共查询到18条相似文献,搜索用时 171 毫秒
1.
2.
张海娟 《计算机工程与应用》2009,45(27):107-112
基于角色的访问控制模型(RBAC)被普遍认为是当前最具有发展潜力的访问控制策略,已成为信息安全等领域研究的热点之一。然而传统的RBAC模型不能完全适合普适计算环境下的访问控制。在传统RBAC模型的基础上引入信任管理技术,提出了基于信任的模糊访问控制模型(TBAC)。通过区间值模糊理论实现对主体信任度进行评估,依据请求访问主体的信任度所属信任域设置访问控制策略,对于信任值和可靠性高的主体可以划分到比较高的信任域中,访问控制中的角色指派则可以将某一个信任域指派到角色集的一个角色上,从而实现由主体到角色的指派,更加适合普适计算环境下的访问控制要求。 相似文献
3.
多安全域下访问控制模型研究 总被引:2,自引:0,他引:2
提出了一个多安全域下基于角色的访问控制模型(MD-RBAC),该模型以基于角色的访问控制模型(RBAC)为基础,通过角色映射建立起访问控制要素间的关联,并引入有效性约束和基于有效性约束的边界策略对跨域访问的风险进行识别和防护。最后,将MD-RBAC模型与另一个多域环境下的访问控制模型I-RBAC 2000进行了比较。 相似文献
4.
5.
针对多域环境下基于属性的访问控制模型(ABAC)存在的敏感属性泄露等问题,提出了基于信任度的跨域安全访问控制模型(CD-TBAC)。该模型将属性管理系统与域决策系统结合,对属性进行敏感度划分,并引入基于时间衰减性的动态信任度度量机制。通过判别信任度和敏感度之间的关系决定是否提交敏感属性,并结合实时的信任度与主体的某些属性确定角色,最终根据访问控制策略确定主体权限,实现域内外的安全访问。实验和性能分析表明,该模型在效率上完全接近于ABAC,并具备较高的安全性,能防止敏感属性的泄露、实现匿名访问和抗重放攻击等。 相似文献
6.
由于受到虚拟化和弹性化特性的影响,与传统的访问控制相比,云计算下访问控制的约束条件更加复杂,主客体属性及主体所拥有的角色也因而处于动态变化之中。针对云计算下访问控制的上述问题,提出一种基于基于角色的访问控制(RBAC)的云计算访问控制模型。该模型将动态可变机制与主客体安全等级引入到访问控制策略中,既可保证云环境下数据的安全性和可靠性,又具有一定的灵活性。最后给出该模型的实现过程,并在基于云计算的医疗保健系统中予以实现。 相似文献
7.
提出一种扩展的基于角色的访问控制ERBAC模型,以解决RBAC在多域云系统的资源使用约束、策略管理和互操作安全性等方面存在的不足。首先,通过引入容器元素和两类角色基数约束,构建了基于容器元素+动态角色基数约束的资源使用策略;其次,深入研究了多域角色继承管理,提出基于先检测后建立角色关系的域间策略管理函数,并给出各类安全策略冲突检测算法。分析表明,ERBAC模型实现了资源使用约束、支持高效的安全策略管理,提高了跨域互操作的安全性,且性能测试说明了该模型在多域云系统中具有适应性和可行性。 相似文献
8.
访问控制作为保护信息安全的主要手段,能够有效保证用户合法地访问网络资源。随着移动互联网的发展,跨域和跨系统等多域环境下的安全问题面临严峻挑战。为了满足云计算多域环境的访问需求,基于角色访问控制技术,提出一种适用于云计算多域环境的访问控制模型。该模型利用贝叶斯理论得出访问者的可信期望值,然后与预先设定的访问阈值进行比较,决定用户的访问请求是否被允许,且访问权限随着用户可信度动态变化而改变,避免了之前获得高信任值的用户因信任度变化而进行恶意攻击的风险。实验结果表明,提出模型不仅能减少高风险用户的访问请求量,且能满足为用户动态授权的需求。因此该模型可以有效解决云计算多域环境中的安全问题。 相似文献
9.
10.
11.
基于角色的访问控制(Role-Based Access Control,RBAC)是一种经典的访问控制模型,其将用户与权限通过角色关联起来,使得访问控制更加灵活并易于管理。然而,在云计算环境中,RBAC会出现用户权限滥用和访问控制粒度较粗等安全问题。为解决以上问题,提出一种基于属性(Attribute)和信任(Trust)的RBAC模型,即ATRBAC。ATRBAC采用基于密文策略属性基加密(CP-ABE)的思想和信任评估的方法,一方面,为用户授予一个包含信任值属性的属性集合,另一方面,为角色嵌入一种包含信任阈值的访问结构。只有当用户属性集合匹配角色访问结构时,用户才可以获得角色及对应的权限。实验结果表明,ATRBAC模型能够实现动态授权、权限自动化授予以及更细粒度的访问控制,增强了云环境下数据资源的安全性。 相似文献
12.
