制模型的安全性,且满足大规模分布式网络环境下的应用条件,提出了一种基于属性的去中心化访问控制模型(decentralized attributebased access control,DABAC)。在基于属性的访问控制模型的基础上对访问控制模型进行扩展,通过权益证明和证据链条的方式,实现了去中心化的决策方式,进一步提升了决策支持库和访问记录的安全性,增加了访问决策的可信性。相比于传统的访问控制模型,DABAC模型具有更高的安全性、灵活性和容错性,通过更加安全的访问请求决策和更加详细的访问过程记录,更好地保护了客体资源。With increasing of Internet scale and openness significantly,the traditional attribute-based access control model (ABAC) hasmany problems in practical application,such as excessive burden of central nodes and high security risk in decision-making process. Inorder to enhance the security of ABAC model and satisfy the conditions of applications in the large scale distributed network environ-ment,we propose a decentralized attribute-based access control model (DABAC). The access control model is extended according tothat based on attribute,through proof of stake and evidence chain to achieve decentralized decision,further improving the security of deci-sion support libraries and access records,increasing the credibility of access decision. Compared with the traditional access control model,DABAC has better security,flexibility and fault tolerance. By providing more secure access decisions and more accurate access records,the object is protected better.
关 键 词:访问控制 去中心化 安全决策 权益证明 证据链条
分 类 号:TP309[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.7
