|
|
- 2017
一种基于角色和属性的云计算数据访问控制模型
|
Abstract:
云计算具有开放性、共享性和弹性等特点,这使得传统的访问控制模型不再适应云计算中大规模用户对海量数据灵活动态的访问控制。针对这一不足,该文从云计算实体的属性角度出发,提出一种基于角色和属性的云计算数据访问控制模型,该模型在基于角色的访问控制模型基础上为相关实体引入了属性元素,用户能够通过自身和所在租户的属性及当前的状态分配角色,从而访问不同属性的数据;对该模型进行了详细的设计,阐述了工作流程,并做了安全性证明和综合分析。结果表明:该模型能够在云计算环境下,为用户访问数据提供动态、安全、细粒度的访问控制保障。
Abstract:The key cloud computing characteristics, such as data openness, elasticity, and sharing, complicate data access control. Traditional access control models cannot provide flexible, dynamic access control to large numbers of users with massive data files. This paper presents a data access control model based on the data's role and attribute for cloud computing. An attribute element is assigned to the data to provide role-based access control so that users can be assigned roles based on their own attributes and the tenant's attributes and current status, and can access data with different attributes. The paper illustrates the design of this model and the work processes and provides a theoretical security analysis. The results show that the model can provide dynamic, safe, fine-grained access control for users accessing data in a cloud environment.
