基于经纪人的多云访问控制模型研究

doi:10.11896/jsjkx.190300112

Abstract

Abstract: Multicloud is increasingly accepted by industry and has great promotional value and development potential,since it combines cloud resources in a provider-independent way and there is no need to change the provider’s original technology solutions and operation model.Cloud broker provides transparent service for providers and users,composes the resource of cloud providers on demand,and reduces the difficulty of Multicloud collaboration,the risk of vendor lock-in and the cost of cloud user.However,the loss of trust and the heterogeneity of access control policy among cloud providers can easily cause security problems,such as privacy leakage and data loss,and affect the promotion and application of Multicloud seriously.Based on the factors,such as trust,context and SLA,Multicloud access control model (MC-ABAC) was proposed.Firstly,the framework of MC-ABAC is constructed to collaborate in Multicloud environments,which consists of Virtual Resource Manager (VRM),Access Control Manager (ACM) and Cloud Access Control Broker (CACB).Secondly,MC-ABAC is designed to achieve trust measurement of cloud providers and authorization management in Multicloud.This model defines subject,resource,environment and operation,and formalizes trust,context,SLA and authorization.Thirdly,the workflow of MC-ABAC is designed to access the resource of multicloud from local provider and CACB respectively.Finally,the simulation environment of MC-ABAC is built by using CloudSim 4.0 and OpenAZ,and used to verify the availability,such as the success rate and the response time of the request.The results show the request success rate of MC-ABAC is about 18% higher than that of ABAC,and whose average response time is better than that of ABAC,when MC-ABAC is used normally and the number of requests is large.

Key words: Access control, Cloud broker, Context information, Multicloud, Service level agreement, Trust management

CLC Number:

TP393

ZHAO Peng, WU Li-fa, HONG Zheng. Research on Broker Based Multicloud Access Control Model[J].Computer Science, 2019, 46(11): 123-129.

References

[1]PETCU D.Multi-Cloud:expectations and current approaches[C]∥International Workshop on Multi-Cloud Applications and Federated Clouds.ACM,2013:1-6.
[2]SINGHAL M,CHANDRASEKHAR S,GE T,et al.Collaboration in Multicloud Computing Environments:Framework and Security Issues[J].Computer,2013,46(2):76-84.
[3]ALMUTAIRI A A,SARFRAZ M I,BASALAMAH S,et al.A Distributed Access Control Architecture for Cloud Computing[J].IEEE Software,2012,29(2):36-44.
[4]THEIMER M M,NICHOLS D A,TERRY D B.Delegationthrough access control programs[C]∥International Conference on Distributed Computing Systems.IEEE,1992:529-536.
[5]GUZEK M,GNIEWEK A,BOUVRY P,et al.Cloud Brokering:Current Practices and Upcoming Challenges[J].IEEE Cloud Computing,2015,2(2):40-47.
[6]ANASTASI G F,CARLINI E,COPPOLA M,et al.Usage Control in Cloud Federations[C]∥IEEE International Conference on Cloud Engineering.IEEE,2014:141-146.
[7]SETTE I S,CHADWICK D W,FERRAZ C A G.Authorization Policy Federation in Heterogeneous Multicloud Environments[J].IEEE Cloud Computing,2017,4(4):38-47.
[8]ZHENG Y,LI X,KANTOLA R.Heterogeneous Data AccessControl Based on Trust and Reputation in Mobile Cloud Computing[M]∥Advances in Mobile Cloud Computing and Big Data in the 5G Era.Springer International Publishing,2017.
[9]NGO C,DEMCHENKO Y,LAAT C D.Multi-tenant attribute-based access control for cloud infrastructure services[J].Journal of Information Security and Applications,2016,27-28:65-84.
[10]DEMCHENKO Y,NGO C,LAAT C D,et al.Federated Access Control in Heterogeneous Intercloud Environment:Basic Models and Architecture Patterns[C]∥IEEE International Conference on Cloud Engineering.IEEE,2014:439-445.
[11]MEI J,LI K,TONG Z,et al.Profit Maximization for Cloud Brokers in Cloud Computing[J].IEEE Transactions on Parallel & Distributed Systems,2018,30(1):190-203.
[12]FOWLEY F,PAHL C,JAMSHIDI P,et al.A Classification and Comparison Framework for Cloud Service Brokerage Architectures[J].IEEE Transactions on Cloud Computing,2016,6(2):358-371.
[13]HOGAN M D,LIU F,SOKOL A W,et al.NIST Cloud Computing Standards Roadmap[R].NIST Special Publication,2011,35.
[14]GUZEK M,GNIEWEK A,BOUVRY P,et al.Cloud Brokering:Current Practices and Upcoming Challenges.IEEE Cloud Computing,2015,2(2):40-47.
[15]THOMAS M V.Agent-Based Cloud Broker Architecture forDistributed Access Control in the Inter-Cloud Environments[J].International Journal of Information Processing,2014,8(1):107-123.
[16]PAWAR P S,NAIR S K,ELMOUSSA F,et al.Opinion Model Based Security Reputation Enabling Cloud Broker Architecture[C]∥International Conference on Cloud Computing.Springer,2012:103-113.
[17]HALABI T,BELLAICHE M.A broker-based framework forstandardization and management of cloud security-SLAs[J].Computers & Security,2018,75(6):59-71.
[18]LIU C,WANG G,HAN P,et al.A Cloud Access Security Broker based approach for encrypted data search and sharing[C]∥International Conference on Computing.Networking and Communications.IEEE,2017:422-426.
[19]AI H.Distributed access control[J].Computer Engineering and Design,2007,28(21):5110-5111.
[20]TOLONE W,AHN G J,PAI T,et al.Access control in collaborative systems[J].Acm Computing Surveys,2005,37(1):29-41.
[21]RIZVI S,MITCHELL J.A Semi-distributed Access ControlManagement Scheme for Securing Cloud Environment[C]∥IEEE International Conference on Cloud Computing.IEEE,2015:501-507.
[22]LUO Y,LUO W,TIAN P,et al.OpenStack Security Modules:A Least-Invasive Access Control Framework for the Cloud[C]∥IEEE International Conference on Cloud Computing.IEEE,2017:51-58.
[23]HILIA M,CHIBANI A,WINTER T,et al.Semantic Based Authorization Framework For Multi-Domain Collaborative Cloud Environments[J].Procedia Computer Science,2017,109:718-724.
[24]ALANSARI S,PACI F,MARGHERI A,et al.Privacy-Preserving Access Control in Cloud Federations[C]∥IEEE International Conference on Cloud Computing.IEEE,2017:757-760.
[25]LI F,LUO B,LIU P,et al.In-broker Access Control:Towards Efficient End-to-End Performance of Information Brokerage Systems[C]∥IEEE International Conference on Sensor Networks,Ubiquitous,and Trustworthy Computing.IEEE,2006:252-259.
[26]BHATT S,PATWA F,SANDHU R.An Attribute-Based Access Control Extension for OpenStack and Its Enforcement Utilizing the Policy Machine[C]∥IEEE International Conference on Collaboration and Internet Computing.IEEE,2017:37-45.
[27]JOHN J C,SURAL S,GUPTA A.Authorization Management in Multi-cloud Collaboration Using Attribute-Based Access Control[C]∥International Symposium on Parallel and Distributed Computing.IEEE,2017:190-195.
[28]SINGH S,SIDHU J.Compliance-based Multi-dimensional Trust Evaluation System for determining trustworthiness of Cloud Service Providers[J].Future Generation Computer Systems,2017,67:109-132.
[29]YOU J,SHANG J L,XU S K,et al Distributed Dynamic Trust Management Model b ased on Trust Reliability[J].Journal of Software,2017,28(9):2354-2369.

