摘要
针对当前云计算基础设施服务资源访问越权问题,本文提出了一种基于任务和角色面向服务的访问控制(TRSAC)策略.该策略基于服务实例对工作流进行分解,细化授权对象的范围并结合角色信任规则计算交互实体的信任程度,动态授予角色权限,然后综合任务节点服务需求和访问角色安全等级,求解服务实体的最小授权单元,实现面向云计算基础设施服务(IaaS)层的访问控制策略.理论分析与实验结果表明,该方法虽少量增加了实时评估主客体安全属性的次数,但能较好地保证访问控制中的动态授权原则和最小授权原则,有效地增强了云计算基础设施服务整体的安全性.
In order to solve the security problems of accessing to the resources in IaaS (infrastructure as a service), a access control strategy is designed based on task and role based and service oriented (TRSAC) in this paper. In this strategy , firstly the workflow is decomposed based on service instances to refine the granularity of authorized objects . Then according to the trusted role rules, the trusted level of the interactive entities can be computed in order to grant rights to the role dynamically. Finally, the minimum authorized units are computed by combining task nodes' security attribution with accessing roles' secur ty level . Thereby the fine-grained access control in dynamic environ ment can be realized. Theoretical analysis and experimental results show that although the mechanism marginally add the times of real-time assessment to the subject and the object security properties, it can grantee the principle of dynamic authorization and minimum authorization , thus the security of IaaS is enhanced effectively.
出处
《武汉大学学报(理学版)》
CAS
CSCD
北大核心
2014年第5期377-385,共9页
Journal of Wuhan University:Natural Science Edition
基金
国家重点基础研究发展计划(973)项目(2014CB340600)
国家自然科学基金重点项目(61332019)
国家自然科学基金资助项目(61173138
61272452)
湖北省重点新产品新工艺研究开发项目(2012BAA03004)
湖北省企业合作项目(YB2012120174
YB2013110084)资助
关键词
云计算
基础设施服务
动态授权
最小授权
访问控制
cloud computing
infrastructu~'e as a service
dynamic authorization
minimum authorization
access control
