摘要
针对云计算环境下的访问控制问题,结合云计算环境存在多个逻辑安全域的特点,提出一种面向云计算环境的属性访问控制模型。该模型采用基于属性的访问控制方法实现本地域和跨域访问决策。对该模型进行形式化描述并给出决策核心算法。在域间属性同步方面,设计一种信号量及P/V操作机制以解决对属性表调用和更新的互斥问题。仿真实验表明:该模型不仅实现细粒度访问控制,而且能够缩短访问控制决策时间,提高决策效率。
A cloud computing attributes-based access control(CC-ABAC) model was proposed to solve the multi-domains access control problem in cloud computing. An attribute-based access control method was utilized to realize the local-domain and cross-domain access decisions in this model. The formal description of model and core decision algorithm were given. A semaphore and P/V operation mechanism was designed to solve the incompatible problem of call and update the attribute list in the inter-domains properties synchronization. The simulation results show that the model not only realizes fine-grained access control, but atso reduces the access control decision time and improves decision-making efficiency.
出处
《中南大学学报(自然科学版)》
EI
CAS
CSCD
北大核心
2015年第6期2090-2097,共8页
Journal of Central South University:Science and Technology
基金
国家自然科学基金资助项目(61163025
61462069)
内蒙古自然科学基金资助项目(2012MS0912)资助
内蒙古教育厅高校科研项目(Njzy12110)~~
关键词
云计算
多域
访问控制
云安全
cloud computing
multi-domain
access control
cloud security
