期刊名称:International Journal of Security and Its Applications
印刷版ISSN:1738-9976
出版年度:2015
卷号:9
期号:12
页码:357-366
DOI:10.14257/ijsia.2015.9.12.33
出版社:SERSC
摘要:Aimed at the security problems of the cross-cloud, cross-level and cross-domain in multi-level hybrid cloud computing, the singleness of the role establishment method, the implicit promotion of privilege and the separation of duties conflict in the traditional cross-domain authorization management models, a new cross-domain authorization management model for multi-levels hybrid cloud computing is proposed based on a novel two-tier role architecture. The two-tier role architecture which is setted in the area of arrangement can better meet the practical needs of role establishment and management. Based on that, the proposed unidirectional role mapping for cross-domain authorization can avoid the role mapping rings. Besides, by introducing attribute and condition, dynamic adjustment of privileges is realized. The model is described formally in dynamic description logic, including concepts, relations and management operations. Finally, the security of the model is analyzed and an example is presented to illustrate the effectiveness and practicality.
