CN105871880A - Cross-tenant access control method based on trust model in cloud environment - Google Patents

Cross-tenant access control method based on trust model in cloud environment Download PDF

Info

Publication number
CN105871880A
CN105871880A CN201610303258.8A CN201610303258A CN105871880A CN 105871880 A CN105871880 A CN 105871880A CN 201610303258 A CN201610303258 A CN 201610303258A CN 105871880 A CN105871880 A CN 105871880A
Authority
CN
China
Prior art keywords
tenant
user
authority
trustee
relationship
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610303258.8A
Other languages
Chinese (zh)
Other versions
CN105871880B (en
Inventor
邹德清
金海�
闵军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huazhong University of Science and Technology
Original Assignee
Huazhong University of Science and Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huazhong University of Science and Technology filed Critical Huazhong University of Science and Technology
Priority to CN201610303258.8A priority Critical patent/CN105871880B/en
Publication of CN105871880A publication Critical patent/CN105871880A/en
Application granted granted Critical
Publication of CN105871880B publication Critical patent/CN105871880B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0892Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network

Abstract

The invention discloses a cross-tenant access control method based on a trust model in a cloud environment. Based on the characteristics of a cloud computing multi-tenant architecture, a user of a tenant can have access to resources of other tenants after being authorized, so that the problems related to resource security and privacy caused during tenant cooperation are solved. By designing two types of tenant trust relationships, the tenant trust relationship concept is introduced to an access control model to reflect the access control requirement between two tenants. Through the definition of model elements and the formal description of a model function, a tenant trust model is built to adapt to the multi-tenant characteristic of cloud computing, and then cross-tenant access control is achieved.

