基于属性的云存储访问控制系统的设计与实现
Design and Implementation of an Attribute Based Access Control System for Cloud Storage
摘要:
本文针对云存储应用的安全访问需求,以及目前适用于云存储环境的基于属性的方案,设计和实现了一种基于属性的云存储系统访问控制机制:EncFS。EncFS是基于fuse的用户态文件系统,权限鉴别建立在Linux系统对用户的划分基础上,将用户的身份信息作为属性进行访问控制,不需要输入口令,从而简化了对身份和口令的管理和存储,实现了云存储下的细粒度访问控制,解决了大规模用户动态扩展问题。
>To satisfy the security demand of cloud storage application, this paper designed and implemented an attribute based access control mechanism named EncFS, which is suitable for cloud storage system. EncFS is a file system of user space, which is based on fuse and access control strategy for Linux operating system. It uses identity information as attributes for access control. Therefore, this system can simplify password management and storage, realize the fine-grained access control and solve the problem of dynamic expansion of large-scale users.
参考文献
|
[1]
|
俞能海, 郝卓, 徐甲甲, 张卫明, 张驰 (2013) 云安全研究进展综述. 电子学报, 2, 371-381.
|
|
[2]
|
李凤华, 苏铓, 史国振, 马建峰 (2012) 访问控制模型研究进展及发展趋势. 电子学报, 4, 805-813.
|
|
[3]
|
常彦德 (2011) 基于角色的访问控制技术研究进展. 计算机与现代化, 12, 5-8.
|
|
[4]
|
张斌, 张宇 (2012) 基于属性和角色的访问控制模型. 计算机工程与设计, 10, 3807-3811.
|
|
[5]
|
盖新貌, 沈昌祥, 刘毅, 周明 (2011) 基于属性访问控制的CSP模型. 小型微型计算机系统, 11, 2217-2222.
|
|
[6]
|
熊智, 王平, 徐江燕, 蔡伟鸿 (2013) 一种基于属性的企业云存储访问控制方案. 计算机应用研究, 2, 513-517.
|
|
[7]
|
Wang, Q., Wang, C. and Ren, K. (2011) Enabling public auditability and data dynamics for storage security in cloud computing. IEEE Transactions on Parallel and Distributed Systems, 22, 847-859.
|
|
[8]
|
Echeverria, V., Liebrock, L.M. and Shin, D. (2010) Permission management system: Permission as a service in cloud computing. 2010 IEEE 34th Annual Computer Software and Applications Conference Workshops (COMPSACW), 19-23 July 2010, 371- 375.
|
|
[9]
|
Moses, T. (2012) eXtensible access control markup language (XACML) version 2.0.
|
|
[10]
|
Vipul, G., Omkant P. and Amit, S. (2006) Attribute-based encryption for fine grained access control of encrypted data. Proceedings of the 13th ACM Conference on Computer and Communications Security, 89-98.
|