云环境下基于RBAC的权限渗透问题
发布时间:2018-08-15 13:42
【摘要】:针对基于角色的访问控制模型在云计算跨域访问方面安全性不足的问题,在基于角色映射技术的基础上引入网络中跳数的定义,提出一种基于跳数的访问控制策略以解决在角色映射过程中所产生的权限渗透问题.从访问过程和形式化定义两方面对该策略进行了研究,并进行了仿真性能实验.与其他策略进行了比较,该策略通过在角色集和用户集中添加相应的字段来实现对跨域访问距离的细粒度控制,因此并未产生新的集合,进行跨域访问时也无须建立任何的镜像角色.实验结果表明该策略与传统跨域访问策略相比具有更高的效率以及更低的存储消耗.
[Abstract]:Aiming at the lack of security of role-based access control model in cloud computing cross-domain access, the definition of hops in network is introduced on the basis of role-based mapping technology. An access control strategy based on number of hops is proposed to solve the problem of privilege penetration in the process of role mapping. The strategy is studied from the aspects of access procedure and formal definition, and the simulation performance experiment is carried out. Compared with other policies, the policy implements fine-grained control over cross-domain access distances by adding appropriate fields to the role set and user set, so it does not produce a new collection. There is also no need to create any mirroring roles for cross-domain access. Experimental results show that the proposed strategy has higher efficiency and lower storage consumption than the traditional cross-domain access strategy.
【作者单位】: 山东师范大学信息科学与工程学院;山东师范大学分布式计算机软件新技术重点实验室;
【基金】:山东省自然科学基金资助项目(ZR2011FM019) 山东省研究生教育创新计划资助项目(SDYY11117)
【分类号】:TP393.08
[Abstract]:Aiming at the lack of security of role-based access control model in cloud computing cross-domain access, the definition of hops in network is introduced on the basis of role-based mapping technology. An access control strategy based on number of hops is proposed to solve the problem of privilege penetration in the process of role mapping. The strategy is studied from the aspects of access procedure and formal definition, and the simulation performance experiment is carried out. Compared with other policies, the policy implements fine-grained control over cross-domain access distances by adding appropriate fields to the role set and user set, so it does not produce a new collection. There is also no need to create any mirroring roles for cross-domain access. Experimental results show that the proposed strategy has higher efficiency and lower storage consumption than the traditional cross-domain access strategy.
【作者单位】: 山东师范大学信息科学与工程学院;山东师范大学分布式计算机软件新技术重点实验室;
【基金】:山东省自然科学基金资助项目(ZR2011FM019) 山东省研究生教育创新计划资助项目(SDYY11117)
【分类号】:TP393.08
【相似文献】
相关期刊论文 前10条
1 樊银亭;王春清;周德祥;;一种ERBAC模型的设计与实现[J];合肥工业大学学报(自然科学版);2007年07期
2 孙国栋;代新;李九灵;赵大兴;;基于角色与监控组件可配置的访问控制[J];湖北工业大学学报;2010年04期
3 李岳t,
本文编号:2184376
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2184376.html
