云计算的服务安全体系结构和询问控制模型(英文) 被引量：3

Service Security Architecture and Access Control Model for Cloud Computing

下载PDF

导出

摘要 Security is a key problem for the development of Cloud Computing. A common service security architecture is a basic abstract to support security research work. The authorization ability in the service security faces more complex and variable users and environment. Based on the multidimensional views, the service security architecture is described on three dimensions of service security requirement integrating security attributes and service layers. An attribute-based dynamic access control model is presented to detail the relationships among subjects, objects, roles, attributes, context and extra factors further. The model uses dynamic control policies to support the multiple roles and flexible authority. At last, access control and policies execution mechanism were studied as the implementation suggestion. Security is a key problem for the development of Cloud Computing. A common service security architecture is a basic abstract to support security research work. The authorization ability in the service security faces more complex and variable users and environment. Based on the multidimensional views, the service security architecture is described on three dimensions of service security requirement integrating security attributes and service layers. An attribute-based dynamic access control model is presented to detail the relationships among subjects, objects, roles, attributes, context and extra factors further. The model uses dynamic control policies to support the multiple roles and flexible authority. At last, access control and policies execution mechanism were studied as the implementation suggestion.

作者闫丹凤杨放春 Tet Yeap

机构地区 State Key Laboratory of Networking and Switching Technology School of Inflrmation Technology Engineering

出处《China Communications》 SCIE CSCD 2011年第6期44-50,共7页 中国通信（英文版）

基金 supported by National Information Security Program under Grant No.2009A112

关键词 cloud computing service security security architecture access control AUTHORIZATION cloud computing service security security architecture access control authorization

分类号 TP393.08 [自动化与计算机技术—计算机应用技术]

引文网络
相关文献

参考文献4

1王刚,宋执环.一种基于组、角色的文档访问控制模型[J].计算机工程,2002,28(9):113-115. 被引量：4
2杨洋,丁仁杰,闵勇.基于受控对象的访问控制模型[J].电力系统自动化,2003,27(7):36-40. 被引量：10
3Przemyslaw Blaskiewicz Przemyslaw Kubiak Miroslaw Kutylowski.Digital Signatures for e-Government - a Long-Term Security Architecture[J].China Communications,2010,7(6):64-70. 被引量：1
4LIU Qian WANG Guanhai WENG Chuliang LUO Yuan LI Minglu.A Mandatory Access Control Framework in Virtual Machine System with Respect to Multi-level Security I： Theory[J].China Communications,2010,7(4):137-143. 被引量：1

二级参考文献34

1[1]Sandhu R, Samarati P. Authentication, Access Control, and Audit. ACM Comput. Surv., 1996,28(1):241-243
2[2]Thomas R K. Team-based Access Control (TMAC): A Primitive for Applying Role-based Access Controls in Collaborative Environments. ACM RBAC'97, 1997
3[3]Sandhu R S,Coyne E J, Feinstein H L, et al. Role-based Access Control Models. IEEE Computer, 1996,29(2):38-.47
4[4]Shackelford D E,Smith J B,Smith F D.The Architecture and Implemen tation of a Distributed Hypermedia Storage System. Proceedings of ACM Hypertext'93, 1993:1-13
5[4]Morris Sloman, Emil Lupu, Imperial College. Security and Management Policy Specification. IEEE Network, 2002, 16(2)
6[5]Adam N R, Atluri Vijayalakshmi, Bertino Elisa. A Content-based Authorization Model for Digital Libraries. IEEE Translation Knowledge and Data Engineering, 2002, 14(2)
7Sugerman J, Venkitachalam G, Lim B. Virtualizing I/O devices on VMware workstations hosted virtual machine monitor[C]//Proceedings of USENIX Annual Technical Conference, 2001 : 1-14.
8Barham P, Dragovic B, Fraser K, et al. Xen and the art of virtualization[C]//Proceedings of the 19th ACM Symposium on Operating Systems Principles, Lake George, NY, 2003,10.
9Bellovin S.Virtual machines, virtual sectLrity[J]. Communications of the ACM, 2006, 49(10): 104.
10Bell D, Padula L La.Secure computer system: Unified exposition and Multics interpretation[R]. The MITRE Corporation: MTR22997 Revision 1.1976.

共引文献11

1程渤,浮花玲,杨国纬,庹先国.基于工作流任务实例变迁的动态访问控制模型[J].电力系统自动化,2005,29(13):56-59. 被引量：6
2李长城,刘成颖,洪名松,蔡魏.基于受控对象的多主体访问控制模型[J].计算机集成制造系统,2005,11(3):342-346. 被引量：3
3黄敏,荆继武,高能.面向电子文档的协作式访问控制模型[J].计算机工程与设计,2008,29(1):12-15. 被引量：2
4赵琳,黄玉文.网络化系统中权限控制技术研究[J].科技信息,2010(22). 被引量：3
5游学耕.浅析分布式电力监控网络安全管理系统设计[J].无线互联科技,2012,9(7):86-87.
6彭天炜.基于.NET的角色访问控制在继电保护信息系统中的应用[J].计算机光盘软件与应用,2012,15(20):41-41.
7王浩,吴博,葛劲文,王平.物联网中基于受控对象的分布式访问控制[J].电子科技大学学报,2012,41(6):893-898. 被引量：2
8亓祥波,朱云龙,张志东,王海.基于域控制的权限系统模型设计与实现[J].机械设计与制造,2014(2):178-180. 被引量：2
9武凌,王浩.基于对象状态的工作流系统访问控制机制的研究[J].计算机工程与科学,2014,36(9):1697-1704.
10廖竞学,陈福臻,程久军,陈向荣.面向社区物联网创新服务平台的隐私保护系统[J].信息网络安全,2016(12):60-67. 被引量：4

