원문정보
초록
영어
With the development of cloud computing, and as the basis of data services, security problems of cloud storage are growing more attention. Based on distributed storage, multi-domain and multi-tenant characteristics, combined with access control technologies, this paper sets up the Role-based Access Control using Ontology and domians in Cloud Storage (DOnto_RBAC), which could provide a concise and effective strategy for service providers (isps). According to the characteristics of access control in cloud storage, based on the standards (called CDMI), this paper adds Domains and Time constraints of roles into RBAC. With ontology technologies and the OWL language, this paper establishes ontology model including entities’ descriptions and strategies to realize reasoning of multi-domain access control permissions. We realized our system through Python and established Restful APIs. Experiments in campus-level cloud storage called Swift showed that, using requests with Restful format commands, DOnto_RBAC was proved to be effective to manage distributed and multi-domain data in cloud storage.
목차
1. Technical Background and Research Status of Access Control in Cloud Storage
2. Improvements of DOnto_RBAC Access Control Model
2.1. Definitions in DOnto_RBAC
2.2. Security policies in DOnto_RBAC
2.3. Constraints of DOnto_RBAC
3. Establishment and Reasoning of DOnto_RBAC Ontology
3.1. Establishment of DOnto_RBAC Ontology
3.2. Reasoning of DOnto_RBAC Ontology
4. Realization and Experiments of DOnto_RBAC System
4.1. Overall design for DOnto_RBAC System
4.2. Resource Access Experiments
4.3. Security Experiments
4.4. Implementation and Experiments on Ontology and Reasoning
4.5. Management Platform of DOnto_RBAC System
5. Conclusion
References