期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于等级的电子政务云跨域访问控制技术 被引量:8

Cross-domain access control for e-government cloud based on classification
下载PDF
导出
摘要 针对电子政务云跨域访问中用户资源共享访问控制细粒度不足的安全问题,提出一种基于用户等级的跨域访问控制方案。该方案采用了云计算典型访问控制机制——身份和访问控制管理(IAM),实现了基于用户等级的断言属性认证,消除了用户在资源共享中由于异构环境带来的阻碍,提供一种细粒度的跨域访问控制机制。基于Shibboleth和Open Stack的keystone安全组件,搭建了云计算跨域访问系统,通过测试对比用户的域外和域内token,证明了方案的可行性。 Since the access control grain is not enough fine while users share resource during e-government cloud crossdomain access, a cross-domain access control scheme based on user's classification was proposed. In this scheme, a typical cloud computing access control mechanism — Identity and Access-control Management( IAM) was adopted, the assertion attribute authentication based on user classification was implemented, the obstruction caused by heterogeneity during resource sharing was also eliminated, and a fine-grained cross-domain access control mechanism was provided. Finally, a cross-domain system for cloud computer environment based on Shibboleth and secure component keystone of Open Stack was built, the feasibility of the scheme was proved by the test of comparing the tokens between inter-domain and outer-domain of a user.
作者 池亚平 王艳 王慧丽 李欣
机构地区 北京电子科技学院通信工程系 西安电子科技大学通信工程学院
出处 《计算机应用》 CSCD 北大核心 2016年第2期402-407,共6页 journal of Computer Applications
基金 中央高校基本科研业务费专项资金资助项目(YZDJ1202) 中央高校基本科研业务费资助项目(328201537)~~
关键词 电子政务云 跨域访问控制 等级 身份和访问控制管理 安全断言标记语言 e-government cloud cross-domain access control classification Identity and Access-control Management(IAM) Security Assertion Markup Language(SAML)
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献14

  • 1刘彦凯.“云计算”如何服务电子政务[J].信息化建设,2011(8):17-19. 被引量:9
  • 2CHEN L, CRAMPTON J. Inter-domain role mapping and least privilege[C]//SACMAT '07: Proceedings of the 12th ACM Symposium on Access Control Models and Technologies. New York: ACM, 2007: 157-162.
  • 3SAFFARIAN M, SADIGHI B. Owner-Based Role-Based Access Control OB-RBAC[C]//ARES 2010: Proceedings of the 2012 Seventh International Conference on Availability, Reliability and Security. Washington, DC: IEEE Computer Society, 2010: 236-241.
  • 4徐云,肖田元.基于角色映射的跨平台授权研究[J].计算机集成制造系统,2007,13(9):1866-1872. 被引量:5
  • 5XU Z, FENG D, LI L, et al. UC-RBAC: a usage constrained role-based access control model[C]//ICICS 2003: Proceedings of the 5th International Conference on Information and Communications Security, LNCS 2836. Berlin: Springer-Verlag, 2003: 337-347.
  • 6LIANG Z. A new kind of single sign-on model base on mobile Agent[C]//Proceedings of the 2010 2nd International Conference on Information Engineering and Computer Science. Piscataway, NJ: IEEE, 2010: 1-4.
  • 7BAIER D, BERTOCCI V, BROWN K, et al. A guide to claims-based identity and access control: authentication and authorization for services and the Web[M]. 2nd ed. [S.l.]: Microsoft Patterns & Practices, 2013: 187-191.
  • 8冯登国,张敏,张妍,徐震.云计算安全研究[J].软件学报,2011,22(1):71-83. 被引量:1067
  • 9ZHANG W, LI Y. Federation access control model based on Web-service[C]//ICEE '10: Proceedings of the 2010 International Conference on E-Business and E-Government. Washington, DC: IEEE Computer Society, 2010: 38-41.
  • 10STANDARDWORKING O, CAHILL C P, AOL J, et al. Assertions and protocols for the OASIS Security Assertion Markup Language (SAML) V2. 0——errata composite [S/OL]. [S.l.]: OASIS, 2006: 243-247. (2014-03-15) [2015-07-22]. https://lists.oasis-open.org/archives/security-services/200404/pdf00002.pdf.

二级参考文献40

  • 1罗武庭.DJ—2可变矩形电子束曝光机的DMA驱动程序[J].LSI制造与测试,1989,10(4):20-26. 被引量:373
  • 2Organization for the Advancement of Structured Information Standards (OASIS) http://www.oasis-open.org/.
  • 3Distributed Management Task Force (DMTF) http://www.dmtf.org/home.
  • 4Cloud Security Alliance http://www.cloudsecurityalliance.org.
  • 5Crampton J, Martin K, Wild P. On key assignment for hierarchical access control. In: Guttan J, ed, Proc. of the 19th IEEE Computer Security Foundations Workshop--CSFW 2006. Venice: IEEE Computer Society Press, 2006. 5-7.
  • 6Damiani E, De S, Vimercati C, Foresti S, Jajodia S, Paraboschi S, Samarati P. An experimental evaluation of multi-key strategies for data outsourcing. In: Venter HS, Eloff MM, Labuschagne L, Eloff JHP, Solms RV, eds. New Approaches for Security, Privacy and Trust in Complex Environments, Proc. of the IFIP TC-11 22nd Int'l Information Security Conf. Sandton: Springer-Verlag, 2007. 395-396.
  • 7Bethencourt J, Sahai A, Waters B. Ciphertext-Policy attribute-based encryption. In: Shands D, ed. Proc. of the 2007 IEEE Symp. on Security and Privacy. Oakland: IEEE Computer Society, 2007. 321-334. [doi: 10.1109/SP.2007.11].
  • 8Yu S, Ren K, Lou W, Li J. Defending against key abuse attacks in KP-ABE enabled broadcast systems. In: Bao F, ed. Proc. of the 5th Int'l Conf. on Security and Privacy in Communication Networks. Singapore: Springer-Verlag, http://www.linkpdf.com/ ebook-viewer.php?url=http://www.ualr.edu/sxyul/file/SecureCommO9_AFKP_ABE.pdf.
  • 9Ibraimi L, Petkovic M, Nikova S, Hartel P, Jonker W. Ciphertext-Policy attribute-based threshold decryption with flexible delegation and revocation of user attributes. Technical Report, Centre for Telematics and Information Technology, University of Twente, 2009.
  • 10Roy S, Chuah M. Secure data retrieval based on ciphertext policy attribute-based encryption (CP-ABE) system for the DTNs. Technical Report, 2009.

共引文献1084

同被引文献72

引证文献8

二级引证文献39

计算机应用
2016年 第2期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部