论文部分内容阅读
针对当前云计算基础设施服务资源访问越权问题,本文提出了一种基于任务和角色面向服务的访问控制(TRSAC)策略.该策略基于服务实例对工作流进行分解,细化授权对象的范围并结合角色信任规则计算交互实体的信任程度,动态授予角色权限,然后综合任务节点服务需求和访问角色安全等级,求解服务实体的最小授权单元,实现面向云计算基础设施服务(IaaS)层的访问控制策略.理论分析与实验结果表明,该方法虽少量增加了实时评估主客体安全属性的次数,但能较好地保证访问控制中的动态授权原则和最小授权原则,有效地增强了云计算基础设施服务整体的安全性.
In view of the problem of over-privilege access to cloud computing infrastructure services, this paper proposes a service-oriented access control (TRSAC) strategy based on tasks and roles.This strategy decomposes workflows based on service instances to refine the scope of authorized objects The role trust rule calculates the trust degree of the interactive entities and dynamically grants the role permissions. Then, based on the service requirements of the task nodes and the security level of the access roles, the minimum authorization unit of the service entity is solved to implement the access control policy for cloud infrastructure services (IaaS) The theoretical analysis and experimental results show that although this method adds a small number of real - time evaluation of the number of security attributes of the subject and the object, it can better guarantee the principle of dynamic authorization and the minimum authorization in access control, and effectively enhance the cloud computing infrastructure services Overall safety.