摘要
从云环境下跨域资源访问的安全需求出发,结合现有系统采用访问控制模型的现状,在RBAC模型的基础上,引入风险管理机制,将风险游标的概念扩充到访问发起域中,增强了跨域访问的安全性.在交互的双方中引入时效性约束,将访问时间与风险等级挂钩,从而实现细粒度基于风险的跨域访问控制.同时为域中每个节点设置跨域访问次数阈值,限定节点申请跨域访问的频率,避免了集中恶意行为的发生.通过设置标识位的方法,限制管理节点对历史记录的访问,实现对历史记录的隐私保护.
From the view of security requirements on cross-domain resource, combining with the current situation of the access control model in existed system, we propose a new cross-domain access control model with risk mechanism. This model imports risk man- agement to RBAC model. Not only uses it in the required domain, but also extends the risk cursor to the domain which starts the re- quirement. This risk cursor mechanism enhances the security of cross domain requirement. In addition, the model also imports time- line in each domain which involved in the requirement. The timeline binds with the risk level in order to realize the granule of the cross-domain access control. It is determined by the human beings according to the experience. The nodes which require longer time may involve higher risk. With risk and timeline mechanism, a fine-grained authorization mechanism is enabled. This new model also set threshold of visiting time to limit the frequency of the requirement, in order to restrict the frequency of the requirement. It will a- void the happening of the centralized malicious behavior. Use 0 or 1 to mark which resource the management node can see. Through the method of restrictions on history records management node visit, this model realizes privacy protection on the historical records.
出处
《小型微型计算机系统》
CSCD
北大核心
2012年第12期2720-2723,共4页
Journal of Chinese Computer Systems
基金
国家"八六三"重大项目(2009AA044601)资助
关键词
跨域
风险
访问控制
RBAC
隐私保护
cross-domain
risk
access control
RBAC
privacy protection