Description

Under a kind of cloud environment based on trust model across tenant's access control method
Technical field
The invention belongs to cloud computing information security field, more particularly, to based on trust model under a kind of cloud environment Across tenant's access control method.
Background technology
Cloud computing is one of hot issue of current information technical field, is that academia, industrial circle, government etc. the most extremely close Note focus, its core concept be by calculate in a large number resource, storage resource link together with software resource, formation huge size Shared virtual IT resource pool.Many tenants technology makes different user share identical resource, is the crucial skill of cloud computing employing Art, is also that resource can dynamic retractility and the key reason made full use of.Many tenants technology is by on-demand customization and shares storage Interactive mode obtain while cloud service and be also faced with new challenges: 1. unauthorized tenant steals letter to obtain business secret Breath;2. there is tenant's unauthorized access unauthorized resource of part authority;3. cloud service provider may be to outward leakage tenant's business Information.It is thus desirable to explore the controllability difficult problem solving each inter-entity complex interaction, by effectively controlling the access rights of tenant Protect safety and the privacy of its information.
Academia has expanded the research of the access control technology under cloud computing environment, and main research point concentrates on cloud meter Calculate the aspects such as access control model under environment, access control based on encryption mechanism, virtual machine access control.But in cloud resource Chi Zhong, logical security territory instead of the physical security border under conventional architectures pattern, and the cloud resource of tenant loses physical boundary The security control in territory, the access control model of former distributed environment is not particularly suited for tenant's collaboration scenario cross-border in cloud.
Summary of the invention
For disadvantages described above or the Improvement requirement of prior art, the invention provides under a kind of cloud environment based on trust model Across tenant's access control method, it is intended that by introduce tenant's trusting relationship to access control model, it is achieved a rent The user at family can access the resource of other tenants through corresponding mandate, thus solves the resource security brought that cooperates between tenant Property and privacy problem.
For achieving the above object, according to one aspect of the present invention, it is provided that based on trust model under a kind of cloud environment Across tenant's access control method, comprise the following steps:
(1) user sends access request, and the tenant receiving this access request judges whether user belongs to this tenant, if It is then to call authority partition function in the tenant in tenant's trust model, then proceeds to step (6), otherwise enter step (2);
(2) judge whether the tenant belonging to user establishes trusting relationship with the tenant receiving this access request, if it is, Then entering step (3), else process terminates;
(3) the trusting relationship type between the tenant belonging to user and the tenant receiving this access request is judged, if The first type, then proceed to step (4), if the second type, then proceeds to step (5);
(4) receive the tenant of this access request call in tenant's trust model across tenant's authority partition function, to transmission The user of access request authorizes authority, then proceeds to step (6);
(5) send access request the tenant belonging to user call in tenant's trust model across tenant's authority distribute letter Number, obtains authority at the tenant receiving access request and is granted to user, then proceeding to step (6);
(6) user uses rights that have been granted to perform to access operation.
Preferably, tenant's trust model has a following model element:
Tenant, it is to use the enterprise of cloud service, department or tissue;
User, it is to access the main body of tenant's resource in cloud platform, and each user has a unique owner tenant, And tenant has multiple user, user accesses tenant's resource according to the authority authorized, and carries out the Business Processing being correlated with.
Authority, it is the privilege of a kind of specification being present in tenant, each authority only one of which owner tenant, tenant There is multiple authority.
Preferably, if trusting relationship is the first type, after trusting relationship is established, tenant A can disclose its portion to tenant B Divide or whole user profile, it is therefore an objective to tenant B user profile based on tenant A can distribute the authority of tenant B to the use of tenant A Family, completes across tenant's authorized appropriation;If trusting relationship is the second type, after trusting relationship is established, tenant A can divide authorizing The control joined entrusts to tenant B, it is therefore an objective to tenant B can distribute to the user in tenant B the authority of tenant A, complete across Tenant's authorized appropriation.
Preferably, tenant's trust model has such as minor function, in order to represent the relation between model element:
(1) trusting relationship is set up: the binary crelation that tenant collects Tenants and tenant collects between Tenants,
(2) tenant user creates: the binary crelation that tenant collects Tenants and user collects between Users,Being many-one relationship between tenant and user, a tenant can have multiple user, a user to belong to Some tenant;
(3) tenant's authority creates: tenant collects a binary crelation between Tenants and authority set Permissions,Being many-one relationship between tenant and authority, a tenant can have multiple authority, a kind of authority to belong to In some tenant;
(4) authority distribution in tenant: authority set Permissions and user in tenant collect two between Users Unit's relation,Being many-to-many relationship between user and authority, a user can have multiple authority, Yi Zhongquan Limit can distribute to multiple user.User-authority distribution is specified by tenant keeper.
(5) distribute across tenant's authority: the binary crelation between user's collection and the authority set of another tenant of a tenant,Being many-to-many relationship between user and authority, a user can have multiple authority, and a kind of authority is permissible Distribute to multiple user.
Preferably, tenant's trusting relationship is divided into two classes:
(1) trustee discloses its user profile to trustee, and trustee distributes its authority to trustee based on user profile User.
(2) control across tenant's authorized appropriation is entrusted to trustee by trustee, and trustee obtains visit at trustee Ask authority.
Preferably, tenant's trusting relationship has the property that
(1) tenant's trusting relationship is that the binary crelation between tenant is from trustee to trustee;
(2) tenant always trusts itself, accesses not trusted relationship affect in tenant territory;
(3) in order to control the propagation of trusting relationship and enable, trusting relationship can only be initiated and by being commissioned via trustee People sets up after agreeing to, it is impossible to indirectly infer from the combination of other trusting relationships;
(4) trusting relationship is unidirectional and each directionally independent.Single tenant can be in a trusting relationship Trustee, is trustee at another.