Related Articles 15

[1]	GUO Peng-jun, ZHANG Jing-zhou, YANG Yuan-fan, YANG Shen-xiang. Study on Wireless Communication Network Architecture and Access Control Algorithm in Aircraft [J]. Computer Science, 2022, 49(9): 268-274.
[2]	YANG Zhen, HUANG Song, ZHENG Chang-you. Study on Crowdsourced Testing Intellectual Property Protection Technology Based on Blockchain and Improved CP-ABE [J]. Computer Science, 2022, 49(5): 325-332.
[3]	GUO Xian, WANG Yu-yue, FENG Tao, CAO Lai-cheng, JIANG Yong-bo, ZHANG Di. Blockchain-based Role-Delegation Access Control for Industrial Control System [J]. Computer Science, 2021, 48(9): 306-316.
[4]	CHEN Hai-biao, HUANG Sheng-yong, CAI Jie-rui. Trust Evaluation Protocol for Cross-layer Routing Based on Smart Grid [J]. Computer Science, 2021, 48(6A): 491-497.
[5]	CHENG Xue-lin, YANG Xiao-hu, ZHUO Chong-kui. Research and Implementation of Data Authority Control Model Based on Organization [J]. Computer Science, 2021, 48(6A): 558-562.
[6]	PAN Rui-jie, WANG Gao-cai, HUANG Heng-yi. Attribute Access Control Based on Dynamic User Trust in Cloud Computing [J]. Computer Science, 2021, 48(5): 313-319.
[7]	HAO Zhi-feng, LIAO Xiang-cai, WEN Wen, CAI Rui-chu. Collaborative Filtering Recommendation Algorithm Based on Multi-context Information [J]. Computer Science, 2021, 48(3): 168-173.
[8]	HE Heng, JIANG Jun-jun, FENG Ke, LI Peng, XU Fang-fang. Efficient Multi-keyword Retrieval Scheme Based on Attribute Encryption in Multi-cloud Environment [J]. Computer Science, 2021, 48(11A): 576-584.
[9]	CAO Meng, YU Yang, LIANG Ying, SHI Hong-zhou. Key Technologies and Development Trends of Big Data Trade Based on Blockchain [J]. Computer Science, 2021, 48(11A): 184-190.
[10]	XU Kun, FU Yin-jin, CHEN Wei-wei, ZHANG Ya-nan. Research Progress on Blockchain-based Cloud Storage Security Mechanism [J]. Computer Science, 2021, 48(11): 102-115.
[11]	YAN Xu, MA Shuai, ZENG Feng-jiao, GUO Zheng-hua, WU Jun-long, YANG Ping, XU Bing. Light Field Depth Estimation Method Based on Encoder-decoder Architecture [J]. Computer Science, 2021, 48(10): 212-219.
[12]	WANG Jing-yu, LIU Si-rui. Research Progress on Risk Access Control [J]. Computer Science, 2020, 47(7): 56-65.
[13]	GU Rong-Jie, WU Zhi-ping and SHI Huan. New Approach for Graded and Classified Cloud Data Access Control for Public Security Based on TFR Model [J]. Computer Science, 2020, 47(6A): 400-403.
[14]	PAN Heng, LI Jing feng, MA Jun hu. Role Dynamic Adjustment Algorithm for Resisting Insider Threat [J]. Computer Science, 2020, 47(5): 313-318.
[15]	WANG Hui, LIU Yu-xiang, CAO Shun-xiang, ZHOU Ming-ming. Medical Data Storage Mechanism Integrating Blockchain Technology [J]. Computer Science, 2020, 47(4): 285-291.

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed

Comments

Recommended 0

No Suggested Reading articles found!

Research on Broker Based Multicloud Access Control Model

PDF (PC)