Research On Access Control Model In Multi-domain Environment

The development of distributed system and mass storage technology based on cloud computing,making all kinds of system resources is beginning to cloud.Cloud computing provides network services through the virtual resource pools,which is usually divided into different security management domains,to make the management of resources more convenient.With the need of inter domain resource sharing and information exchange is becoming increasingly urgent,the original access control policy in a single organization cannot meet the demand.How to establish a set of access control policies to ensure the safe and stable operation of the access policy in the domain,and to support the security and flexible cross-domain access in multi-domain environment,which become a hot spot of the research of access control in multi-domain environment.Based on the research of traditional access control technology,the security requirements in multi domain environment are analyzed.Mixed the trust evaluation model with role-based access control model,a trust evaluation mechanism based on time decay and role level is proposed.Then,the cross-domain authorization mechanism is improved and a cross-domain authorization model is proposed.The main works of this paper are as follows.Firstly the characteristics of traditional access control technology are studied,the new requirements of access control in cloud environment are analyzed.Secondly,combining the characteristics of role-based access control model,the trust evaluation model is improved.Introducing the role level penalty factor to achieve the targeted punishment for the malicious behavior of different levels of users.Introducing the time decay factor to limit the validity of the trust.Then the implementation process of the model is described and the validity of the model is proved by simulation experiments.Thirdly,aiming at the problems of the role-based access control existence of the covert role promotion and privilege penetration during cross-domain access,by assigning different domain sets for different users to restrict the authorization scope of inter domain role mapping,which can effectively solve the problem of privilege penetration.Meanwhile,combing with the user's history authorization records and using the minimum authorization principle to cross domain authorization,which can suppress the problem of covert role promotion.Finally,a multi domain access control system was constructed by integrating intra domain with inter domain access control mechanisms,a simple functional test was carried out.