一种多租户授权管理访问控制模型

发布时间：2018-04-26 09:54

本文选题：多租户 + 云服务　；参考：《计算机工程与应用》2015年19期

【摘要】：针对云服务中多租户应用面临越权访问和联合恶意攻击问题,综合聚类思想和基于密文策略的属性加密(CP-ABE)提出一种多租户授权管理访问控制模型(MTACM)。该模型根据多租户的业务特点将角色任务聚类为任务组,并采用匹配因子标记任务组,进而通过任务组授权管理角色属性,以实现角色的细粒度授权访问控制管理,减少系统计算量开销,降低系统的复杂度。在虚拟环境下实现了该模型算法,且通过逻辑推理证明了模型的安全性和系统访问的高效性。
[Abstract]:In view of the problem that multi-tenant applications in cloud services are facing the problem of over-privileged access and joint malicious attack, a multi-tenant authorization management access control model is proposed by combining clustering ideas and attribute encryption based on ciphertext policy. According to the characteristics of multi-tenant business, the role tasks are clustered into task groups, and the matching factors are used to mark the task groups, and then the role attributes are managed through the task group authorization, so that the fine-grained access control management of the roles can be realized. Reduce the computational overhead and reduce the complexity of the system. The model algorithm is implemented in virtual environment, and the security of the model and the efficiency of system access are proved by logical reasoning.
【作者单位】：西安建筑科技大学信息与控制工程学院;西安建筑科技大学管理学院;
【基金】：国家自然科学基金(No.61272458) 西安市2013技术转移促进工程项目(No.CXY1348-1)
【分类号】：TP393.08

【参考文献】