基于信任的云计算访问控制模型的研究与设计
首发时间:2018-10-18
摘要:安全访问控制是云计算安全领域中一个迫切需要解决的问题。基于角色的访问控制(RABC)是一种可扩展的访问控制模型,通过引入角色来对用户和权限进行解耦,简化了授权操作和安全管理,是目前公认的解决资源访问控制最有效的方法。但是在云环境中,用户和资源之间的关系具有不确定性和脆弱性,所以我们需要考虑一些新元素以满足云平台的特性。本文在传统的RBAC模型之上,提出了一种基于信任的RBAC模型,称为T-RBAC(Trust-RBAC)模型。本文采用贝叶斯定理推导出用户和资源之间信任值公式,根据用户对资源的历史访问记录和结果计算出信任值,将信任值与系统设置的阈值比较来决定是否接受本次访问。另外,本文提出SIFD(Slow-increase Fast-decrease)算法,借鉴TCP拥塞控制思想,利用线性增加和乘法减少的思想来调整滑动窗口,从而修正信任值,防止恶意结点通过累积信任值从而对资源进行持续攻击的情况。
For information in English, please click here
Research and Design of Trust-based Cloud Computing Access Control Model
Abstract:Security access control is an urgent problem in the field of cloud computing security. Role-based access control (RABC) is an extensible access control model which decoupling user and permission by introducing roles. It simplifies authorized operations and safety management which is regarded the most useful method to solve Resource access control. But in a cloud environment, The relationship between users and resources is uncertain and fragile. So we need to consider some new elements to meet the characteristics of the cloud platform. This article proposes a new RBAC model based on trust and traditional RBAC model,which named T-RBAC model. This article deduces the trust value formula between user and resource by using Bayes\' theorem, calculates the trust value by user history records and results for resource and compare the trust value with the threshold set by the system to decide whether to accept this visit. In addition, this article proposes SIFD(Slow-increase Fast-decrease) algorithm, which adjusts the sliding window with the idea of linear increase and multiplication reduction to correct trust value and prevent malicious nodes from continuously attacking resources by accumulating trust values.
Keywords: Role-based access control Trust-value cloud platform
基金:
引用
No.****
同行评议
共计0人参与
勘误表
基于信任的云计算访问控制模型的研究与设计
评论
全部评论0/1000