To resolve the problem of quantitative analysis in hybrid cloud,a quantitative analysis method,which is based on the security entropy,is proposed.Firstly,according to the information theory,the security entropy is put...To resolve the problem of quantitative analysis in hybrid cloud,a quantitative analysis method,which is based on the security entropy,is proposed.Firstly,according to the information theory,the security entropy is put forward to calculate the uncertainty of the system' s determinations on the irregular access behaviors.Secondly,based on the security entropy,security theorems of hybrid cloud are defined.Finally,typical access control models are analyzed by the method,the method's practicability is validated,and security and applicability of these models are compared.Simulation results prove that the proposed method is suitable for the security quantitative analysis of the access control model and evaluation to access control capability in hybrid cloud.展开更多
Towards the crossing and coupling permissions in tasks existed widely in many fields and considering the design of role view must rely on the activities of the tasks process,based on Role Based Accessing Control (RBAC...Towards the crossing and coupling permissions in tasks existed widely in many fields and considering the design of role view must rely on the activities of the tasks process,based on Role Based Accessing Control (RBAC) model,this paper put forward a Role Tree-Based Access Control (RTBAC) model. In addition,the model definition and its constraint formal description is also discussed in this paper. RTBAC model is able to realize the dynamic organizing,self-determination and convenience of the design of role view,and guarantee the least role permission when task separating in the mean time.展开更多
Most cloud services are built with multi-tenancy which enables data and configuration segregation upon shared infrastructures.It offers tremendous advantages for enterprises and service providers.It is anticipated tha...Most cloud services are built with multi-tenancy which enables data and configuration segregation upon shared infrastructures.It offers tremendous advantages for enterprises and service providers.It is anticipated that this situation will evolve to foster cross-tenant collaboration supported by Authorization as a service.To realize access control in a multi-tenant cloud computing environment,this study proposes a multi-tenant cloud computing access control model based on the traditional usage access control model by building trust relations among tenants.The model consists of three sub-models,which achieve trust relationships between tenants with different granularities and satisfy the requirements of different application scenarios.With an established trust relation in MT-UCON(Multi-tenant Usage Access Control),the trustee can precisely authorize cross-tenant accesses to the trustor’s resources consistent with constraints over the trust relation and other components designated by the trustor.In addition,the security of the model is analyzed by an information flow method.The model adapts to the characteristics of a dynamic and open multi-tenant cloud computing environment and achieves fine-grained access control within and between tenants.展开更多
Software-as-a-Service (SaaS) introduces multi- tenancy architecture (MTA). Sub-tenancy architecture (STA), is an extension of MTA, allows tenants to offer services for subtenant developers to customize their app...Software-as-a-Service (SaaS) introduces multi- tenancy architecture (MTA). Sub-tenancy architecture (STA), is an extension of MTA, allows tenants to offer services for subtenant developers to customize their applications in the SaaS infrastructure. In a STA system, tenants can create sub- tenants, and grant their resources (including private services and data) to their subtenants. The isolation and sharing re- lations between parent-child tenants, sibling tenants or two non-related tenants are more complicated than those between tenants in MTA. It is important to keep service components or data private, and at the same time, allow them to be shared, and support application customizations for tenants. To ad- dress this problem, this paper provides a formal definition of a new tenant-based access control model based on administra- tive role-based access control (ARBAC) for MTA and STA in service-oriented SaaS (called TMS-ARBAC). Autonomous areas (AA) and AA-tree are proposed to describe the auton- omy of tenants, including their isolation and sharing relation- ships. Authorization operations on AA and different resource sharing strategies are defined to create and deploy the access control scheme in STA models. TMS-ARBAC model is ap- plied to design a geographic e-Science platform.展开更多
To build a trusted platform based on Trusted Computing Platform Alliance(TCPA)'s recommendation,we analyze the integrity mechanism for such a PC platfoim in this paper.By combinning access control model with infor...To build a trusted platform based on Trusted Computing Platform Alliance(TCPA)'s recommendation,we analyze the integrity mechanism for such a PC platfoim in this paper.By combinning access control model with information flow model,we put forwarda combinedprocess-based lattice model to enforce security This moelel creates a trust chain by which we canmanage a series of processes from a core root of trust module to some other application modules Inthe model,once the trust chain is created andmanaged cor-rectly,the integrity of the computer'shardware and sofware has bctn maintained,so does the confidentiality and authenticity.Moreover,arelevant implementation of the model is explained.展开更多
To protect personal privacy and confidential preservation,access control is used to authorize legal users for safe browsing the authorized contents on photos.The access control generates an authorization rule accordin...To protect personal privacy and confidential preservation,access control is used to authorize legal users for safe browsing the authorized contents on photos.The access control generates an authorization rule according to each permission assignment.However,the general access control is inappropriate to apply in some social services(e.g.,photos posted on Flickr and Instagram,personal image management in mobile phone) because of the increasing popularity of digital images being stored and managed.With low maintenance loads,this paper integrates the data hiding technique to propose an access control mechanism for privacy preservation.The proposed scheme changes the partial regions of a given image as random pads (called selective image encryption) and only allows the authorized people to remedy the random pads back to meaningful ones which are with similar visual qualities of original ones.展开更多
基金Supported by the National Natural Science Foundation of China(No.60872041,61072066)Fundamental Research Funds for the Central Universities(JYI0000903001,JYI0000901034)
文摘To resolve the problem of quantitative analysis in hybrid cloud,a quantitative analysis method,which is based on the security entropy,is proposed.Firstly,according to the information theory,the security entropy is put forward to calculate the uncertainty of the system' s determinations on the irregular access behaviors.Secondly,based on the security entropy,security theorems of hybrid cloud are defined.Finally,typical access control models are analyzed by the method,the method's practicability is validated,and security and applicability of these models are compared.Simulation results prove that the proposed method is suitable for the security quantitative analysis of the access control model and evaluation to access control capability in hybrid cloud.
