With the increasing popularity of cloud computing services, the research of cloud computing also increasing gradually, but it also reveals more security risk of cloud computing. In this paper, A C-ABAC model is proposed for cross-system cloud computing. The model involves both characteristics of cloud services and the idea of Next Generation Access Control (NGAC).The C-ABAC model introduces Virtual Objects, Policy Store& Administration Point and Cross System Point. In this paper C-ABAC model is formally defined. The attributes of C-ABAC is defined according to classification. A few concepts including attribute, Attribute Hierarchy, context, reputation, collaboration level are introduced. The new concepts increase both the complexity and diversity of the C-ABAC model.The self-management of attribute includes creating attribute, attribute upload, attribute update, attribute delete. The attribute migration of C-ABAC according to the collaboration level and double attribute authority solve consistency problem during cross system access.Then, C-ABAC model uses error-free model checking techniques for the verification of security properties in attribute migration. Two mechanism of reputation evaluation mechanism realize safety inter-operation of the C-ABAC model in cross system access.At Last, we apply C-ABAC model for health management cloud service and realize it with XACML 3.0. Then we compare the time for PDP with and without reputation. |