Cloud computing-oriented organization-label access control method
What is Al technical title?
Al technical title is built by PatSnap Al team. It summarizes the technical point description of the patent document.
An access control and cloud computing technology, applied in the field of network security, can solve problems such as role flooding, achieve the effect of fine-grained improvement, easy implementation, and enhanced privacy protection capabilities
Inactive Publication Date: 2019-07-09
SUN YAT SEN UNIV
View PDF4 Cites 1 Cited by
Summary
Abstract
Description
Claims
Application Information
AI Technical Summary
This helps you quickly interpret patents by identifying the three key elements:
Problems solved by technology
Method used
Benefits of technology
Problems solved by technology
Through the mapping relationship between users-roles-permissions, the efficiency of access control management is improved. However, in the cloud computing environment, there may be a problem of role flooding due to the large number of cloud users.
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more
Image
Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
Click on the blue label to locate the original text in one second.
Reading with bidirectional positioning of images and text.
Smart Image
Examples
Experimental program
Comparison scheme
Effect test
Embodiment 1
[0050] This embodiment provides a cloud computing-oriented organization-label access control method, such as figure 1 , including the following steps:
[0051] S1: Indicate the purpose, which describes the intention for the object to be collected or accessed;
[0052] S2: Set the purpose label on the object, such as figure 2 , the purpose tag represents a restriction on the intended purpose of the object;
[0053] S3: The subject declares the purpose of the access when sending the access request;
[0054] S4: If the access purpose meets the restriction of the purpose tag, the object is allowed to be accessed, and the subject obtains the authority to perform actions on the object; if the access purpose does not meet the restriction of the purpose tag, the object cannot be accessed.
[0055] In a specific example, such as image 3 In the above-mentioned purpose tree, if the purpose tag set for the object is a binary group (management, sales), it indicates that the object’s...
Embodiment 2
[0057] This embodiment provides a kind of Or-LBAC model (organization-label access control model), such as Figure 5 .
[0058] In the Or-LBAC model, the subject declares its own access purpose while sending out the access request, and the data resource owner sets a label indicating the expected purpose of the resource for each data item (object). In the authorization process, only when the subject satisfies the pre-set access policy and the access purpose conforms to the predefined expected purpose of the object, the subject can access the object, that is, "what kind of subject can execute on what kind of object based on what purpose?" What kind of operation" access control requirements. The definitions involved in this model are as follows:
[0059] Organization (Organization): Generated by combining some active entities. In real life, a company or an institution can be regarded as an organization. An organization is represented by org.
[0060] Subject: The access requ...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more
PUM
Login to view more
Abstract
The invention discloses a cloud computing-oriented organization-label access control method. The label access control method comprises the following steps: S1, expressing a target which describes theintention that an object is collected or accessed; S2, setting a target label for an object, wherein the target label represents the limitation on the expected purpose of the object; S3, when the mainbody sends the access request, declaring an access purpose; S4, if the access purpose meets the limitation of the target tag, allowing to access the object, and the subject obtaining the authority ofexecuting the action on the object; and if the access purpose does not meet the limitation of the target tag, not accessing the object. According to the invention, organization-based access control and multi-label access control are combined, and the target label is set for the object, so that privacy protection of the data is realized; compared with an existing OrBAC, the OrBAC overcomes the defect that a data provider is low in management degree of object privacy protection, achieves fine-grained access to data in a cloud computing environment, and meanwhile retains high expandability of anaccess control model based on multiple tags.
Description
technical field [0001] The present invention relates to the technical field of network security, and more specifically, to an organization-label access control method oriented to cloud computing. Background technique [0002] According to the definition of the National Institute of Standards and Technology, cloud computing is a new computing model that supports convenient access to configurable computing resources (such as networks, servers, storage, applications and services, etc.) through the network according to user needs. Shared pools can be quickly configured and delivered with minimal administrative effort or service provider intervention. As a new computing model, cloud computing has the characteristics of ultra-large scale, virtualization, on-demand service and high scalability. With the development and popularization of cloud computing, more and more enterprises and individuals host data on the cloud. However, traditional security technologies cannot fully guaran...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more
Application Information
Patent Timeline
Application Date:The date an application was filed.
Publication Date:The date a patent or application was officially published.
First Publication Date:The earliest publication date of a patent with the same application number.
Issue Date:Publication date of the patent grant document.
PCT Entry Date:The Entry date of PCT National Phase.
Estimated Expiry Date:The statutory expiry date of a patent right according to the Patent Law, and it is the longest term of protection that the patent right can achieve without the termination of the patent right due to other reasons(Term extension factor has been taken into account ).
Invalid Date:Actual expiry date is based on effective date or publication date of legal transaction data of invalid patent.
Login to view more 
Login to view more