As a key technology and research hot spot to realize on-demand services in cloudcomputing, service mash-up has acquired some valuable achievements. However, thesetheories are mostly QoS-driven, focusing more on the functional requirements and qualityindicators, lack in taking the security factors into consideration. Meanwhile, on-demandresources access model will mash up services in multi-different trusted virtual domains(TVD) to form a value-added application logic to satisfies customers’ demands. Themash-up process is high dynamic and flexible, so the traditional access control theory andtechnology can not completely adapt.Therefore, service mash-up oriented access control in cloud computing environmentis of great significance and value in research.We expand XACML widely used indistributed system, propose service mash-up oriented access control policy standardsSMACML; protect sensitive information with policy decomposition; discuss mechanismsrelated to policy decomposition, and design effective policy decomposition algorithm;verify the coherence of authorization before and after decomposition of policy, provideauthorization decision methods based on policy decomposition, discuss the adjustmentsteps after policy changes; meanwhile, design efficient service mash-up algorithm underthe constraints of policy; make use of BPEL layout the mash-up plan to assure theexecution of the policy. Finally, verify the feasibility of the above method by realization ofa prototype system. |