摘要
充分考虑现代企业云存储的安全需求,依据企业的组织结构特征,提出一种灵活安全的针对企业数据存储的访问控制新模型:E-ABAC(Attribute-Based Access Control for Enterprise).与其它访问控制模型相比,E-ABAC模型最大的不同是为云存储平台中的主体和客体增加了组织结构属性,主体对客体的访问控制权限是以主客双方组织结构属性的匹配为依据.该模型不仅可以实现用户对企业数据的访问控制,使企业用户在没有得到授权的情况下无法访问,而且也可以通过改变客体属性标签实现企业内部和企业之间数据的自然、合理共享.最后将该模型运用到HDFS(Hadoop Distribute File System)进行实现.结果表明,该方法可以有效保障云存储系统用户对企业数据的访问权限控制和实现企业数据的受控共享.
According to the enterprise organization structure characteristics, a flexible and safe access control model-E-ABAC ( Attrib- ute-Based Access Control for Enterprise ) is proposed. Comparing with other existing access control models, the biggest difference is adding new organization structure attributes for subjects and objects. The model not only can implement the access control of enterprise data and make the users could not access data when they are not authorized, but it can realize natural and reasonable data sharing in the enterprise and between different enterprises by changing the object attribute tags. Finally,we apply E-ABAC to the Hadoop Distribute File System, and the experimentalresult shows that the method can guarantee the access permissions to enterprise data and realize con- trolled sharing of enterprise data in cloud storage.
出处
《小型微型计算机系统》
CSCD
北大核心
2016年第6期1185-1190,共6页
Journal of Chinese Computer Systems
基金
国家自然科学基金项目(61373162)资助
四川省科技支撑项目(2014GZ007)资助
