面向SaaS隐私保护的自适应访问控制方法  

作　　者：范大娟[1,2] 黄志球[2] 曹彦 FAN Da-juan;HUANG Zhi-qiu;CAO Yan(School of Computer Engineering,Nanjing Institute of Technology,Nanjing 211167,China;College of Computer Science and Technology,Nanjing University of Aeronautics and Astronautics,Nanjing 210016,China)

机构地区：[1]南京工程学院计算机工程学院,南京211167 [2]南京航空航天大学计算机科学与技术学院,南京210016

出　　处：《吉林大学学报（工学版）》2023年第10期2897-2908,共12页Journal of Jilin University:Engineering and Technology Edition

基　　金：国家自然科学基金项目(61802174);江苏省自然科学基金项目(BK20210928,BK20181016);河南省高等学校重点科研项目(22A520040);河南省科技攻关项目(222102210048);南京工程学院校级科研基金项目(CKJB201906)。

摘　　要：针对现有访问控制方法未针对云计算隐私保护特征且缺少动态隐私授权机制,无法在运行过程中自适应保护隐私数据的不足,通过对基于角色的访问控制(RBAC)模型进行信任度和隐私使用行为扩展,提出了一种面向云计算SaaS层隐私保护的访问控制模型TBRBAC。在此基础上,提出了一种SaaS服务信任度评估和动态更新机制,给出了基于TBRBAC(Trust and Behavior based RBAC)模型的自适应隐私访问控制系统的体系结构、执行流程以及授权分析算法,讨论了自适应访问控制流程的合理性,并通过实例分析和实验验证说明了本文方法的可行性和有效性。该方法能够实现运行时动态隐私授权及细粒度的隐私访问控制,增强了云计算环境下隐私数据的安全保护。Aiming at the problem that the existing access control methods do not consider the features of cloud computing privacy protection,lack dynamic privacy authorization mechanism,and thus can not protect privacy data adaptively in the running process,an access control model TBRBAC for SaaS layer privacy protection in cloud computing is proposed by extending RBAC model with the trust degree and privacy use behavior.On this basis,a trust degree evaluation and dynamic update mechanism for SaaS services is proposed.Then,the architecture of adaptive privacy access control system based on TBRBAC model,its execution process and authorization analysis algorithm are given.The rationality of the adaptive access control process is also discussed.Finally,the feasibility and effectiveness of this method are illustrated by example analysis and experimental verification.This method can achieve dynamic privacy authorization and fine-grained privacy access control at run-time,and enhance the security protection of private data in cloud computing environment.

关 键 词：计算机软件 云计算 SAAS服务 访问控制 隐私保护 自适应 

分 类 号：TP311[自动化与计算机技术—计算机软件与理论]