计算机科学 ›› 2021, Vol. 48 ›› Issue (5): 313-319.doi: 10.11896/jsjkx.200400013

• 信息安全 • 上一篇    下一篇

云计算下基于动态用户信任度的属性访问控制

潘瑞杰, 王高才, 黄珩逸   

  1. 广西大学计算机与电子信息学院 南宁530004
  • 收稿日期:2020-04-07 修回日期:2020-07-15 出版日期:2021-05-15 发布日期:2021-05-09
  • 通讯作者: 王高才(wanggcgx@163.com)
  • 基金资助:
    国家自然科学基金(61562006);广西自然科学基金(2016GXNSFBA380181)

Attribute Access Control Based on Dynamic User Trust in Cloud Computing

PAN Rui-jie, WANG Gao-cai, HUANG Heng-yi   

  1. School of Computer and Electronic Information,Guangxi University,Nanning 530004,China
  • Received:2020-04-07 Revised:2020-07-15 Online:2021-05-15 Published:2021-05-09
  • About author:PAN Rui-jie,born in 1993,postgra-duate.Her main research interests include network security and so on.(3035596023@qq.com)
    WANG Gao-cai,born in 1976,Ph.D,professor,Ph.D supervisor,is a member of China Computer Federation.His main research interests include compu-ter network,system performance evaluation and random method.
  • Supported by:
    National Natural Science Foundation of China(61562006) and Natural Science Foundation of Guangxi,China(2016GXNSFBA380181).

摘要: 为便于对云中资源的管理,云计算环境通常会被划分成逻辑上相互独立的安全管理域,但资源一旦失去了物理边界的保护会存在安全隐患。访问控制是解决这种安全问题的关键技术之一。针对云计算环境多域的特点,提出了一种基于动态用户信任度的访问控制模型(CT-ABAC),以减少安全域的恶意推荐的影响并降低恶意用户访问的数量。在CT-ABAC模型中,访问请求由主体属性、客体属性、权限属性、环境属性和用户信任度属性组成,模型采用动态细粒度授权机制,根据用户的访问请求属性集合来拒绝或允许本次访问。同时,该模型扩展了用户信任度属性,并考虑时间、安全域间评价相似度、惩罚机制对该属性的影响。仿真实验结果表明,CT-ABAC模型能够有效地降低用户的恶意访问,提高可信用户的成功访问率。

关键词: 多域, 访问控制, 可信, 云计算, 属性

Abstract: In order to facilitate the management of resources in the cloud,the cloud computing environment is usually divided into logically independent security management domains,but there is a hidden danger in the loss of resources' physical boundary protection.Access control is one of the key technologies to solve this security problem.Aiming at the characteristic of multiple domains of cloud computing environment,this paper proposes an access control model (CT-ABAC) based on dynamic user trust to reduce the impact of malicious recommendations in the security domain and reduce the number of malicious users' visits.In the CT-ABAC model,an access request consists of subject attributes,object attributes,permission attributes,environment attributes,and user trust attributes.A dynamic fine-grained authorization mechanism is used to deny or allow this access based on the user'saccess request attribute set.At the same time,this model extends the attribute of user trust,and considers the impact of time,similarity between security domains,and penalty mechanisms on this attribute.Simulation results show that the proposed model can effectively reduce the malicious access of users and improve the success rate of trusted users.

Key words: Access control, Attribute, Cloud computing, Muti-domain, Trust

中图分类号: 

