计算机科学 ›› 2018, Vol. 45 ›› Issue (7): 129-134.doi: 10.11896/j.issn.1002-137X.2018.07.021
何思源,欧博,廖鑫
HE Si-yuan, OU Bo, LIAO Xin
摘要: 在分布式工作流环境中,为了使用户获得最合适的权限来执行工作流任务,往往需要给用户指派相应的角色。针对一组给定授权下的用户最佳角色匹配问题,提出一种分布式工作流环境下角色匹配的访问控制模型。该模型可以根据工作流的不同任务,从系统的角色中寻找拥有相关任务执行权限的一组或多组角色集合,然后参考环境、时间约束和角色间的继承关系来进行匹配优化,最终为用户选取最优的角色集合。实验表明,该模型能够剔除冗余角色,为用户精确分配一组最小的角色集合,从而达到角色匹配优化的目的。
中图分类号:
[1]WANG Y D,YANG J H,XU C,et al.Survey on Access Control Technologies for Cloud Computing.Journal of Software,2015,26(5):1129-1150.(in Chinese) 王于丁,杨家海,徐聪,等.云计算访问控制技术研究综述.软件学报,2015,26(5):1129-1150. [2]FENG C S,QIN Z G,YUAN D,et al.Key Techniques of Access Control for Cloud Computing .Acta Electronica Sinica,2015,43(2):312-319.(in Chinese) 冯朝胜,秦志光,袁丁,等.云计算环境下访问控制关键技术.电子学报,2015,43(2):312-319. [3]LI F H,SU M,SHI Z G,et al.Research Status and Development Trends of Access Control Model .Acta Electronica Sinica,2012,40(4):805-813.(in Chinese) 李凤华,苏铓,史振国,等.访问控制模型研究进展及发展趋势.电子学报,2012,40(4):805-813. [4]LI N.Discretionary access control∥Encyclopedia of Cryptography and Security.Springer US,2011:353-356. [5]HAN D J,GAO J,ZHAI H L,et al.Research Development of Access Control Model .Computer Science,2010,37(11):29-33.(in Chinese) 韩道军,高洁,翟浩良,等.访问控制模型研究进展.计算机科学,2010,37(11):29-33. [6]UPADHYAYA S.Mandatory Access Control∥Encyclopedia of Cryptography and Security.Springer US,2011:756-758. [7]SANDHU R S,COYNE E J,FEINSTEIN H L,et al.Role-based Access Control Models .Computer,1996,29(2):38-47. [8]ZHANG X M,HUANG Z Q,SUN Y.Research on Privacy Access Control Based on RBAC .Computer Science,2016,43(1):166-171.(in Chinese) 张学明,黄志球,孙艺.基于RBAC的隐私访问控制研究.计算机科学,2016,43(1):166-171. [9]WANG X W,ZHAO Y M.A Task-role-based Access ControlModel for Cloud Computing .Computer Engineering,2012,38(24):9-13.(in Chinese) 王小威,赵一鸣.一种基于任务角色的云计算访问控制模型.计算机工程,2012,38(24):9-13. [10]SEJONG O,SEOG P.Task-role-based Access Control Model.Information System,2003,28(6):533-562. [11]WANG J Y,FENG L X,ZHENG X F,et al.Research Status and Development Trends of Access Control Model .Journal of Central South University(Science and Technology),2015,46(6):2090-2097.(in Chinese) 王静宇,冯黎晓,郑雪峰.一种面向云计算环境的属性访问控制模型.中南大学学报(自然科学版),2015,46(6):2090-2097. [12]LI F H,WANG W,MA J F,et al.Action-based Access Control Model and Administration of Actions .Acta Electronica Sinica,2008,36(10):1881-1890.(in Chinese) 李凤华,王巍,马建峰,等.基于行为的访问控制模型及其行为管理.电子学报,2008,36(10):1881-1890. [13]SU M,LI F H,SHI G Z.Action-based Multilevel Access Control Model .Journal of Computer Research and Document,2014,51(7):1604-1613.(in Chinese) 苏铓,李凤华,史国振.基于行为的多级访问控制模型.计算机研究与发展,2014,51(7):1604-1613. [14]LANG B.Access Control Oriented Quantified Trust DegreeRepresentation Model for Distributed Systems .Journal on Communications,2010,31(12):45-54.(in Chinese) 郎波.面向分布式系统访问控制的信任度量化模型.通信学报,2010,31(12):45-54. [15]FU X,XU S,ZHOU D M.Research on Trust-based AccessControl Model in Cloud Computing Environment .Computer Technology and Development,2015,25(9):139-143.(in Chinese) 付雄,徐松,周代明.云计算环境下基于信任的访问控制模型研究.计算机技术与发展,2015,25(9):139-143. [16]DU S,JOSHI J B D.Supporting Authorization Query and Inter-domain Role Mapping in Presence of Hybrid Role Hierarchy[C]∥Proceedings of the 11th ACM Symposium on Access Control Models and Technologies.New York:ACM,2006:228-236. [17]YANG L,TANG Z,LI R F,et al.Roles Query Algorithm in Cloud Computing Environment Based on User Require .Journal on Communications,2011,32(7):169-175.(in Chinese) 杨柳,唐卓,李仁发,等.云计算环境中基于用户访问需求的角色查找算法.通信学报,2011,32(7):169-175. [18]ZHANG Y,JOSHI J B D.Uaq:A Framework for User Authorization Query Processing in RBAC Extended with Hybrid Hie-rarchy and Constraints[C]∥Proceedings of the 13th ACM Symposium on Access Control Models and Technologies.New York:ACM,2008:83-92. [19]LU J,JOSHI J B D,JIN L,et al.Towards Complexity Analysis of User Authorization Query Problem in RBAC .Computers &Security,2015,48(C):116-130. |