针对传统的角色访问控制模型权限控制粒度较大,提出一种基于信任的细粒度访问控制模型,该模型在RBAC基础上引入授权信任约束,采用了一种基于忠诚度的信任度计算方法,有效地遏制恶意行为,实现细粒度访问控制。该模型不仅具有RBAC模型的所有优点,而且比RBAC模型具有更好的通用性、灵活性和可扩展性。 相似文献
13.
14.
15.
Hsing-Chung Chen Marsha Anjanette Violetta Cheng-Ying Yang 《The Journal of supercomputing》2013,66(2):1111-1131
Cloud computing is a fast growing field, which is arguably a new computing paradigm. In cloud computing, computing resources are provided as services over the Internet and users can access resources based on their payments. The issue of access control is an important security scheme in the cloud computing. In this paper, a Contract RBAC model with continuous services for user to access various source services provided by different providers is proposed. The Contract RBAC model extending from the well-known RBAC model in cloud computing is shown. The extending definitions in the model could increase the ability to meet new challenges. The Contract RBAC model can provide continuous services with more flexible management in security to meet the application requirements including Intra-cross cloud service and Inter-cross cloud service. Finally, the performance analyses between the traditional manner and the scheme are given. Therefore, the proposed Contract RBAC model can achieve more efficient management for cloud computing environments. 相似文献
16.
Cloud computing is an emerging paradigm to offer on-demand IT services to customers. The access control to resources located in the cloud is one of the critical aspects to enable business to shift into the cloud. Some recent works provide access control models suitable for the cloud; however there are important shortages that need to be addressed in this field. This work presents a step forward in the state-of-the-art of access control for cloud computing. We describe a high expressive authorization model that enables the management of advanced features such as role-based access control (RBAC), hierarchical RBAC (hRBAC), conditional RBAC (cRBAC) and hierarchical objects (HO). The access control model takes advantage of the logic formalism provided by the Semantic Web technologies to describe both the underlying infrastructure and the authorization model, as well as the rules employed to protect the access to resources in the cloud. The access control model has been specially designed taking into account the multi-tenancy nature of this kind of environment. Moreover, a trust model that allows a fine-grained definition of what information is available for each particular tenant has been described. This enables the establishment of business alliances among cloud tenants resulting in federation and coalition agreements. The proposed model has been validated by means of a proof of concept implementation of the access control system for OpenStack with promising performance results. 相似文献
17.
There are many security issues in cloud computing service environments, including virtualization, distributed big-data processing, serviceability, traffic management, application security, access control, authentication, and cryptography, among others. In particular, data access using various resources requires an authentication and access control model for integrated management and control in cloud computing environments. Cloud computing services are differentiated according to security policies because of differences in the permitted access right between service providers and users. RBAC (Role-based access control) and C-RBAC (Context-aware RBAC) models do not suggest effective and practical solutions for managers and users based on dynamic access control methods, suggesting a need for a new model of dynamic access control that can address the limitations of cloud computing characteristics. This paper proposes Onto-ACM (ontology-based access control model), a semantic analysis model that can address the difference in the permitted access control between service providers and users. The proposed model is a model of intelligent context-aware access for proactively applying the access level of resource access based on ontology reasoning and semantic analysis method. 相似文献
18.
Antonios Gouglidis Ioannis Mavridis Vincent C. Hu 《International Journal of Information Security》2014,13(2):97-111
The cloud is a modern computing paradigm with the ability to support a business model by providing multi-tenancy, scalability, elasticity, pay as you go and self-provisioning of resources by using broad network access. Yet, cloud systems are mostly bounded to single domains, and collaboration among different cloud systems is an active area of research. Over time, such collaboration schemas are becoming of vital importance since they allow companies to diversify their services on multiple cloud systems to increase both uptime and usage of services. The existence of an efficient management process for the enforcement of security policies among the participating cloud systems would facilitate the adoption of multi-domain cloud systems. An important issue in collaborative environments is secure inter-operation. Stemmed from the absence of relevant work in the area of cloud computing, we define a model checking technique that can be used as a management service/tool for the verification of multi-domain cloud policies. Our proposal is based on NIST’s (National Institute of Standards and Technology) generic model checking technique and has been enriched with RBAC reasoning. Current approaches, in Grid systems, are capable of verifying and detect only conflicts and redundancies between two policies. However, the latter cannot overcome the risk of privileged user access in multi-domain cloud systems. In this paper, we provide the formal definition of the proposed technique and security properties that have to be verified in multi-domain cloud systems. Furthermore, an evaluation of the technique through a series of performance tests is provided. 相似文献