%0 Journal Article %T 全系统一体的访问控制保障模型<br>An assurance model for accesscontrol on cloud computing systems %A 李瑜 %A 赵勇 %A 郭晓栋 %A 刘国乐 %J 清华大学学报(自然科学版) %D 2017 %R 10.16511/j.cnki.qhdxxb.2017.25.017 %X 针对云平台各访问控制点的访问控制机制难以有效联动问题,该文提出了全系统一体的访问控制保障模型。首先,形式化定义了访问请求的等价关系及支撑关系,对访问请求的本质进行了描述;其次,给出了基于模型的访问控制保障算法,形式化证明了算法能够实现可信的访问控制请求传递;最后,从云平台的网络层、云应用层和操作系统核心层给出了模型的工程实施方法。结果表明:通过访问请求语义的传递,模型实现了全系统访问控制机制的联动,保证了访问请求信息的可信传递。<br>Abstract:An access control points in cloud computing are difficult to link. An assurance model for access control on the whole system was developed based on formal definitions of the access request equivalence relation and the support relation, the analysis formally proves that the assurance algorithm can ensure the credibility of access requests. The implementation methods are given for the network layer, application layer and operating system kernel layer in cloud computing. An access semantic encapsulation shows that the algorithm meets the access control linkage requirements and can ensure the credibility of access requests. %K 云安全 %K 访问控制 %K 保障模型 %K 一体化 %K < %K br> %K cloud computing security %K access control %K assurance model %K access control linkage %U http://jst.tsinghuajournals.com/CN/Y2017/V57/I4/432