云计算平台基于角色的权限管理系统设计与实现

doi:10.3969/j.issn.1671-1122.2020.01.011

信息网络安全 ›› 2020, Vol. 20 ›› Issue (1): 75-82.doi: 10.3969/j.issn.1671-1122.2020.01.011

云计算平台基于角色的权限管理系统设计与实现

白嘉萌^1,^2,³(), 寇英帅^1,^2,³, 刘泽艺³, 查达仁³

1. 中国科学院信息工程研究所信息安全国家重点实验室,北京 100093
2. 中国科学院大学网络空间安全学院,北京 100049
3. 中国科学院信息工程研究所,北京 100093

收稿日期:2019-08-15 出版日期:2020-01-10 发布日期:2020-05-11
作者简介:
作者简介：白嘉萌（1995—）,女,陕西,硕士研究生,主要研究方向为机器学习;寇英帅（1995—）,男,北京,硕士研究生,主要研究方向为表示学习;刘泽艺（1990—）,男,福建,助理研究员,博士,主要研究方向为信息安全;查达仁（1982—）,男,江苏,高级工程师,博士,主要研究方向为信息安全。
基金资助:
国家自然科学基金[U163620068]

Docker-based RBAC Task Management System

BAI Jiameng^1,^2,³(), KOU Yingshuai^1,^2,³, LIU Zeyi³, ZHA Daren³

1. State Key Laboratory of Information Security, Institute of Information Engineering, CAS, Beijing 100093, China
2. School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China
3. Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100049, China

Received:2019-08-15 Online:2020-01-10 Published:2020-05-11

摘要/Abstract

摘要：

随着互联网技术的飞速发展,Web服务业务量激增,这使得操作系统和应用服务的部署面临着越来越大的挑战,而云计算和虚拟化技术的发展使得上述问题得以改善。虽然虚拟机技术具有很好的隔离性,但是常需面对虚拟化开销大、可扩展性差、部署时间长等问题。一方面以Docker为代表的容器技术能很好地改善这些问题,这使得服务的快速构建、部署、运维和扩展成为可能;另一方面,权限管理是一个几乎所有应用系统都会涉及的一个重要组成部分,其目的是对系统进行权限的控制和管理。对于系统权限的控制是十分重要且必要的,否则会造成系统信息泄露、系统漏洞,对使用者造成难以预估的损失。因此,文章提出了一种将基于角色的权限管理模型实现对权限的管理,并将其部署在云平台上,使得开发人员能够在云平台上高效弹性对地系统进行开发、部署和运维,大大提高了资源利用率和时间效率。

关键词: 权限控制, Docker, 云计算, RBAC, 虚拟化

Abstract:

With the rapid development of the Internet , the quantity of web services has proliferated, which makes the deployment of operating systems and application services more and more challenging. The development of cloud computing and virtualization has led to improvements in these issues. Although virtual machine technology has good isolation, it usually faces problems such as large virtualization overhead, poor scalability and long deployment time. The container technology represented by Docker has improved these problems very well, which allows us to quickly build, deploy, operate and extend services. On the other hand, Rights management is an important part of almost all application systems. Its main purpose is to control and manage the rights of the system. Control of system permissions is very important and necessary. Otherwise, system information leakage, system vulnerabilities and unpredictable losses to users will be caused. We should try to avoid risk problems caused by lack of permission control or improper operation. To solve this problem, this paper proposes a method of applying the role-based rights management model to the system to flexibly manage the rights, and deploys the system on the cloud platform using PaaS idea, enabling development. The personnel can develop, deploy and operate the system efficiently and flexibly on the cloud platform, which greatly improves resource utilization and time efficiency.

Key words: authority control, Docker, cloud computing, RBAC, virtualization

中图分类号:

TP309

白嘉萌, 寇英帅, 刘泽艺, 查达仁. 云计算平台基于角色的权限管理系统设计与实现[J]. 信息网络安全, 2020, 20(1): 75-82.

BAI Jiameng, KOU Yingshuai, LIU Zeyi, ZHA Daren. Docker-based RBAC Task Management System[J]. Netinfo Security, 2020, 20(1): 75-82.