基金Knowledge Innovation Project and Intelligent Infor mation Service and Support Project of the Shanghai Education Commission, China
文摘Towards the crossing and coupling permissions in tasks existed widely in many fields and considering the design of role view must rely on the activities of the tasks process,based on Role Based Accessing Control (RBAC) model,this paper put forward a Role Tree-Based Access Control (RTBAC) model. In addition,the model definition and its constraint formal description is also discussed in this paper. RTBAC model is able to realize the dynamic organizing,self-determination and convenience of the design of role view,and guarantee the least role permission when task separating in the mean time.
文摘Most cloud services are built with multi-tenancy which enables data and configuration segregation upon shared infrastructures.It offers tremendous advantages for enterprises and service providers.It is anticipated that this situation will evolve to foster cross-tenant collaboration supported by Authorization as a service.To realize access control in a multi-tenant cloud computing environment,this study proposes a multi-tenant cloud computing access control model based on the traditional usage access control model by building trust relations among tenants.The model consists of three sub-models,which achieve trust relationships between tenants with different granularities and satisfy the requirements of different application scenarios.With an established trust relation in MT-UCON(Multi-tenant Usage Access Control),the trustee can precisely authorize cross-tenant accesses to the trustor’s resources consistent with constraints over the trust relation and other components designated by the trustor.In addition,the security of the model is analyzed by an information flow method.The model adapts to the characteristics of a dynamic and open multi-tenant cloud computing environment and achieves fine-grained access control within and between tenants.
文摘Software-as-a-Service (SaaS) introduces multi- tenancy architecture (MTA). Sub-tenancy architecture (STA), is an extension of MTA, allows tenants to offer services for subtenant developers to customize their applications in the SaaS infrastructure. In a STA system, tenants can create sub- tenants, and grant their resources (including private services and data) to their subtenants. The isolation and sharing re- lations between parent-child tenants, sibling tenants or two non-related tenants are more complicated than those between tenants in MTA. It is important to keep service components or data private, and at the same time, allow them to be shared, and support application customizations for tenants. To ad- dress this problem, this paper provides a formal definition of a new tenant-based access control model based on administra- tive role-based access control (ARBAC) for MTA and STA in service-oriented SaaS (called TMS-ARBAC). Autonomous areas (AA) and AA-tree are proposed to describe the auton- omy of tenants, including their isolation and sharing relation- ships. Authorization operations on AA and different resource sharing strategies are defined to create and deploy the access control scheme in STA models. TMS-ARBAC model is ap- plied to design a geographic e-Science platform.
基金Supported by the National Natural Science Foun dation of China(90104005)the National High Technology Re search and Development Program of China(863 Program)(2002AA141051)
文摘To build a trusted platform based on Trusted Computing Platform Alliance(TCPA)'s recommendation,we analyze the integrity mechanism for such a PC platfoim in this paper.By combinning access control model with information flow model,we put forwarda combinedprocess-based lattice model to enforce security This moelel creates a trust chain by which we canmanage a series of processes from a core root of trust module to some other application modules Inthe model,once the trust chain is created andmanaged cor-rectly,the integrity of the computer'shardware and sofware has bctn maintained,so does the confidentiality and authenticity.Moreover,arelevant implementation of the model is explained.
基金supported by MOST under Grant No. 107-2221-E-182-081-MY3。
文摘To protect personal privacy and confidential preservation,access control is used to authorize legal users for safe browsing the authorized contents on photos.The access control generates an authorization rule according to each permission assignment.However,the general access control is inappropriate to apply in some social services(e.g.,photos posted on Flickr and Instagram,personal image management in mobile phone) because of the increasing popularity of digital images being stored and managed.With low maintenance loads,this paper integrates the data hiding technique to propose an access control mechanism for privacy preservation.The proposed scheme changes the partial regions of a given image as random pads (called selective image encryption) and only allows the authorized people to remedy the random pads back to meaningful ones which are with similar visual qualities of original ones.