同被引文献32

1李剑,金海菲,景博.一种改进的量子“乒乓”协议安全检测策略及其安全性分析(英文)[J].China Communications,2011,8(3):170-179. 被引量：5
2吕超,李晖,马建峰,牛犇.基于椭圆曲线的RFID协议的安全分析(英文)[J].China Communications,2011,8(4):153-158. 被引量：1
3张鹏,闫峥.移动云服务的自适应业务质量管理(英文)[J].China Communications,2011,8(6):36-43. 被引量：1
4路晓明,冯登国.一种基于身份的多信任域网格认证模型[J].电子学报,2006,34(4):577-582. 被引量：32
5彭华熹.一种基于身份的多信任域认证模型[J].计算机学报,2006,29(8):1271-1281. 被引量：56
6沈雯漪,姚世军.基于SAML和XACML实现安全的Web服务[J].网络安全技术与应用,2006(11):58-60. 被引量：5
7ARMBRUST M, FOX A, GRIFFITH R, et al. Above the Clouds: A Berkeley View of Cloud Computing[R]. UCB/EE- CS-2009-28, 2009.
8PAPAKOS P, CAPRA L, ROSENBLUM D. VOLARE: Context-Aware Adaptive Cloud Service Discovery for Mobile Systems[C]//Proceedings of the 9th International Workshop on Adaptive and Reflective Middleware, 2010: 32-38.
9BUYYA R YEO C, VENUGOPAL S. Market-Oriented Cloud Computing: Vlsion, Hype, and Reality for Delivering IT Services as Corrputing Utilities[C]//Proceedings of the 10th IEEE Intemational Conference on High Performance Com- puting and Communications, 2008: 5-13.
10WEISS A. Computing in the Clouds[J]. net Worker, 2008, 11 (4): 16-25.

引证文献3

1Zhang Qikun,Li Yuanzhang,Song Danjie,Tan Yuan.Alliance-Authentication Protocol in Clouds Computing Environment[J].China Communications,2012,9(7):42-54. 被引量：7
2Yan Danfeng,Sun Jing,Zhang Liying,Yang Fangchun.Trust-Compensation-Based Access Control Model for Web Services[J].China Communications,2012,9(12):8-21. 被引量：1
3Wu Qing,Li Zhenbang,Yin Yuyu,Zeng Hong.Adaptive Service Selection Method in Mobile Cloud Computing[J].China Communications,2012,9(12):46-55.

二级引证文献8

1郭继文,周贤伟.基于代理的异构云认证方案[J].电信科学,2013,29(3):81-84.
2ZHANG Qikun,ZHANG Quanxin,MA Zhongmei,TAN Yu'an.An Authenticated Asymmetric Group Key Agreement for Imbalanced Mobile Networks[J].Chinese Journal of Electronics,2014,23(4):827-835. 被引量：4
3王崇霞,丁颜,刘倩,周贤伟.云计算环境的联盟身份认证方案设计[J].应用科学学报,2015,33(2):215-222. 被引量：2
4刘团奇,张浩军,赵志鹏.一种云环境下基于身份的统一身份认证方案研究[J].中原工学院学报,2015,26(4):55-58. 被引量：2
5赵金辉,王学慧,关文革,尹立杰.考虑主体心理的云制造服务双层规划选择[J].计算机应用研究,2018,35(2):594-599. 被引量：7
6赵森,甘庆晴,王晓明,余芳.多云环境下基于智能卡的认证方案[J].通信学报,2018,39(4):131-138. 被引量：1
7张启坤,甘勇,王锐芳,郑家民,谭毓安.簇间非对称群组密钥协商协议[J].计算机研究与发展,2018,55(12):2651-2663. 被引量：5
8王崇霞,高美真,刘倩,周贤伟.异构云匿名身份认证方案设计[J].微电子学与计算机,2014,31(7):37-41. 被引量：2

1蔡晓宇.IPv6新特性与过渡技术的探讨[J].江苏科技信息,2008(10):46-48.
2funhoo.VoIP安全体系下的全面BreakThrough[J].黑客防线,2008(4):22-27.
3朱政.探讨供电企业信息服务安全[J].通信电源技术,2012,29(5):114-115.
4Wang Bai Xu Liutong.Cloud Computing(4)[J].ZTE Communications,2010,8(4):57-60. 被引量：6
5Lin Ma,Yu Song,Maomao Wu.Technology Explore for Cloud Computing and SOA Convergence[J].通讯和计算机（中英文版）,2012,9(7):771-773.
6王惠莅.全国信安标委发布两项云计算安全国家标准征求意见稿[J].信息技术与标准化,2013(9):18-18.
7蔡晓宇.未来移动通信的核心技术——IPv6[J].电子工程师,2008,34(12):32-36.
8NDS：展示最新的技术和解决方案[J].世界宽带网络,2007,14(4):46-46.
9蔡瑞,何炎祥,彭敏,韦福如.基于Agent和CORBA的应用服务系统[J].计算机应用研究,2006,23(6):248-250.
10“中国联通沃云”引领企业信息化新时代[J].中国信息界,2014,0(8):32-35. 被引量：1

China Communications

2011年第6期

浏览历史

内容加载中请稍等...