| In order to integrate the existed information systems of the marine environmentand eliminating the information island effect between them, The State OceanicAdministration People’s Republic Of China intends to use the technology ofcomputing cloud to support efficiently information services to marine researchprojects, However, the security issue has becoming a more and more important factor.Unlike other public data, the marine information includes China’s important strategicresource information, which involves a lot of sensitive information. Those data is soimportant that once disclosure would cause significant losses.This paper studies to solve the cloud computing and cloud services platform useraccess control problems. Marine environment cloud platform is a multi-domain,multi-level cloud platform, the security level of the data in cloud are very complicated,includes general data such as temperature field data salt field data and so on. It alsoincludes the top-secret National Ocean Observing data which related to the strategicsecurity. Meanwhile, these data are usually collect from different departments andobservatories. Thus the cloud platform should be able to share the information amongmultiple domains under the safe condition.The users of marine cloud platforms are from different research institutions. Theexisting distributed access control models is difficult to adapt to the security needs ofcloud computing environments due to the problem such as single role and can notaccess resources cross-border. Based on these requirements, we propose a multi-levelcross-domain Role-Based access control model, which use of cross-domain rolemapping mechanism to achieve cross-level access control problems. Cross-domainaccess control role model not only to ensure control user access to resources betweendifferent domains, but also could segregate the duties between the front-end user andcloud platform users by the way of role mapping, through this way we don’t need toallocation a correspond user for every user in front of the cloud platform, Which can effectively reduce the difficulty of managing the platform users.We constructed the cloud platforms demonstration system to verify theavailability and efficiency of this model, which initially achieve the safe accesscontrol of sensitive information, and significantly reduce the risks of informationleaks and other security risks.Our test results show that the demonstration system: The role-based accesscontrol mapping can greatly improve our marine environment information cloudplatform’s security performance, and can provide the users access control withdifferent levels for different types of information resources under different domains. Itensure information security and confidentiality of the marine environment at the sametime, be able to provide efficient services to all types of users of informationresources, proven design and implementation of our marine environment, informationvisualization cloud computing platform... |
PDF Full Text Request