云计算环境基于客体属性匹配的逆向混合访问控制方案  被引量：13

作　　者：葛丽娜[1,2,3] 胡雨谷 张桂芬 陈园园 GE Lina;HU Yugu;ZHANG Guifen;CHEN Yuanyuan(School of Artificial Intelligence,Guangxi University for Nationalities,Nanning Guangxi 530006,China;Key Laboratory of Network Communication Engineering,Guangxi University for Nationalities,Nanning Guangxi 530006,China;Guangxi Key Laboratory of Hybrid Computation and IC Design Analysis,Nanning Guangxi 530006,China)

机构地区：[1]广西民族大学人工智能学院,南宁530006 [2]广西民族大学网络通信工程重点实验室,南宁530006 [3]广西混杂计算与集成电路设计分析重点实验室,南宁530006

出　　处：《计算机应用》2021年第6期1604-1610,共7页journal of Computer Applications

基　　金：国家自然科学基金资助项目(61862007);广西自然科学基金资助项目(2018GXNSFAA138147,2018GXNSFAA281269)。

摘　　要：云计算提高了大数据的使用、分析和管理的效率,但也给数据贡献者带来了对云服务的数据安全及隐私信息泄露的担忧。针对这个问题,结合了基于角色的访问控制、基于属性的访问控制方法并采用了下一代访问控制的体系结构,提出了云计算环境下的基于客体属性匹配的逆向混合访问控制方法。首先,数据贡献者设置共享文件访问权限级别,逆向规定了访问客体的最低权值;然后,采用变异系数加权的方法直接计算各属性的权值,取消了以属性为中心的基于角色的访问控制中策略规则匹配的过程;最后,把数据贡献者对数据文件设定的权限值定为数据访问者被允许访问的阈值,这样既实现了数据访问控制,又保障了对隐私数据的保护。实验结果表明,随着访问次数的增多,所提方法对恶意行为、权限不足行为等的判断基准趋于稳定,检测能力越来越强,成功率趋于一个较为平稳的水平。该方法在用户访问数量较大的环境下相较传统的访问控制方法能够实现更高的决策效率,验证了所提方法的有效性和可行性。Cloud computing improves the efficiency of the use,analysis and management of big data,but also brings the worry of data security and private information disclosure of cloud service to the data contributors.To solve this problem,combined with the role-based access control,attribute-based access control methods and using the architecture of next generation access control,a reverse hybrid access control method based on object attribute matching in cloud computing environment was proposed.Firstly,the access right level of the shared file was set by the data contributor,and the minimum weight of the access object was reversely specified.Then,the weight of each attribute was directly calculated by using the variation coefficient weighting method,and the process of policy rule matching in the attribute centered role-based access control was cancelled.Finally,the right value of the data contributor setting to the data file was used as the threshold for the data visitor to be allowed to access,which not only realized the data access control,but also ensured the protection of private data.Experimental results show that,with the increase of the number of visits,the judgment standards of the proposed method for malicious behaviors and insufficient right behaviors tend to be stable,the detection ability of the method becomes stronger and stronger,and the success rate of the method tends to a relatively stable level.Compared with the traditional access control methods,the proposed method can achieve higher decision-making efficiency in the environment of large number of user visits,which verifies the effectiveness and feasibility of the proposed method.

关 键 词：访问控制 权值计算 访问策略 数据共享 云计算 

分 类 号：TP393.08[自动化与计算机技术—计算机应用技术]