Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Access control policy construction system in private cloud environment

A technology of access control strategy and control strategy, applied in the direction of transmission system, electrical components, etc., can solve problems such as lack, limited single service function, conflict of global access control strategy, etc., reduce the risk of leakage, ensure correct implementation, and ensure transparency sexual effect

Inactive Publication Date: 2018-08-24
NANYANG NORMAL UNIV
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the method of selecting service combinations based on QoS optimization is mainly oriented to user functional requirements, lacking consideration of non-functional security requirements, lack of subject context information, object context information, The operation context information and environment context information are dynamically perceived and quantified, and then the local access control strategy is dynamically constructed, so that the constructed local access control strategy can be dynamically adjusted according to the context environment, so as to ensure that the constructed local access control strategy meets the requirements of the system. While providing security, it can also adapt to the characteristics of dynamics, adaptability and scalability of the private cloud environment; secondly, a single service in a private cloud environment has limited functions, and it is difficult to meet the ever-changing business needs of the system and users, which needs to be realized through service composition The effective sharing of resources enables each service to communicate with each other to complete tasks, and the partial access control policies that describe the security of different services involved in service composition may have different requirements, which may lead to conflicts in the global access control policies generated during the process of service composition However, the traditional service composition method still lacks the ability to integrate the possible conflicts in the process of constructing a global access control strategy that describes service composition security, so as to form a unified global access control strategy that describes service composition security. Consider; moreover, the service model of data hosting and resource sharing in the private cloud environment promotes collaborative services between service domains, and the access control policy describing the service combination security constitutes the global access control policy in the private cloud environment. The global access control policy covers the sensitive policy information of each collaborative service party participating in the service combination, so that the information content of the constructed global access control policy cannot be transmitted and shared with any untrustworthy service provider, so the global access control policy needs to be Implement reasonable protection of sensitive policy information during the decomposition process to ensure the security of policy information itself and the correct implementation of service composition
[0004] To sum up, the construction of access control policies in a private cloud environment will face three major challenges: (1) The dynamic adaptability of policies, that is, how to perceive the factors that affect the construction of local access control policies, and generate policies that can meet security and functional requirements. (2) Consistency of policies, that is, how to integrate different local access control policies in the process of building service composition to construct a global access control policy that describes the security of service composition; (3) Security of policy execution Security, that is, how to ensure the security of sensitive information in the global access control policy itself, so that the sensitive information in the access control policy of the service provider participating in the collaborative service is not shared with untrustworthy service providers

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Access control policy construction system in private cloud environment
  • Access control policy construction system in private cloud environment
  • Access control policy construction system in private cloud environment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0026] Below in conjunction with accompanying drawing and example the present invention is described in further detail.

[0027] Such as figure 1 As shown, the functions of the system of the present invention can be divided into: contextual information awareness, local access control policy construction and optimization, global access control policy construction and decomposition, sensitive information management, domain information management and auditing, the system includes database 100, context awareness Module 200, local access control policy construction module 300, local access control policy optimization module 400, global access control policy construction module 500, global access control policy decomposition module 600, sensitive information management module 700, domain information management module 800 and audit module 900 .

[0028] The database 100 is used to store context information that affects the construction of local access control policies and domain kno...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a system for establishing access control policies in a private cloud environment. The system comprises a database (100), a context-sensing module (200), a local access control policy establishing module (300), a local access control policy optimizing module (400), a global access control policy establishing module (500), a global access control policy decomposing module (600), a sensitive information management module (700), a field information management module (800) and an auditing module (900). The system dynamically establishes the local access control policy in the private cloud environment, so that the established policy can meet requirements on dynamism and adaptivity of the private cloud environment; the system also realizes establishment and decomposition of a global access control policy which describes a composite service security requirement, so that the aim of avoiding leakage of sensitive information in the access control policy of a collaboration-participating service provider is achieved. The system has the characteristics of high security, high executing efficiency and high expandability.

Description

technical field [0001] The invention belongs to the technical field of computer security, and in particular relates to an access control policy construction system in a private cloud environment. It mainly designs and implements the construction of access control strategies in the private cloud environment from the perspective of the framework. Background technique [0002] Cloud Computing (Cloud Computing) takes the network as the carrier and virtualization technology as the basis, integrates traditional computing methods such as grid computing, distributed computing, and parallel computing, and integrates resources such as large-scale scalable applications, storage, computing, and data for collaboration. Working supercomputing mode. As an emerging business model that provides applications based on services and public participation, cloud computing technology meets the advantages of energy saving, emission reduction, green environmental protection and other advantages in i...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L29/08
CPCH04L63/10H04L67/10
Inventor 马晓普刘金江兰义华程宁赵莉沈鵾霄陈思媛
Owner NANYANG NORMAL UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products