计算机工程与应用 ›› 2020, Vol. 56 ›› Issue (9): 84-92.DOI: 10.3778/j.issn.1002-8331.1901-0361

• 大数据与云计算 • 上一篇    下一篇

云计算环境下基于属性和信任的RBAC模型研究

余波,台宪青,马治杰   

  1. 1.中国科学院 电子学研究所,北京 100190
    2.中国科学院 空间信息处理与应用系统技术重点实验室,北京 100190
    3.中国科学院大学 电子电气与通信工程学院,北京 101408
    4.中国科学院 电子学研究所 苏州研究院,江苏 苏州 215121
    5.江苏物联网研究发展中心,江苏 无锡 214135
  • 出版日期:2020-05-01 发布日期:2020-04-29

Study on Attribute and Trust-Based RBAC Model in Cloud Computing

YU Bo, TAI Xianqing, MA Zhijie   

  1. 1.Institute of Electronics, Chinese Academy of Sciences, Beijing 100190, China
    2.Key Laboratory of Technology in Geo-spatial Information Processing and Application System, Chinese Academy of Sciences, Beijing 100190, China
    3.School of Electronic, Electrical and Communication Engineering, University of Chinese Academy of Sciences, Beijing 101408, China
    4.Institute of Electronics, Chinese Academy of Sciences, Suzhou, Jiangsu 215121, China
    5.Jiangsu Research and Development Center for Internet of Things, Wuxi, Jiangsu 214135, China
  • Online:2020-05-01 Published:2020-04-29

摘要:

基于角色的访问控制(Role-Based Access Control,RBAC)是一种经典的访问控制模型,其将用户与权限通过角色关联起来,使得访问控制更加灵活并易于管理。然而,在云计算环境中,RBAC会出现用户权限滥用和访问控制粒度较粗等安全问题。为解决以上问题,提出一种基于属性(Attribute)和信任(Trust)的RBAC模型,即ATRBAC。ATRBAC采用基于密文策略属性基加密(CP-ABE)的思想和信任评估的方法,一方面,为用户授予一个包含信任值属性的属性集合,另一方面,为角色嵌入一种包含信任阈值的访问结构。只有当用户属性集合匹配角色访问结构时,用户才可以获得角色及对应的权限。实验结果表明,ATRBAC模型能够实现动态授权、权限自动化授予以及更细粒度的访问控制,增强了云环境下数据资源的安全性。

关键词: 云计算, 基于角色的访问控制, 密文策略属性基加密, 信任

Abstract:

Role-Based Access Control(RBAC) is a typical access control model that associates users with permissions through roles, making access control more flexible and easier to manage. However, in cloud computing environment, RBAC will have some security issues, such as the abuse of users’ permissions, the coarse granularity of access control, etc. To solve the above problems, an Attribute and Trust based RBAC model is proposed, named as ATRBAC. ATRBAC adopts the idea of ??Ciphertext Policy Attribute-Based Encryption(CP-ABE) and the method of trust evaluation. In ATRBAC, on the one hand, a user is granted the attribute set, which includes the trust value attribute. On the other hand, a role is embedded in the access structure, which includes the trust threshold. Only when the user’s attribute set matches the role’s access structure, the user can obtain the role and the corresponding permissions. The experimental results indicate that ATRBAC can realize dynamic and automatic authorization of permissions and finer-grained access control, which enhances the security of data and resources in cloud computing.

Key words: cloud computing, Role-Based Access Control(RBAC), Ciphertext Policy Attribute-Based Encryption(CP-ABE), trust