信息网络安全

信息网络安全 ›› 2014, Vol. 14 ›› Issue (12): 71-75.doi: 10.3969/j.issn.1671-1122.2014.12.015

• 技术研究 • 上一篇    下一篇

SaaS模式下基于用户行为的动态访问控制模型研究与实现

郭飞, 张华, 高飞   

  1. 北京邮电大学网络与交换技术国家重点实验室,北京 100876
  • 收稿日期:2014-10-14 出版日期:2014-12-15
  • 通讯作者: 郭飞 guofei99@126.com
  • 作者简介:郭飞(1988-),男,山西,硕士研究生,主要研究方向:网络安全;张华(1978-),女,吉林,副教授,博士,主要研究方向:密码学、网络安全;高飞(1980-),男,河北,教授,博士,主要研究方向:量子密码。
  • 基金资助:
    国家自然科学基金[61300181,61272057,61202434,61170270,61100203,61121061]; 中央高校基本科研业务费专项资金[2012RC0612]

Research and Implement on Dynamic Access Control Model Based on User’s Behavior in SaaS

GUO Fei, ZHANG Hua, GAO Fei   

  1. State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing 100876, China
  • Received:2014-10-14 Online:2014-12-15

RichHTML

2

摘要: SaaS服务共享的特性决定了用户可信的访问行为对于云服务安全的重要性。而在传统的访问控制中,一旦用户被赋予了某种角色,便会一直拥有该角色所对应的权限,缺乏一定的动态性。针对以上两点,在传统访问控制模型以及用户行为信任值特点分析的基础上,文章提出了一种SaaS模式下基于用户行为的动态访问控制模型(cloud-RBAC)。模型中的租户更好地实现了访问控制中安全域的控制,而用户组和数据范围则更好地实现了粒度的控制,体现了云服务访问控制的灵活性。根据用户访问云服务过程中各行为证据值,模型利用模糊层次分析法,确定其行为信任等级,再根据权限敏感等级,最终确定用户可行使的权限,体现了云服务访问控制的动态性。结果分析表明,文章提出的访问控制模型能够对用户的非法访问行为做出快速的反应,同时又能够有效地控制合法的访问行为,从而保证了云服务的安全性和可靠性。

关键词: 用户行为, cloud-RBAC模型, 动态访问控制

Abstract: SaaS shared nature determines the importance of user’s trusted access behavior to cloud services. In the traditional access control model, once the users have been given a role, they will always have the privileges based the role. It lacks dynamic. For the above-mentioned points, this paper presents a dynamic access control model based on user’s behavior in SaaS. It is based on the traditional access control model and the analysis of the characteristics of user’s trusted behavior. The tenants in the model achieve a better control of the security domains. In addition, user groups and the scope of the data achieve a better control of the granularity. This reflects the flexibility of the access control to cloud service. Based on the evidence value during the user’s visit, this model uses fuzzy analytic hierarchy process to determine the trust level of the behavior. And then according to the sensitivity level, the privileges that the user can exercise will be determined ultimately. This reflects the dynamic. As the results showed, the access control model presented in this paper can respond to user’s illegal behavior quickly. At the same time, it is able to control legitimate access behavior effectively and ensuring the safety and reliability of cloud services.

Key words: user’s behavior, cloud-RBAC model, dynamic access control

中图分类号: