摘要
针对虚拟化IaaS(Infrastructure as a Service)环境下的安全隔离及访问控制问题进行了研究,通过系统地研究IaaS环境下的安全隔离与访问控制需求,以安全域划分原则为指导,从网络基础设施、域边界管控、安全支撑性基础设施方面综合考虑,系统地构建了IaaS平台网络安全域模型;并重点针对IaaS平台特有的共享多租户环境,抽象了租户域要素并构建了租户域模型.进一步地,在所构建的安全域模型的基础上,结合云计算环境下资源动态性、云资源具有时效性等因素,从用户业务会话访问控制的角度出发,基于RBAC(Role-Based Access Control)模型及UCON(Usage CONtrol)模型构建了包括用户、角色、权限、资源、授权规则等元素的云资源访问控制模型CloudAC,从而保障虚拟化IaaS环境下用户对云资源访问的安全性.实践表明,依据提出的安全域模型构建的云计算IaaS环境,可以有效地保障不同业务功能网络的安全隔离;利用基于租户域或租户子域构建的隔离网络环境,可以在较小的管理与资源开销下为租户提供灵活的域划分能力,让租户可以依据业务安全需求自主构建隔离与边界可控的网络环境,消除了传统方式下进行网络分段时对物理网络或物理防火墙的配置需求;并使业务环境具有纵深防御能力.同时,依据所构建的云资源访问控制模型,可以灵活构建具有权限分离、用户属性与云资源属性约束、云资源租赁时间约束、虚拟机资源隔离性增强特性的云资源访问控制系统,且相关属性与约束元素可结合业务需求按需扩充,从而能够更好地满足云环境下具有多租户共享、动态特性的云资源访问控制需求.
To stratify the requirements of safety isolation of different business functions networks and access control of cloud resources in IaaS( Infrastructure as a Service) environments,according to the principles of network security domain division,and taking into account network infrastructure,access control of domain perimeter,and security supporting,a security domain model for virtualization IaaS environment was constructed systematically. And focusing on the multi-tenant environment in IaaS platform,the essential factors of the tenant network domain were abstracted and a tenant domain model was constructed. Moreover,based on the above security domain model for virtualization IaaS environment and RBAC( Role-Based Access Control) model and UCON( Usage CONtrol)model,and taking account of the factors of dynamic nature and time sensitive of cloud resource,an access control model for cloud resource that named CloudAC was constructed to ensure cloud resources were accessed and delivered legitimately and securely from the perspective of access control of users’ business sessions,which contains factors of users,roles,permissions,resource,authorization rules and etc.. The results showed that by employing the security domain model to construct network architecture,the tenant network domain or sub-domain environment could be built with consuming little management cost and computing resource,which eliminated configuration requirements for physical networks or physical firewalls effectively when network segmentation was performed and have the prosperity of defense-in-depth according to the business isolation and security requirements.,and the security isolation of different business networks could be ensured. Moreover,a flexible cloud resources management system cloud be constructed effectively by employing the access control model,which had the extensible properties of privilege separation,attributes constraints for user subject and cloud resource object,lease time constraints for cloud resources,and enhanced security isolation for virtual machines. The CloudAC model was more suitable to satisfy the requirements of access control of cloud resources that had the characteristics of multi-tenant shared and dynamic.
作者
尹学渊
陈兴蜀
陈林
YIN Xue-yuan;CHEN Xing-shu;CHEN Lin(College of Computer Science,Sichuan University,Chengdu 610065,China;Cybersecurity Research Institute,Sichuan University,Chengdu 610065,China)
出处
《小型微型计算机系统》
CSCD
北大核心
2019年第1期111-116,共6页
Journal of Chinese Computer Systems
基金
国家科技支撑计划项目(2012BAH18B05)资助
国家自然科学基金项目(61272447)资助
关键词
云计算
基础设施即服务
安全域
访问控制
cloud computing
infrastructure as a service
network security domain
access control
