一种支持信任管理的基于角色和属性的访问控制模型
A Role and Attribute-Based Access Control Model with Trust Management
DOI: 10.12677/CSA.2019.93059, PDF,  被引量    科研立项经费支持
作者: 黄 艳, 吴晓鸰*, 凌 捷:广东工业大学计算机学院,广东 广州
关键词: 访问控制云安全信任管理角色属性Access Control Cloud Security Trust Management Role Attribute
摘要: 由于存在非法用户对云中存储的数据的非法访问,云服务遭受各种各样的安全风险。通过访问控制进行合理授权是当前云安全问题中亟待解决的问题之一。针对此问题,本文提出了一种支持信任管理的基于角色和属性的访问控制模型(TRABAC)。首先,通过计算用户的信任值对其进行信任评估筛选出可信用户。其次,结合基于角色的访问控制模型(Role-Based Access Control, RBAC)与基于属性的访问控制模型(Attribute-Based Access Control, ABAC)来完成用户–角色分配和角色–权限分配,并根据相应的属性过滤策略动态地缩减用户–角色映射关系和角色–映射权限映射关系。最后,得到用户可以拥有的最小权限集合。安全性分析结果表明,该模型在云计算环境下能更好地实现动态安全和细粒度的访问控制。
Abstract: With the illegal access from illegal users to data which is stored in the cloud, cloud services suffer from a variety of security risks. Reasonable authorization through access control is one of the most urgent problems to be solved in current cloud security. To solve this problem, a Role and Attribute-Based Access Control model with Trust Management (TRABAC) is proposed. Firstly, the trusted users are screened out by calculating the trust value of the users. Secondly, the Role-Based Access Control (RBAC) model and the Attribute-Based Access Control (ABAC) model are combined to complete the user-role assignment and role-permission assignment. And the user-role mapping relationship and the role-permission mapping relationship are dynamically reduced according to the corresponding attribute filtering policy. Finally the minimum set of permissions that the user can have can be achieved. The security analysis results show that this model can achieve more dynamic security and fine-grained access control in the cloud computing environment.
文章引用:黄艳, 吴晓鸰, 凌捷. 一种支持信任管理的基于角色和属性的访问控制模型[J]. 计算机科学与应用, 2019, 9(3): 517-526. https://doi.org/10.12677/CSA.2019.93059

参考文献

[1] Almulla, S.A. and Chan, Y.Y. (2010) Cloud Computing Security Management. Second International Conference on Engineering Sys-tems Management and ITS Applications, Sharjah, 30 March-1 April 2010, 1-7.
[2] Majhi, S.K. and Dhal, S.K. (2016) A Study on Security Vulnerability on Cloud Platforms. Procedia Computer Science, 78, 55-60. [Google Scholar] [CrossRef
[3] Bertino, E., Samarati, P. and Jajodia, S. (1993) High Assurance Discretionary Access Control for Object Bases. Proceedings of the 1st ACM Conference on Computer and Communications Security, New York, 3-5 November 1993, 140-150. [Google Scholar] [CrossRef
[4] Rayi, K. (2006) Towards a Location-Based Mandatory Access Control Model. Elsevier Advanced Technology Publications, 25, 36-44. [Google Scholar] [CrossRef
[5] Ferraiolo, D.F., Sandhur, G., et al. (2001) Proposed NIST Standard for Role-Based Access Control. ACM Transactions on Information and System Security, 4, 224-274. [Google Scholar] [CrossRef
[6] Yuan, E. and Tong, J. (2005) Attributed-Based Access Control (ABAC) for Web Services. IEEE International Conference on Web Services, Orlando, 11-15 July 2005, 569.
[7] 马星晨, 朱建涛, 邵婧, 刘明达. 一种基于属性的去中心化访问控制模型[J]. 计算机技术与发展, 2018, 28(9): 118-122.
[8] Al-Kahtani, M.A. and Sandhu, R. (2002) A Model for Attribute-Based User-Role Assignment. 18th Annual Computer Security Applications Conference, Las Vegas, 9-13 De-cember 2002, 353-362. [Google Scholar] [CrossRef
[9] 洪帆, 饶双宜, 段素娟. 基于属性的权限-角色分配模型[J]. 计算机应用, 2004, 14(S2): 153-156.
[10] Qi, H., Luo, X., Di, X., et al. (2017) Access Control Model Based on Role and Attribute and Its Imple-mentation. International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, Nanjing, 12-14 October 2017, 66-71.
[11] Aftab, M.U., Habib, M.A., Mehmood, N., et al. (2015) Attributed Role Based Access Control Model. 2015 Con-ference on Information Assurance and Cyber Security (CIACS), Rawalpindi, 18-18 December 2015, 83-89. [Google Scholar] [CrossRef
[12] 熊厚仁, 陈性元, 费晓飞, 桂海仁. 基于属性和RBAC的混合扩展访问控制模型[J]. 计算机应用研究, 2016, 33(7): 2162-2169.
[13] 王于丁, 杨家海. 一种基于角色和属性的云计算数据访问控制模型[J]. 清华大学学报(自然科版), 2017, 57(11): 1150-1158.
[14] Zhu, Y., Huang, D., Hu, C.J., et al. (2015) From RBAC to ABAC: Constructing Flexible Data Access Control for Cloud Storage Services. IEEE Transactions on Services Computing, 8, 601-616. [Google Scholar] [CrossRef
[15] Chakraborty, S. and Ray, I. (2006) Trust BAC: Integrating Trust Relationships into the RBAC Model for Access Control in Open Systems. Proceedings of the 11th ACM Symposium on Access Control Models and Technologies, New York, 7-9 June 2006, 49-58.
[16] 刘武, 段海新, 张洪, 任萍, 吴建平. TRBAC: 基于信任的访问控制模型[J]. 计算机研究与发展, 2011, 48(8): 1414-1420.
[17] 张凯, 潘晓中. 云计算下基于用户行为信任的访问控制模型[J]. 计算机应用, 2014, 34(4): 1051-1054.
[18] 刘萍萍, 闫琳英. 云计算中基于信任-角色访问控制模型的研究[J]. 计算机与数字工程, 2016, 44(2): 286-290.
[19] 许浩海, 于炯, 卞琛, 鲁亮, 金亮. 基于信誉值的结构化数据访问控制模型[J]. 计算机工程与设计, 2018, 39(8): 2407-2411.
[20] Paul, J. (1912) The Distribution of the Flora in the Alpine Zone. New Phytologist, 11, 37-50. [Google Scholar] [CrossRef