针对现有访问控制方法未针对云计算隐私保护特征且缺少动态隐私授权机制,无法在运行过程中 自适应保护隐私数据的不足,通过对基于角色的访问控制(RBAC)模型进行信任度和隐私使用行为扩展,提出了一种面向云计算SaaS层隐私保护的访问控制模型TBRBAC.在此基础上,提出了一种SaaS服务信任度评估和动态更新机制,给出了基于TBRBAC(Trust and Behavior based RBAC)模型的自适应隐私访问控制系统的体系结构、执行流程以及授权分析算法,讨论了 自适应访问控制流程的合理性,并通过实例分析和实验验证说明了本文方法的可行性和有效性.该方法能够实现运行时动态隐私授权及细粒度的隐私访问控制,增强了云计算环境下隐私数据的安全保护.
Aiming at the problem that the existing access control methods do not consider the features of cloud computing privacy protection,lack dynamic privacy authorization mechanism,and thus can not protect privacy data adaptively in the running process,an access control model TBRBAC for SaaS layer privacy protection in cloud computing is proposed by extending RBAC model with the trust degree and privacy use behavior.On this basis,a trust degree evaluation and dynamic update mechanism for SaaS services is proposed.Then,the architecture of adaptive privacy access control system based on TBRBAC model,its execution process and authorization analysis algorithm are given.The rationality of the adaptive access control process is also discussed.Finally,the feasibility and effectiveness of this method are illustrated by example analysis and experimental verification.This method can achieve dynamic privacy authorization and fine-grained privacy access control at run-time,and enhance the security protection of private data in cloud computing environment.