计算机科学 ›› 2021, Vol. 48 ›› Issue (5): 313-319.doi: 10.11896/jsjkx.200400013
潘瑞杰, 王高才, 黄珩逸
PAN Rui-jie, WANG Gao-cai, HUANG Heng-yi
摘要: 为便于对云中资源的管理,云计算环境通常会被划分成逻辑上相互独立的安全管理域,但资源一旦失去了物理边界的保护会存在安全隐患。访问控制是解决这种安全问题的关键技术之一。针对云计算环境多域的特点,提出了一种基于动态用户信任度的访问控制模型(CT-ABAC),以减少安全域的恶意推荐的影响并降低恶意用户访问的数量。在CT-ABAC模型中,访问请求由主体属性、客体属性、权限属性、环境属性和用户信任度属性组成,模型采用动态细粒度授权机制,根据用户的访问请求属性集合来拒绝或允许本次访问。同时,该模型扩展了用户信任度属性,并考虑时间、安全域间评价相似度、惩罚机制对该属性的影响。仿真实验结果表明,CT-ABAC模型能够有效地降低用户的恶意访问,提高可信用户的成功访问率。
中图分类号:
[1]SIBAI R E,GEMAYEL N,ABDO J B,et al.A survey on access control mechanisms for cloud computing[J].Transactions on Emerging Telecommunications Technologies,2019,31(2):1-21. [2]ZHANG P,SHI N F,JIANG H.A New Research of Delegation Agent Model Based On RBAC[C]//The 3rd International Conference on Wireless Communication and Sensor Networks.Pa-ries:Atlantis Press,2016:15-18. [3]RIVERA S Y K,DEMURJIAN S A,BAIHAN M S.A service-based RBAC & MAC approach incorporated into the FHIR standard[J].Digital Communications and Networks,2019,5(4):214-225. [4]LACEY-BARNACLE M,ROBISON R,FOULDS C.Energy justice in the developing world:a review of theoretical frameworks,key research themes and policy implications[J].Energy for Sustainable Devlelopment,2020,2020(55):122-138. [5]SERVOS D,OSBORN S L.Current Research and Open Problems in Attribute-Based Access Control[J].ACM Computing Surveys,2017,2017(65):1-45. [6]JAMES B D.A generalized temporal role based access control model for developing secure systems [D].Indiana:Purdue University,2013. [7]RANISE S,TRUONG A,VIGANÒ L.Automated Analysis ofRBAC Policies withTemporal Constraints and Static Role Hierarchies[C]//The 30th Annual ACM Symposium.New York:ACM,2015:2177-2184. [8]JIANG J G,YUAN X B,MAO R.Research on Role Mining Algorithms in RBAC[C]//The 2nd High Performance Computing and Cluster Technologies.New York:ACM,2018:1-5. [9]BISWAS P,SANDHU R,KRISHNAN R.Label-Based AccessControl:An ABAC Model with Enumerated Authorization Policy[C]//ACM International Workshop on Attribute Based Access Control,New York:ACM,2016:1-12. [10]BHATT S,PATWA F,SANDHU R.ABAC with group attributes and attribute hierarchies utilizing the policy machine[C]//The 2nd ACM Workshop on Attribute-Based Access Control.New Yorck:ACM,2017:17-28. [11]MUHAMMAD U A,QIN G Z.Role-Based ABAC Model forImplementing Least Privileges[C]//The 8th International Conference on Software and Computer Applications.New York:ACM,2019:467-471. [12]DAS S,SURAL S,VAIDYA J,et al.Policy Adaptation in Hie-rarchical Attribute-Based Access Control Systems[J].ACM transactions on Internet technology.2019,19(40):1-24. [13]XIE R N,LI H,SHI G Z.Lightweight and reconfigurable access control strategy based on attributes[J].Journal of Communications,2020,41(2):112-122. [14]HUANG L Y,XIONG G W.A Trust-role Access Control Model Facing Cloud Computing[C]//The 35th Chinese Control Conference.New York:IEEE,2016:5239-5242. [15]LI X.Access Control Strategy Based on Trust under CloudComputing Platform[C]//International Conference on Virtual Reality and Intelligent Systems.New York:IEEE,2018:327-330. [16]UIKEY C,BHILARE D S.TrustRBAC:Trust role based access control model in multi-domain cloud environments[C]//IEEE,International Conference on Information,Communication,Instrumentation and Control.New York:IEEE,2017:1-7. [17]GHAFOORIAN M,ABBASINEZHAD-MOOD D,SHAKERIH.A Thorough Trust and Reputation Based RBACModel for Secure Data Storage in the Cloud[C]//IEEETransactions on Parallel and Distributed Systems.New York:IEEE,2018:1-12. [18]ZHAO Z Y,SUN L.Attribute-based Access Control with Dynamic Trust in a Hybrid Cloud Computing Environment[C]//International Conference on Cryptography,Security and Privacy.New York:ACM,2017:112-118. [19]HU V C,FERRAIOLO D,KUHN