Please wait a minute...
浙江大学学报(工学版)  2017, Vol. 51 Issue (12): 2332-2340    DOI: 10.3785/j.issn.1008-973X.2017.12.004
刘敖迪, 王娜, 刘明聪
信息工程大学, 数学工程与先进计算国家重点实验室, 河南 郑州 450001
Access control mechanism for cloud composite service with policy attribute negotiation
LIU Ao-di, WANG Na, LIU Ming-cong
Information Engineering University, State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou 450001, China
 全文: PDF(1126 KB)   HTML



APoAN (access control mechanism based on policy attribute negotiation) was proposed for cloud composite servic. In APoAN, an authorization relation between service components was described at the attribute level that can meet the dynamic, flexible, point-to-point interaction characterisics in cloud environment. The mechanism used policy attribute negotiation to achieve interactive process of access control, which reduced the disclosure of security information within the service and effectively protected the user's privacy. The mechanism can ensure the consistent presentation of different service components policies in global composite service. A policy negotiation algorithm was designed based on historical information. The negotiation process was optimized and the efficiency of negotiation was improved by synchronizing high frequency negotiation policy, storing history information of negotiation and calculating the cost of attributes disclosure. Finally, the simulation results show the feasibility and efficiency of the proposed mechanism.

收稿日期: 2016-10-13 出版日期: 2017-11-22
CLC:  T393  


通讯作者: 王娜,女,副教授     E-mail:
作者简介: 刘敖迪(1992-),男,博士生,从事云计算安全、网络信息安全研究
E-mail Alert


刘敖迪, 王娜, 刘明聪. 基于策略属性协商的云间组合服务访问控制机制[J]. 浙江大学学报(工学版), 2017, 51(12): 2332-2340.

LIU Ao-di, WANG Na, LIU Ming-cong. Access control mechanism for cloud composite service with policy attribute negotiation. JOURNAL OF ZHEJIANG UNIVERSITY (ENGINEERING SCIENCE), 2017, 51(12): 2332-2340.


[1] ARMBRUST M, FOX A, GRIFFITH R, et al. A view of cloud computing[J]. Communications of the ACM, 2010, 53(4):50-58.
[2] DIKAIAKOS M D, KATSAROS D, MEHRA P, et al. Cloud computing:distributed internet computing for IT and scientific research[J]. IEEE Internet Computing, 2009, 13(5):10-13.
[3] JULA A, SUNDARARAJAN E, OTHMAN Z. Cloud computing service composition:a systematic literature review[J]. Expert Systems with Applications, 2014,41(8):3809-3824.
[4] PAN L, LIU N, ZI X. Visualization framework forinter-domain access control policy integration[J]. Wireless Communication Over Zigbee for Automotive Inclination Measurement China Communications, 2013, 10(3):67-75.
[5] ALMUTAIRI A, SARFRAZ M I, BASALAMAH S, et al. A distributed access control architecture for cloud computing[J]. IEEE Software, 2012, 29(2):36-44.
[6] LI B, TIAN M, ZHANG Y, et al. Strategy of domain and cross-domain access control based on trust in cloud computing environment[J]. Lecture Notes in Electrical Engineering, 2014, 277:791-798.
[7] SATOH F, TOKUDA T. Security policy composition for composite web services[J]. IEEE Transactions on Services Computing, 2010, 4(4):314-327.
[8] BOELLA G, VAN D T L. Security policies for sharing knowledge in virtual communities[J]. IEEE Transactions on Systems, Man and Cybernetics, Part A:Systems and Humans, 2006, 36(3):439-450.
[9] BOELLA G, VAN D T L. A game theoretic approach to contracts in multiagent systems[J]. IEEE Transactions on Systems Man and Cybernetics, Part C:Applications and Reviews, 2015, 36(1):68-79.
[10] 林莉,怀进鹏,李先贤.基于属性的访问控制策略合成代数[J].软件学报,2009,20(2):403-414. LIN Li, HUAI Jin-ping, LI Xian-xian. Attribute-based access control policies composition algebra[J]. Journal of Software 2009,20(2):403-414.
[11] SRIVATSA M, IYENGAR A, MIKALSEN T, et al. An access control system for web service compositions[C]//IEEE International Conference on Web Services. Salt Lake City:IEEE, 2007:1-8.
[12] BRUNS G, DANTAS D S, HUTH M. A simple and expressive semantic framework for policy composition in access control[C]//ACM Workshop on Formal Methods in Security Engineering. New York:ACM, 2007:12-21.
[13] CHOU C, JHU J Y. Access control policy embedded composition algorithm for web services[C]//International Conference on Advanced Information Management and Service. Seoul:IEEE, 2010:54-59.
[14] SUN L, DONG H, HUSSAIN F, et al. Cloud service selection:state-of-the-art and future research directions[J]. Journal of Network and Computer Applications, 2014, 45(10):134-150.
[15] CHEN H, CHEN Q, WANG C. A CPN-based trust negotiation model on service level agreement in cloud environment[J]. International Journal of Grid and Distributed Computing, 2015, 8(2):247-258.
[16] WANG C, CHEN Q, CHEN H, et al. An SLA-oriented multiparty trust negotiation model based on HCPN in cloud environment[J]. International Journal of u-and e-Service, Science and Technology, 2015, 8(7):321-336.
[17] 马小信,曾国荪.一种基于模糊策略的自动信任协商方案[J].计算机科学,2015,42(12):220-223. MA Xiao-xin, ZENG Guo-sun. Scheme of automated trust negotiation based on fuzzy logic[J]. Computer Science, 2015,42(12):220-223.
[18] LU H, LIU B. DFANS:A highly efficient strategy for automated trust negotiation[J]. Computers andSecurity, 2009, 28(7):557-565.
[19] SQUICCIARINI A, BERINO E, FERRARI E, et al. PP-trust-X:a system for privacy preserving trust negotiations[J]. ACM Transactions on Information andSystem Security, 2007, 10(3):12.
[20] JIN X, KRISHNAN R, SANDHU R. An unifiedattribute-based access control model covering DAC, MAC and RBAC[C]//IFIP Annual Conference onData and Applications Security and Privacy. Paris:Springer, 2012:41-55.
[21] 王小明,付红,张立臣.基于属性的访问控制研究进展[J].电子学报,2010,38(7):1660-1667. WANG Xiao-ming, FU Hong, ZHANG Li-cen, Research progress on attribute-based access control[J]. Acta Electronica Sinica, 2010,38(7):1660-1667.

No related articles found!