摘要
提出一种基于策略属性协商的云间组合服务访问控制机制.使用属性来表达服务组件之间的授权关系,能够满足云环境下动态、弹性、点对点的交互特点,该机制使用策略属性协商来实现访问控制的交互,减少了服务内安全信息的披露,有效地保护了用户隐私,实现了云组合服务内不同服务组件的策略对外一致性的访问控制表现.设计一种基于历史信息的策略协商算法,通过同步高频协商策略、存储历史协商信息、计算属性披露开销,来优化协商流程,提高交互效率.仿真实验验证了该机制的可行性及其运行效率.
APoAN(access control mechanism based on policy attribute negotiation)was proposed for cloud composite servic.In APoAN,an authorization relation between service components was described at the attribute level that can meet the dynamic,flexible,point-to-point interaction characterisics in cloud environment.The mechanism used policy attribute negotiation to achieve interactive process of access control,which reduced the disclosure of security information within the service and effectively protected the user's privacy.The mechanism can ensure the consistent presentation of different service components policies in global composite service.A policy negotiation algorithm was designed based on historical information.The negotiation process was optimized and the efficiency of negotiation was improved by synchronizing high frequency negotiation policy,storing history information of negotiation and calculating the cost of attributes disclosure.Finally,the simulation results show the feasibility and efficiency of the proposed mechanism.
出处
《浙江大学学报(工学版)》
EI
CAS
CSCD
北大核心
2017年第12期2332-2340,共9页
Journal of Zhejiang University:Engineering Science
基金
国家"863"高技术研究发展计划资助项目(2015AA011705)
国家重点研发计划资助项目(2016YFB0501901
2015AA016006)
国家自然科学基金资助项目(61502531)
河南省自然科学基金资助项目(162300410334)