[1] | 郭鹏军, 张泾周, 杨远帆, 阳申湘. 飞机机内无线通信网络架构与接入控制算法研究 Study on Wireless Communication Network Architecture and Access Control Algorithm in Aircraft 计算机科学, 2022, 49(9): 268-274. https://doi.org/10.11896/jsjkx.210700220 |
[2] | 阳真, 黄松, 郑长友. 基于区块链与改进CP-ABE的众测知识产权保护技术研究 Study on Crowdsourced Testing Intellectual Property Protection Technology Based on Blockchain and Improved CP-ABE 计算机科学, 2022, 49(5): 325-332. https://doi.org/10.11896/jsjkx.210900075 |
[3] | 郭显, 王雨悦, 冯涛, 曹来成, 蒋泳波, 张迪. 基于区块链的工业控制系统角色委派访问控制机制 Blockchain-based Role-Delegation Access Control for Industrial Control System 计算机科学, 2021, 48(9): 306-316. https://doi.org/10.11896/jsjkx.210300235 |
[4] | 程学林, 杨小虎, 卓崇魁. 基于组织架构的数据权限控制模型研究与实现 Research and Implementation of Data Authority Control Model Based on Organization 计算机科学, 2021, 48(6A): 558-562. https://doi.org/10.11896/jsjkx.200700127 |
[5] | 潘瑞杰, 王高才, 黄珩逸. 云计算下基于动态用户信任度的属性访问控制 Attribute Access Control Based on Dynamic User Trust in Cloud Computing 计算机科学, 2021, 48(5): 313-319. https://doi.org/10.11896/jsjkx.200400013 |
[6] | 曹萌, 于洋, 梁英, 史红周. 基于区块链的大数据交易关键技术与发展趋势 Key Technologies and Development Trends of Big Data Trade Based on Blockchain 计算机科学, 2021, 48(11A): 184-190. https://doi.org/10.11896/jsjkx.210100163 |
[7] | 何亨, 蒋俊君, 冯可, 李鹏, 徐芳芳. 多云环境中基于属性加密的高效多关键词检索方案 Efficient Multi-keyword Retrieval Scheme Based on Attribute Encryption in Multi-cloud Environment 计算机科学, 2021, 48(11A): 576-584. https://doi.org/10.11896/jsjkx.201000026 |
[8] | 徐堃, 付印金, 陈卫卫, 张亚男. 基于区块链的云存储安全研究进展 Research Progress on Blockchain-based Cloud Storage Security Mechanism 计算机科学, 2021, 48(11): 102-115. https://doi.org/10.11896/jsjkx.210600015 |
[9] | 王静宇, 刘思睿. 大数据风险访问控制研究进展 Research Progress on Risk Access Control 计算机科学, 2020, 47(7): 56-65. https://doi.org/10.11896/jsjkx.190700157 |
[10] | 顾荣杰, 吴治平, 石焕. 基于TFR 模型的公安云平台数据分级分类安全访问控制模型研究 New Approach for Graded and Classified Cloud Data Access Control for Public Security Based on TFR Model 计算机科学, 2020, 47(6A): 400-403. https://doi.org/10.11896/JsJkx.191000066 |
[11] | 潘恒, 李景峰, 马君虎. 可抵御内部威胁的角色动态调整算法 Role Dynamic Adjustment Algorithm for Resisting Insider Threat 计算机科学, 2020, 47(5): 313-318. https://doi.org/10.11896/jsjkx.190800051 |
[12] | 王辉, 刘玉祥, 曹顺湘, 周明明. 融入区块链技术的医疗数据存储机制 Medical Data Storage Mechanism Integrating Blockchain Technology 计算机科学, 2020, 47(4): 285-291. https://doi.org/10.11896/jsjkx.190400001 |
[13] | 屠袁飞,张成真. 面向云端的安全高效的电子健康记录 Secure and Efficient Electronic Health Records for Cloud 计算机科学, 2020, 47(2): 294-299. https://doi.org/10.11896/jsjkx.181202256 |
[14] | 乔毛,秦岭. 云存储服务中一种高效属性撤销的AB-ACCS方案 AB-ACCS Scheme for Revocation of Efficient Attributes in Cloud Storage Services 计算机科学, 2019, 46(7): 96-101. https://doi.org/10.11896/j.issn.1002-137X.2019.07.015 |
[15] | 黄美蓉, 欧博, 何思源. 一种基于特征提取的访问控制方法 Access Control Method Based on Feature Extraction 计算机科学, 2019, 46(2): 109-114. https://doi.org/10.11896/j.issn.1002-137X.2019.02.017 |
|