摘要
针对云计算[1]领域中基础设施服务在运行和管理中存在的安全问题,在传统访问控制模型的基础上综合考虑了云计算基础设施服务[2]的特点,设计了一套访问控制模型。分析了云计算中安全问题的特点及现有方案的不足之处,提出基础设施服务的安全是云计算安全的基础。根据四条设计原则在RBAC模型[3]和TE模型[4]的基础上加以改进形成了适用于云计算基础设施服务的CIRBAC模型和CITE模型,对模型中的各个模块进行了详细的设计。在基于Xen[5-6]虚拟化技术[7]的OpenStack[8]云计算环境中实现了这些访问控制模型。该模型很好地增强了云计算基础设施服务的安全性。
In order to solve the security problems of operation and management in IaaS (Infrastructure as a Service), a access control mechanism is designed based on the traditional access control model and the features of IaaS. Firstly, the secure features of cloud computing and the inadequacies of existing programs are analyzed, It is pointed out the security of IaaS is the basis for the security of cloud computing. Then, according to four design principles, the CIRBAC model and the CITE model are de- signed, which can be used in the infrastructure layer of cloud computing based on the RBAC model and the TE model, and the modules of the models is designed in detail. Finally, the models are achieved at the openstack environment with Xen-based virtualization layer. The model enhances the security of IaaS.
出处
《计算机工程与设计》
CSCD
北大核心
2012年第12期4487-4492,共6页
Computer Engineering and Design
关键词
云计算
基础设施层
基础设施即服务
虚拟化
访问控制
信息安全
cloud computing
infrastructure
infrastructure as a service
virtualization
access control
information security
