摘要
在云计算环境中,访问控制策略是保障云用户与云资源/服务安全的有效手段。本文在分析云计算安全特点的基础上,将信任度的概念引入基于角色的访问控制策略,并结合云计算环境存在多个安全管理域的特点,给出了信任度在本地域以及跨域的计算方法,提出基于信任度的多域访问控制框架。本地域的访问控制策略在RBAC的基础上引入信任度进行实施,而跨域的访问控制会涉及到角色转换。文章在基于信任的RBAC模型中,提出一种灵活的通过角色关联和动态角色转换实现跨域访问控制的方法。
In cloud computing, access control is an effective measure in protecting the user and cloud computing services or resources. Based on the characteristics of cloud computing security, trust is introduced into role-based access control model. A new calculation method of trust in cloud computing is proposed and the difference between intro-domain trust and inter-domain trust is analyzed. In addition, a novel access control framework combined with trust degree in multi-domain is given from this proposal. Access control policy in local domain directly applies RBAC model combined with trust degree, whereas in multi-domain it contains the conception of role transition. A multi-domain access control method is developed in the trust based RBAC model through role association and dynamic role translation.
基金
国家自然科学基金项目资助(51104157)
中国博士后科学基金(20100481181)
教育部博士学科点专项科研基金(20110095120008)
关键词
云计算
信任
多域
访问控制
角色转换
cloud computing
trust
multi-domain
access control
role translation
