云环境下ABAC中的属性分配与撤销方法研究
针对云环境下基于属性的访问控制模型中属性分配与撤销缺乏灵活性的问题,通过引入元值的概念,从形式化定义和性能仿真实验两方面进行研究,提出一种基于元值的属性分配与撤销方法,实现模型中的细粒度属性撤销。通过与传统重复授权方法进行比较,该方法符合最小特权原则,具有更高的安全性,同时具有更高的效率。...
Saved in:
| Published in | 计算机应用研究 Vol. 31; no. 12; pp. 3682 - 3684 |
|---|---|
| Main Author | |
| Format | Journal Article |
| Language | Chinese |
| Published |
山东师范大学信息科学与工程学院,济南250014
2014
山东师范大学山东省分布式计算机软件新技术重点实验室,济南250014 |
| Subjects | |
| Online Access | Get full text |
| ISSN | 1001-3695 |
| DOI | 10.3969/j.issn.1001-3695.2014.12.041 |
Cover
| Summary: | 针对云环境下基于属性的访问控制模型中属性分配与撤销缺乏灵活性的问题,通过引入元值的概念,从形式化定义和性能仿真实验两方面进行研究,提出一种基于元值的属性分配与撤销方法,实现模型中的细粒度属性撤销。通过与传统重复授权方法进行比较,该方法符合最小特权原则,具有更高的安全性,同时具有更高的效率。 |
|---|---|
| Bibliography: | 51-1196/TP ZOU Jia-shun,ZHANG Yong-sheng,ZHANG Long-xiang(a. School of Information Science & Engineering, b. Shandong Provincial Key Laboratory for Novel Distributed Computer Software Technology, Shandong Normal University, Jinan 250014, China) To solve the problem of inflexibility in the allocation and revocation of attributes,which existed in the attribute based access control model under the cloud environment,this paper put forward a method based on the meta value. The research was done from two aspects of formal definition and performance simulation experiment to study the improved model. With the introduction of concept of meta value,it proposed a method of allocation and revocation of attribute based on the meta value,which solved the problem of fine-grained attribute revocation in the model. Compared with the traditional repeat authorization method,the method conforms to the principle of least privilege. What is more,it has higher security and higher efficiency. access control;attribute;authorization;meta |
| ISSN: | 1001-3695 |
| DOI: | 10.3969/j.issn.1001-3695.2014.12.041 |