Research on Multicloud Access Control Policy Integration Framework  

作　　者：Peng Zhao Lifa Wu Zheng Hong He Sun 

机构地区：[1]Command&Control Engineering College,Army Engineering University of PLA,Nanjing 210007,China [2]School of Computer Science,Nanjing University of Posts and Telecommunications,Nanjing 210023,China [3]PANDA Electronics Group Co.,Ltd.,Nanjing 210014,China

出　　处：《China Communications》2019年第9期222-234,共13页中国通信（英文版）

基　　金：supported by National Key R&D Program of China (2017YFB0802900);NUPTSF (No. NY219004)

摘　　要：Multicloud access control is important for resource sharing and security interoperability across different clouds,and heterogeneity of access control policy is an important challenge for cloud mashups.XACML is widely used in distributed environment as a declaratively fine-grained,attribute-based access control policy language,but the policy integration of XACML lacks formal description and theory foundation.Multicloud Access Control Policy Integration Framework(MACPIF)is proposed in the paper,which consists of Attribute-based Policy Evaluation Model(ABPEM),Four-value Logic with Completeness(FLC)and Four-value Logic based Policy Integration Operators(FLPIOs).ABPEM evaluates access control policy and extends XACML decision to four-value.According to policy decision set and policy integration characteristics,we construct FLC and define FLPIOs including Intersection,Union,Difference,Implication and Equivalence.We prove that MACPIF can achieve policy monotonicity,functional completeness,canonical suitability and canonical completeness.Analysis results show that this framework can meet the requirements of policy integration in Multicloud.Multicloud access control is important for resource sharing and security interoperability across different clouds, and heterogeneity of access control policy is an important challenge for cloud mashups. XACML is widely used in distributed environment as a declaratively fine-grained, attribute-based access control policy language, but the policy integration of XACML lacks formal description and theory foundation. Multicloud Access Control Policy Integration Framework(MACPIF) is proposed in the paper, which consists of Attribute-based Policy Evaluation Model(ABPEM), Four-value Logic with Completeness(FLC) and Four-value Logic based Policy Integration Operators(FLPIOs).ABPEM evaluates access control policy and extends XACML decision to four-value. According to policy decision set and policy integration characteristics, we construct FLC and define FLPIOs including Intersection, Union,Difference, Implication and Equivalence. We prove that MACPIF can achieve policy monotonicity,functional completeness, canonical suitability and canonical completeness. Analysis results show that this framework can meet the requirements of policy integration in Multicloud.

关 键 词：Multicloud ACCESS CONTROL policyintegration four-value LOGIC 

分 类 号：TP3[自动化与计算机技术—计算机科学与技术]