| Cloud manufacturing(CMfg)is a new service-oriented networked manufacturing model based on the concept of "Manufacture as a Service" and enables manufacturing enterprises to share manufacturing resources and manufacturing capabilities through the Internet,which is more economical.Multi-tenancy technology can effectively improve the utilization of manufacturing resources,and users can share the cloud manufacturing resources better in the cloud manufacturing environment.As a new industry,there are still many problems to be solved in the development of cloud manufacturing,among which security issues are widely concerned.Access control is one of the most important means to solve cloud security issues.Because the traditional access control can not adjust to the characteristics of cloud manufacturing dynamics,heterogeneity,cooperativity as well as to the demands of multi-tenant on-demand use and information isolation.To solve the above problems,this paper focuses on the architecture and model of multi-tenant access control in cloud manufacturing environment.The main research work is as follows:(1)Combined with the features of CMfg system architecture and multi-tenancy technology,we analyze the requirements of access control for cloud manufacturing resources and multi-tenant resources under cloud manufacturing environment,and build a hierarchical modular cloud manufacturing multi-tenant access control architecture.By combining and improving the RBAC and ABAC models,this paper proposes a multi-tenancy access control model for cloud manufacturing(CM-MTAC)with the features of least privilege,separation of duties and authorization flexibility,which can support multi-level authority management,multi-granularity authorization,on-demand use and segregated access of tenants.Based on the CM-MTAC model,we define the model's elements and their relationships,then use the XACML language to describe the strategy and analyze the cloud authorization process in the CMfg multi-tenant environment.(2)Using the remote service invocation technology Dubbo to establish CMfg access control service center.Through the authorization service in this service center we provide the authentication of access rignts for multiple tenants,to achieve multi-tenant distributed cross-domain authorization.We build the ontology model for cloud manufacturing multi-tenant access control and define the inference rules of multi-tenant access control.Tenants service subscription events are monitored through the cloud manufacturing monitoring center,and the access permissions of tenants are reasoned and dynamically updated.(3)Based on the CM-MTAC model,combining with the remote invocation technology,the ontology model and the inference rules,we design and implement cloud manufacturing multi-tenant access control system,and construct semantic web to process ontology data through Jena to achieve the reasoning of access control authorization rules.Finally,the safety and feasibility of the system are verified,analyzed and summarized.By researching the new requirements for multi-tenant access control under the CMfg environment,we improve the traditional access control model and implement the multi-tenant access control mechanism for cloud manufacturing,then design the prototype system.At last,we analyze and verify that this access control system is feasible,effective and high security under the cloud manufacturing multi-tenant environment. |
PDF Full Text Request