  • TP393
[1]SIBAI R E,GEMAYEL N,ABDO J B,et al.A survey on access control mechanisms for cloud computing[J].Transactions on Emerging Telecommunications Technologies,2019,31(2):1-21.
[2]ZHANG P,SHI N F,JIANG H.A New Research of Delegation Agent Model Based On RBAC[C]//The 3rd International Conference on Wireless Communication and Sensor Networks.Pa-ries:Atlantis Press,2016:15-18.
[3]RIVERA S Y K,DEMURJIAN S A,BAIHAN M S.A service-based RBAC & MAC approach incorporated into the FHIR standard[J].Digital Communications and Networks,2019,5(4):214-225.
[4]LACEY-BARNACLE M,ROBISON R,FOULDS C.Energy justice in the developing world:a review of theoretical frameworks,key research themes and policy implications[J].Energy for Sustainable Devlelopment,2020,2020(55):122-138.
[5]SERVOS D,OSBORN S L.Current Research and Open Problems in Attribute-Based Access Control[J].ACM Computing Surveys,2017,2017(65):1-45.
[6]JAMES B D.A generalized temporal role based access control model for developing secure systems [D].Indiana:Purdue University,2013.
[7]RANISE S,TRUONG A,VIGANÒ L.Automated Analysis ofRBAC Policies withTemporal Constraints and Static Role Hierarchies[C]//The 30th Annual ACM Symposium.New York:ACM,2015:2177-2184.
[8]JIANG J G,YUAN X B,MAO R.Research on Role Mining Algorithms in RBAC[C]//The 2nd High Performance Computing and Cluster Technologies.New York:ACM,2018:1-5.
[9]BISWAS P,SANDHU R,KRISHNAN R.Label-Based AccessControl:An ABAC Model with Enumerated Authorization Policy[C]//ACM International Workshop on Attribute Based Access Control,New York:ACM,2016:1-12.
[10]BHATT S,PATWA F,SANDHU R.ABAC with group attributes and attribute hierarchies utilizing the policy machine[C]//The 2nd ACM Workshop on Attribute-Based Access Control.New Yorck:ACM,2017:17-28.
[11]MUHAMMAD U A,QIN G Z.Role-Based ABAC Model forImplementing Least Privileges[C]//The 8th International Conference on Software and Computer Applications.New York:ACM,2019:467-471.
[12]DAS S,SURAL S,VAIDYA J,et al.Policy Adaptation in Hie-rarchical Attribute-Based Access Control Systems[J].ACM transactions on Internet technology.2019,19(40):1-24.
[13]XIE R N,LI H,SHI G Z.Lightweight and reconfigurable access control strategy based on attributes[J].Journal of Communications,2020,41(2):112-122.
[14]HUANG L Y,XIONG G W.A Trust-role Access Control Model Facing Cloud Computing[C]//The 35th Chinese Control Conference.New York:IEEE,2016:5239-5242.
[15]LI X.Access Control Strategy Based on Trust under CloudComputing Platform[C]//International Conference on Virtual Reality and Intelligent Systems.New York:IEEE,2018:327-330.
[16]UIKEY C,BHILARE D S.TrustRBAC:Trust role based access control model in multi-domain cloud environments[C]//IEEE,International Conference on Information,Communication,Instrumentation and Control.New York:IEEE,2017:1-7.
[17]GHAFOORIAN M,ABBASINEZHAD-MOOD D,SHAKERIH.A Thorough Trust and Reputation Based RBACModel for Secure Data Storage in the Cloud[C]//IEEETransactions on Parallel and Distributed Systems.New York:IEEE,2018:1-12.
[18]ZHAO Z Y,SUN L.Attribute-based Access Control with Dynamic Trust in a Hybrid Cloud Computing Environment[C]//International Conference on Cryptography,Security and Privacy.New York:ACM,2017:112-118.
[19]HU V C,FERRAIOLO D,KUHN R,et al.Guide to Attribute Based Access Control(ABAC) Definition and Considerations:800-162 [S].U.S.Department of Commerce:National Institute of Standards and Technology,2014.