图/表 8

表1

表2

图1

图2

图3

图4

图5

图6

参考文献 15

[1]	ANDERSON Charles.Docker Software Engineering[J]. IEEE Software, 2015, 32(3): 102-103.
[2]	JAGAR R, VERBRUGGEN H B, BRUIJIN P M.Fuzzy Inference in Rule-Based Real-Time Control[J]. Annual Review in Automatic Programming, 1992, 17(1): 183-188.
[3]	TAKABI H, JOSHI J B, AHN G J.Security and Privacy Challenges in Cloud Computing Environments[J]. IEEE Security & Privacy, 2010, 8(6): 24-31.
[4]	OMICINI A, RICCI A, VIRILI M.RBAC for Organisation and Security in an Agent Coordination Infrastructure[J]. Electronic Notes in Theoretical Computer Science, 2005, 128(5): 65-85.
[5]	RICHARD S, BALAZS P, XI V W.Using Docker for Factory System Software Management: Experience Report[J]. Procedia CIRP, 2018, 72(1): 659-664.
[6]	ARANGUREN M E, MARK W D.Enhanced Reproducibility of SADI Web Service Workflows with Galaxy and Docker[J]. GigaScience, 2015, 4(1): 59.
[7]	GEMOH M T, PARK S, KIM J, et al.An Efficient Multi-Task PaaS Cloud Infrastructure Based on Docker and AWS ECS for Application Deployment[J]. Cluster Computing, 2016, 19(3): 1-13.
[8]	BERTINO E, BETTINI C, FERRALI E, et al.An Access Control Model Supporting Periodicity Constraints and Temporal Reasoning[J]. ACM Transactions on Database Systems, 2000, 23(3): 231-285.
[9]	SOLMS B V.Managing Secure Computer Systems and Networks[J]. International Journal of Bio Medical Computing, 1996, 43(1): 47.
[10]	SOBHY M I, SHEHATA A E D. Secure Computer Communication Using Chaotic Algorithms[J]. International Journal of Bifurcation and Chaos, 2000, 10(12): 2831-2839.
[11]	MCDANIEL P, MCLAUGHLIN S.Security and Privacy Challenges in the Smart Grid[J]. IEEE Security & Privacy, 2009, 7(3): 75-82.
[12]	VOLKER R, MEHRDAD J S.Access Control and Key Management for Mobile Agents[J]. Computers & Graphics, 1998, 22(4): 457-461.
[13]	PUCHERAL P.Client-Based Access Control Management for XML Documents[J]. 2006, 30(8): 84-95.
[14]	WIJESEKERA D, JAJODIA S.A Propositional Policy Algebra for Access Control[J]. ACM Transactions on Information and System Security, 2003, 6(2): 286-325.
[15]	DAVID F F, VIJAYALAKSHMI A, SERBAN I G.The Policy Machine: A Novel Architecture and Framework for Access Control Policy Specification and Enforcement[J]. Journal of Systems Architecture, 2011, 57(4): 412-424.

		客体安全等级
		T	S	C	U
主体安全等级	T	R/W	R	R	R
	S	W	R/W	R	R
	C	W	W	R/W	R
	U	W	W	W	R/W

		客体安全等级
		C	I	U
主体安全等级	C	R/W	W	W
	I	R	R/W	W
	U	R	R	R/W

云计算平台基于角色的权限管理系统设计与实现

Docker-based RBAC Task Management System

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 8

参考文献 15

相关文章 15

编辑推荐

Metrics

本文评价

[1]	王湘懿, 张健. 基于图像和机器学习的虚拟化平台异常检测[J]. 信息网络安全, 2020, 20(9): 92-96.
[2]	边曼琳, 王利明. 云环境下Docker容器隔离脆弱性分析与研究[J]. 信息网络安全, 2020, 20(7): 85-95.
[3]	刘渊, 乔巍. 云环境下基于Kubernetes集群系统的容器网络研究与优化[J]. 信息网络安全, 2020, 20(3): 36-44.
[4]	喻露, 罗森林. RBAC模式下数据库内部入侵检测方法研究[J]. 信息网络安全, 2020, 20(2): 83-90.
[5]	任良钦, 王伟, 王琼霄, 鲁琳俪. 一种新型云密码计算平台架构及实现[J]. 信息网络安全, 2019, 19(9): 91-95.
[6]	余奕, 吕良双, 李肖坚, 王天博. 面向移动云计算场景的动态网络拓扑描述语言[J]. 信息网络安全, 2019, 19(9): 120-124.
[7]	王紫璇, 吕良双, 李肖坚, 王天博. 基于共享存储的OpenStack虚拟机应用分发策略[J]. 信息网络安全, 2019, 19(9): 125-129.
[8]	崔艳鹏, 冯璐铭, 闫峥, 蔺华庆. 基于程序切片技术的云计算软件安全模型研究[J]. 信息网络安全, 2019, 19(7): 31-41.
[9]	葛新瑞, 崔巍, 郝蓉, 于佳. 加密云数据上支持可验证的关键词排序搜索方案[J]. 信息网络安全, 2019, 19(7): 82-89.
[10]	田春岐, 李静, 王伟, 张礼庆. 一种基于机器学习的Spark容器集群性能提升方法[J]. 信息网络安全, 2019, 19(4): 11-19.
[11]	赵谱, 崔巍, 郝蓉, 于佳. 一种针对El-Gamal数字签名生成的安全外包计算方案[J]. 信息网络安全, 2019, 19(3): 81-86.
[12]	张振峰, 张志文, 王睿超. 网络安全等级保护2.0云计算安全合规能力模型[J]. 信息网络安全, 2019, 19(11): 1-7.
[13]	时向泉, 陶静, 赵宝康. 面向虚拟化环境的网络访问控制系统[J]. 信息网络安全, 2019, 19(10): 1-9.
[14]	冯新扬, 沈建京. 一种基于Yarn云计算平台与NMF的大数据聚类算法[J]. 信息网络安全, 2018, 18(8): 43-49.
[15]	陶源, 黄涛, 张墨涵, 黎水林. 网络安全态势感知关键技术研究及发展趋势分析[J]. 信息网络安全, 2018, 18(8): 79-85.