摘要
针对传统访问控制模型引发的数据泄露和安全问题,结合企业不断提升的数据泄漏防范要求,提出软件定义边界下的可信动态访问控制模型,利用数据的语义信息、数据来源信息、数据使用模式计算数据访问的可信度,以此来强化动态访问策略,在评估数据的可信度上用户干预性最小,根据访问数据集实时情况所引起的可信度变化来调整访问控制策略。实验结果表明,该模型能够以较少的开销增强对多源数据集的访问控制,解决了当前软件定义边界下云平台中访问控制模型安全性不足的问题。
In view of the data leakage and security problems caused by the traditional access control model and the continuous requirements of data leakage prevention from the enterprises, this paper proposes a trusted dynamic access control model under the software-defined boundary, which uses the semantic information, data source information and data usage mode to calculate the credibility of data access, so as to strengthen the dynamic access strategy and minimize the user intervention in evaluating the data credibility. Furthermore, the access control strategy is adjusted according to the credibility change caused by the real-time situation of the access data set. The experimental results show that the proposed model can enhance the access control of multi-source data sets with less overhead, and solve the problem of insufficient security of access control model in cloud platform under the current software-defined boundary.
作者
王骏彪
WANG Junbiao(Yunnan Branch of China Telecom Co.,Ltd.,Kunming 650000,China)
出处
《移动通信》
2020年第8期80-86,共7页
Mobile Communications
关键词
可信度
动态
访问控制策略
数据语义信息
credibility
dynamic
access control policy
data semantic information