[20]DANIEL S,OSBORN S.Current Research and Open Problems in Attribute-Based Access Control[J].ACM Computing Surveys,2017(65):1-45.
[21]WU C Q,HUANG R N.Research on Access Control ModelBased on Dynamic Linear Correlation[J].Computer Science,2015,42(9):94-106.
[22]LI D Q,GUO R M.An Improved Trust Mechanism Based on the Similarity[C]//National Conference on Electrical.Paries:Atlantis Press,2015:722-728.
[23]LI X Y,GUI X L.Cognitive Model of Dynamic Trust Forecasting[J].Journal of Software,2010,21(1):163-176.
[1] 郭鹏军, 张泾周, 杨远帆, 阳申湘.
飞机机内无线通信网络架构与接入控制算法研究
Study on Wireless Communication Network Architecture and Access Control Algorithm in Aircraft
计算机科学, 2022, 49(9): 268-274. https://doi.org/10.11896/jsjkx.210700220
[2] 李瑶, 李涛, 李埼钒, 梁家瑞, Ibegbu Nnamdi JULIAN, 陈俊杰, 郭浩.
基于多尺度的稀疏脑功能超网络构建及多特征融合分类研究
Construction and Multi-feature Fusion Classification Research Based on Multi-scale Sparse Brain Functional Hyper-network
计算机科学, 2022, 49(8): 257-266. https://doi.org/10.11896/jsjkx.210600094
[3] 陈晶, 吴玲玲.
多源异构环境下的车联网大数据混合属性特征检测方法
Mixed Attribute Feature Detection Method of Internet of Vehicles Big Datain Multi-source Heterogeneous Environment
计算机科学, 2022, 49(8): 108-112. https://doi.org/10.11896/jsjkx.220300273
[4] 林夕, 陈孜卓, 王中卿.
基于不平衡数据与集成学习的属性级情感分类
Aspect-level Sentiment Classification Based on Imbalanced Data and Ensemble Learning
计算机科学, 2022, 49(6A): 144-149. https://doi.org/10.11896/jsjkx.210500205
[5] 袁昊男, 王瑞锦, 郑博文, 吴邦彦.
基于Fabric的电子病历跨链可信共享系统设计与实现
Design and Implementation of Cross-chain Trusted EMR Sharing System Based on Fabric
计算机科学, 2022, 49(6A): 490-495. https://doi.org/10.11896/jsjkx.210500063
[6] 阳真, 黄松, 郑长友.
基于区块链与改进CP-ABE的众测知识产权保护技术研究
Study on Crowdsourced Testing Intellectual Property Protection Technology Based on Blockchain and Improved CP-ABE
计算机科学, 2022, 49(5): 325-332. https://doi.org/10.11896/jsjkx.210900075
[7] 王子茵, 李磊军, 米据生, 李美争, 解滨.
基于误分代价的变精度模糊粗糙集属性约简
Attribute Reduction of Variable Precision Fuzzy Rough Set Based on Misclassification Cost
计算机科学, 2022, 49(4): 161-167. https://doi.org/10.11896/jsjkx.210500211
[8] 王志成, 高灿, 邢金明.
一种基于正域的三支近似约简
Three-way Approximate Reduction Based on Positive Region
计算机科学, 2022, 49(4): 168-173. https://doi.org/10.11896/jsjkx.210500067
[9] 杨晓宇, 殷康宁, 候少麒, 杜文仪, 殷光强.
基于特征定位与融合的行人重识别算法
Person Re-identification Based on Feature Location and Fusion
计算机科学, 2022, 49(3): 170-178. https://doi.org/10.11896/jsjkx.210100132
[10] 高诗尧, 陈燕俐, 许玉岚.
云环境下基于属性的多关键字可搜索加密方案
Expressive Attribute-based Searchable Encryption Scheme in Cloud Computing
计算机科学, 2022, 49(3): 313-321. https://doi.org/10.11896/jsjkx.201100214
[11] 杨玉丽, 李宇航, 邓岸华.
面向个性化需求的云制造服务可信评价模型
Trust Evaluation Model of Cloud Manufacturing Services for Personalized Needs
计算机科学, 2022, 49(3): 354-359. https://doi.org/10.11896/jsjkx.210200116
[12] 梁静茹, 鄂海红, 宋美娜.
基于属性图模型的领域知识图谱构建方法
Method of Domain Knowledge Graph Construction Based on Property Graph Model
计算机科学, 2022, 49(2): 174-181. https://doi.org/10.11896/jsjkx.210500076
[13] 肖康, 周夏冰, 王中卿, 段湘煜, 周国栋, 张民.
基于产品建模的评论问题生成研究
Review Question Generation Based on Product Profile
计算机科学, 2022, 49(2): 272-278. https://doi.org/10.11896/jsjkx.201200208
[14] 郭显, 王雨悦, 冯涛, 曹来成, 蒋泳波, 张迪.
基于区块链的工业控制系统角色委派访问控制机制
Blockchain-based Role-Delegation Access Control for Industrial Control System
计算机科学, 2021, 48(9): 306-316. https://doi.org/10.11896/jsjkx.210300235
[15] 戴宗明, 胡凯, 谢捷, 郭亚.
基于直觉模糊集的集成学习算法
Ensemble Learning Algorithm Based on Intuitionistic Fuzzy Sets
计算机科学, 2021, 48(6A): 270-274. https://doi.org/10.11896/jsjkx.200700036
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!