R,et al.Guide to Attribute Based Access Control(ABAC) Definition and Considerations:800-162 [S].U.S.Department of Commerce:National Institute of Standards and Technology,2014. [20]DANIEL S,OSBORN S.Current Research and Open Problems in Attribute-Based Access Control[J].ACM Computing Surveys,2017(65):1-45. [21]WU C Q,HUANG R N.Research on Access Control ModelBased on Dynamic Linear Correlation[J].Computer Science,2015,42(9):94-106. [22]LI D Q,GUO R M.An Improved Trust Mechanism Based on the Similarity[C]//National Conference on Electrical.Paries:Atlantis Press,2015:722-728. [23]LI X Y,GUI X L.Cognitive Model of Dynamic Trust Forecasting[J].Journal of Software,2010,21(1):163-176. |
[1] | 郭鹏军, 张泾周, 杨远帆, 阳申湘. 飞机机内无线通信网络架构与接入控制算法研究 Study on Wireless Communication Network Architecture and Access Control Algorithm in Aircraft 计算机科学, 2022, 49(9): 268-274. https://doi.org/10.11896/jsjkx.210700220 |
[2] | 李瑶, 李涛, 李埼钒, 梁家瑞, Ibegbu Nnamdi JULIAN, 陈俊杰, 郭浩. 基于多尺度的稀疏脑功能超网络构建及多特征融合分类研究 Construction and Multi-feature Fusion Classification Research Based on Multi-scale Sparse Brain Functional Hyper-network 计算机科学, 2022, 49(8): 257-266. https://doi.org/10.11896/jsjkx.210600094 |
[3] | 陈晶, 吴玲玲. 多源异构环境下的车联网大数据混合属性特征检测方法 Mixed Attribute Feature Detection Method of Internet of Vehicles Big Datain Multi-source Heterogeneous Environment 计算机科学, 2022, 49(8): 108-112. https://doi.org/10.11896/jsjkx.220300273 |
[4] | 林夕, 陈孜卓, 王中卿. 基于不平衡数据与集成学习的属性级情感分类 Aspect-level Sentiment Classification Based on Imbalanced Data and Ensemble Learning 计算机科学, 2022, 49(6A): 144-149. https://doi.org/10.11896/jsjkx.210500205 |
[5] | 袁昊男, 王瑞锦, 郑博文, 吴邦彦. 基于Fabric的电子病历跨链可信共享系统设计与实现 Design and Implementation of Cross-chain Trusted EMR Sharing System Based on Fabric 计算机科学, 2022, 49(6A): 490-495. https://doi.org/10.11896/jsjkx.210500063 |
[6] | 阳真, 黄松, 郑长友. 基于区块链与改进CP-ABE的众测知识产权保护技术研究 Study on Crowdsourced Testing Intellectual Property Protection Technology Based on Blockchain and Improved CP-ABE 计算机科学, 2022, 49(5): 325-332. https://doi.org/10.11896/jsjkx.210900075 |
[7] | 王子茵, 李磊军, 米据生, 李美争, 解滨. 基于误分代价的变精度模糊粗糙集属性约简 Attribute Reduction of Variable Precision Fuzzy Rough Set Based on Misclassification Cost 计算机科学, 2022, 49(4): 161-167. https://doi.org/10.11896/jsjkx.210500211 |
[8] | 王志成, 高灿, 邢金明. 一种基于正域的三支近似约简 Three-way Approximate Reduction Based on Positive Region 计算机科学, 2022, 49(4): 168-173. https://doi.org/10.11896/jsjkx.210500067 |
[9] | 杨晓宇, 殷康宁, 候少麒, 杜文仪, 殷光强. 基于特征定位与融合的行人重识别算法 Person Re-identification Based on Feature Location and Fusion 计算机科学, 2022, 49(3): 170-178. https://doi.org/10.11896/jsjkx.210100132 |
[10] | 高诗尧, 陈燕俐, 许玉岚. 云环境下基于属性的多关键字可搜索加密方案 Expressive Attribute-based Searchable Encryption Scheme in Cloud Computing 计算机科学, 2022, 49(3): 313-321. https://doi.org/10.11896/jsjkx.201100214 |
[11] | 杨玉丽, 李宇航, 邓岸华. 面向个性化需求的云制造服务可信评价模型 Trust Evaluation Model of Cloud Manufacturing Services for Personalized Needs 计算机科学, 2022, 49(3): 354-359. https://doi.org/10.11896/jsjkx.210200116 |
[12] | 梁静茹, 鄂海红, 宋美娜. 基于属性图模型的领域知识图谱构建方法 Method of Domain Knowledge Graph Construction Based on Property Graph Model 计算机科学, 2022, 49(2): 174-181. https://doi.org/10.11896/jsjkx.210500076 |
[13] | 肖康, 周夏冰, 王中卿, 段湘煜, 周国栋, 张民. 基于产品建模的评论问题生成研究 Review Question Generation Based on Product Profile 计算机科学, 2022, 49(2): 272-278. https://doi.org/10.11896/jsjkx.201200208 |
[14] | 郭显, 王雨悦, 冯涛, 曹来成, 蒋泳波, 张迪. 基于区块链的工业控制系统角色委派访问控制机制 Blockchain-based Role-Delegation Access Control for Industrial Control System 计算机科学, 2021, 48(9): 306-316. https://doi.org/10.11896/jsjkx.210300235 |
[15] | 戴宗明, 胡凯, 谢捷, 郭亚. 基于直觉模糊集的集成学习算法 Ensemble Learning Algorithm Based on Intuitionistic Fuzzy Sets 计算机科学, 2021, 48(6A): 270-274. https://doi.org/10.11896/jsjkx.200700036 |
|