With the development of cloud computing, the mutual understandability among distributed data access control has become an important issue in the security field of cloud computing. To ensure security, confidentiality a...With the development of cloud computing, the mutual understandability among distributed data access control has become an important issue in the security field of cloud computing. To ensure security, confidentiality and fine-grained data access control of Cloud Data Storage (CDS) environment, we proposed Multi-Agent System (MAS) architecture. This architecture consists of two agents: Cloud Service Provider Agent (CSPA) and Cloud Data Confidentiality Agent (CDConA). CSPA provides a graphical interface to the cloud user that facilitates the access to the services offered by the system. CDConA provides each cloud user by definition and enforcement expressive and flexible access structure as a logic formula over cloud data file attributes. This new access control is named as Formula-Based Cloud Data Access Control (FCDAC). Our proposed FCDAC based on MAS architecture consists of four layers: interface layer, existing access control layer, proposed FCDAC layer and CDS layer as well as four types of entities of Cloud Service Provider (CSP), cloud users, knowledge base and confidentiality policy roles. FCDAC, it’s an access policy determined by our MAS architecture, not by the CSPs. A prototype of our proposed FCDAC scheme is implemented using the Java Agent Development Framework Security (JADE-S). Our results in the practical scenario defined formally in this paper, show the Round Trip Time (RTT) for an agent to travel in our system and measured by the times required for an agent to travel around different number of cloud users before and after implementing FCDAC.展开更多
Access control in a grid environment is a challenging issue because the heterogeneous nature and independent administration of geographically dispersed resources in grid require access control to use fine-grained poli...Access control in a grid environment is a challenging issue because the heterogeneous nature and independent administration of geographically dispersed resources in grid require access control to use fine-grained policies. We established a task-and-role-based access-control model for computational grid (CG-TRBAC model), integrating the concepts of role-based access control (RBAC) and task-based access control (TBAC). In this model, condition restrictions are defined and concepts specifically tailored to Workflow Management System are simplified or omitted so that role assignment and security administration fit computational grid better than traditional models; permissions are mutable with the task status and system variables, and can be dynamically controlled. The CG-TRBAC model is proved flexible and extendible. It can implement different control policies. It embodies the security principle of least privilege and executes active dynamic authorization. A task attribute can be extended to satisfy different requirements in a real grid system.展开更多
作为一种新的电子医疗技术,无线体域网(wireless body area networks,WBANs)将在病情监测中发挥重要作用,安全性及隐私性保护是无线体域网的重要内容。针对WBANs数据访问控制提出一种细粒度的数据访问方法,该方法采用基于属性的数据加...作为一种新的电子医疗技术,无线体域网(wireless body area networks,WBANs)将在病情监测中发挥重要作用,安全性及隐私性保护是无线体域网的重要内容。针对WBANs数据访问控制提出一种细粒度的数据访问方法,该方法采用基于属性的数据加密方法,加密者将数据访问结构作为访问策略,当解密者所具有的属性满足该结构时,即可访问该数据,否则,拒绝用户访问。分别从正确性、安全性及能量消耗三方面对方案进行分析。仿真实验结果表明,本方案相对其他方案能量消耗较小。展开更多
文摘With the development of cloud computing, the mutual understandability among distributed data access control has become an important issue in the security field of cloud computing. To ensure security, confidentiality and fine-grained data access control of Cloud Data Storage (CDS) environment, we proposed Multi-Agent System (MAS) architecture. This architecture consists of two agents: Cloud Service Provider Agent (CSPA) and Cloud Data Confidentiality Agent (CDConA). CSPA provides a graphical interface to the cloud user that facilitates the access to the services offered by the system. CDConA provides each cloud user by definition and enforcement expressive and flexible access structure as a logic formula over cloud data file attributes. This new access control is named as Formula-Based Cloud Data Access Control (FCDAC). Our proposed FCDAC based on MAS architecture consists of four layers: interface layer, existing access control layer, proposed FCDAC layer and CDS layer as well as four types of entities of Cloud Service Provider (CSP), cloud users, knowledge base and confidentiality policy roles. FCDAC, it’s an access policy determined by our MAS architecture, not by the CSPs. A prototype of our proposed FCDAC scheme is implemented using the Java Agent Development Framework Security (JADE-S). Our results in the practical scenario defined formally in this paper, show the Round Trip Time (RTT) for an agent to travel in our system and measured by the times required for an agent to travel around different number of cloud users before and after implementing FCDAC.
基金Funded by the Natural Science Foundation of China under Grant Nos. 60503040 and 60403027.
文摘Access control in a grid environment is a challenging issue because the heterogeneous nature and independent administration of geographically dispersed resources in grid require access control to use fine-grained policies. We established a task-and-role-based access-control model for computational grid (CG-TRBAC model), integrating the concepts of role-based access control (RBAC) and task-based access control (TBAC). In this model, condition restrictions are defined and concepts specifically tailored to Workflow Management System are simplified or omitted so that role assignment and security administration fit computational grid better than traditional models; permissions are mutable with the task status and system variables, and can be dynamically controlled. The CG-TRBAC model is proved flexible and extendible. It can implement different control policies. It embodies the security principle of least privilege and executes active dynamic authorization. A task attribute can be extended to satisfy different requirements in a real grid system.
文摘目前,传统的RBAC(Role-Based Access Control)访问控制模型在支持细粒度服务和角色迁移的可控性上存在一定不足.针对这些不足,结合开放式网络环境的实际情况,文中提出了量化服务的概念,实现了一种基于细粒度角色和服务的访问控制机制,给出了一个形式化的基于量化服务和角色的访问控制模型QSRBAC(Quantified Services and Roles Based Access Control).该模型提供了灵活的访问控制粒度,支持对角色和服务的多角度访问控制,支持权限动态调整和条件角色迁移,可以用于大规模开放式网络环境.经测试,在百万规模规则的情况下,基于该模型的访问控制系统内存占用9.6GB以下,平均规则执行时间20μs以内.实验结果证明,该模型可以满足访问控制的效果和时间要求,它的应用显著增强了访问控制过程的可管理性.
文摘作为一种新的电子医疗技术,无线体域网(wireless body area networks,WBANs)将在病情监测中发挥重要作用,安全性及隐私性保护是无线体域网的重要内容。针对WBANs数据访问控制提出一种细粒度的数据访问方法,该方法采用基于属性的数据加密方法,加密者将数据访问结构作为访问策略,当解密者所具有的属性满足该结构时,即可访问该数据,否则,拒绝用户访问。分别从正确性、安全性及能量消耗三方面对方案进行分析。仿真实验结果表明,本方案相对其他方案能量消耗较小。