云计算环境下基于属性和信任的RBAC模型研究

Study on Attribute and Trust-Based RBAC Model in Cloud Computing

基于角色的访问控制(Role-Based Access Control,RBAC)是一种经典的访问控制模型,其将用户与权限通过角色关联起来,使得访问控制更加灵活并易于管理。然而,在云计算环境中,RBAC会出现用户权限滥用和访问控制粒度较粗等安全问题。为解决以上问题,提出一种基于属性(Attribute)和信任(Trust)的RBAC模型,即ATRBAC。ATRBAC采用基于密文策略属性基加密(CP-ABE)的思想和信任评估的方法,一方面,为用户授予一个包含信任值属性的属性集合,另一方面,为角色嵌入一种包含信任阈值的访问结构。只有当用户属性集合匹配角色访问结构时,用户才可以获得角色及对应的权限。实验结果表明,ATRBAC模型能够实现动态授权、权限自动化授予以及更细粒度的访问控制,增强了云环境下数据资源的安全性。

Role-Based Access Control(RBAC)is a typical access control model that associates users with permissions through roles, making access control more flexible and easier to manage. However, in cloud computing environment,RBAC will have some security issues, such as the abuse of users’ permissions, the coarse granularity of access control,etc. To solve the above problems, an Attribute and Trust based RBAC model is proposed, named as ATRBAC. ATRBAC adopts the idea of Ciphertext Policy Attribute-Based Encryption(CP-ABE) and the method of trust evaluation. In ATRBAC, on the one hand, a user is granted the attribute set, which includes the trust value attribute. On the other hand, a role is embedded in the access structure, which includes the trust threshold. Only when the user’s attribute set matches the role’s access structure, the user can obtain the role and the corresponding permissions. The experimental results indicate that ATRBAC can realize dynamic and automatic authorization of permissions and finer-grained access control,which enhances the security of data and resources in cloud computing.