In general, by the contemplated above technical scheme of the present invention compared with prior art, it is possible to show under acquirement Benefit effect:
(1) present invention be applicable between cloud platform tenant cooperation scene: user's identification division, owing to have employed step (1) With step (2), make tenant can select corresponding access control scheme according to the situation of user, it is achieved fine granularity is with tenant as list The access of position controls, and meets the diversified demand under cloud environment.
(2) present invention solves and accesses safety and privacy concern across tenant: owing to have employed step (3), step (4) and step Suddenly establishing trusting relationship between (5), only tenant, user can be awarded the resource access rights of other tenants, it is achieved across Tenant accesses control, provides personalized demand for services for tenant.
(3) present invention has the features such as reasonable in design, simple in construction, flexible configuration, can expand further based on the method Represent and have access control model, have good value for applications.
Accompanying drawing explanation
Fig. 1 is the flow chart across tenant's access control method based on trust model under cloud environment of the present invention;
Fig. 2 is the schematic diagram of the tenant's trust model that the present invention relates to.
Detailed description of the invention
In order to make the purpose of the present invention, technical scheme and advantage clearer, below in conjunction with drawings and Examples, right The present invention is further elaborated.Should be appreciated that specific embodiment described herein only in order to explain the present invention, and It is not used in the restriction present invention.If additionally, technical characteristic involved in each embodiment of invention described below The conflict of not constituting each other just can be mutually combined.
Comprise the following steps as it is shown in figure 1, based on trust model under cloud environment of the present invention across tenant's access control method:
(1) tenant receives the access request that user sends, and judges whether user belongs to this tenant, if it is, call Authority partition function in tenant in tenant's trust model, then proceeds to step (6), otherwise enters step (2);
(2) judge whether the tenant belonging to user establishes trusting relationship with the tenant receiving this access request, if it is, Then entering step (3), else process terminates;
(3) the trusting relationship type between the tenant belonging to user and the tenant receiving this access request is judged, if The first type, then proceed to step (4), if the second type, then proceeds to step (5);
(4) receive the tenant of this access request call in tenant's trust model across tenant's authority partition function, to transmission The user of access request authorizes authority, then proceeds to step (6);
(5) send access request the tenant belonging to user call in tenant's trust model across tenant's authority distribute letter Number, obtains authority at the tenant receiving access request and is granted to user, then proceeding to step (6);
(6) user uses rights that have been granted to perform to access operation.
As in figure 2 it is shown, in the present invention, tenant's trust model has a following model element:
(1) tenant: use the enterprise of cloud service, department or tissue, be designated as Tenants={t1, t2..., tn, represent institute Have a set of tenant, generally tenant be mapped to cloud service particular virtual territory of its lease in practice, the activity of cloud user and Resource accesses and is defined within a tenant territory.
(2) user: access the main body of tenant's resource in cloud platform, be designated as Users={u1, u2..., un, represent that institute is useful The set at family.Each user has a unique owner tenant, and tenant has multiple user.User is according to the authority authorized Access tenant's resource, carry out the Business Processing being correlated with.
(3) authority: the privilege of a kind of specification that authority is present in tenant, is designated as Permissions={p1, p2..., pn, represent the set of all permissions.Each authority only one of which owner tenant, tenant has multiple authority.
Tenant's trust model has such as minor function, in order to represent the relation between model element:
(1) trusting relationship is set up: the binary crelation that tenant collects Tenants and tenant collects between Tenants,
Tenant's trusting relationship is divided into two classes:
1-1) trustee discloses its user profile to trustee, and trustee distributes its authority to trustee based on user profile User.
1-2) control across tenant's authorized appropriation is entrusted to trustee by trustee, and trustee obtains visit at trustee Ask authority.
(2) tenant user creates: the binary crelation that tenant collects Tenants and user collects between Users, Being many-one relationship between tenant and user, a tenant can have multiple user, a user can only belong to some tenant. Correspondingly, function userOwner (u) maps the user owner tenant to it, and when meeting, (u, t) during ∈ TU UserOwner (u)=t;
(3) tenant's authority creates: tenant collects a binary crelation between Tenants and authority set Permissions,Being many-one relationship between tenant and authority, a tenant can have multiple authority, a kind of authority to belong to In some tenant.Correspondingly, function permOwner (p) maps the authority owner tenant to it, when meet (p, t) PermOwner (p)=t during ∈ TP;
(4) authority distribution in tenant: authority set Permissions and user in tenant collect two between Users Unit's relation,Being many-to-many relationship between user and authority, a user can have multiple authority, Yi Zhongquan Limit can distribute to multiple user.User-authority distribution is specified by tenant keeper.
(5) distribute across tenant's authority: the binary crelation between user's collection and the authority set of another tenant of a tenant,Being many-to-many relationship between user and authority, a user can have multiple authority, and a kind of authority is permissible Distribute to multiple user.The premise that across tenant, authority is distributed to user is to there is following trusting relationship (to use symbolTable Show) one of which:
Embodiment
(1) tenant's registration
Enterprise tenant plans the tenant's trusting relationship management service using cloud service provider to be provided.First enterprise tenant By register flow path, file an application to cloud service provider, register tenant's information, believe including enterprise name, address, phone etc. Breath;Tenant Administrator Info is then provided (using this keeper to create tenant's internal user and authority distribution) later, selects letter Appoint the specific functional modules of relationship management service, as applied for, allow, cancelling.
(2) inter access control model
It is (self contained navigation, strong that tenant keeper may select three kinds of access Control Cooling that cloud service provider provided System access control and role-base access control) one of which, complete tenant's inter access control model.
(3) control model is accessed across tenant
When tenant A need cooperate with tenant B, tenant A send trust application via tenant B permission after, both pass through Trusting relationship is set up in the management service of tenant's trusting relationship.Tenant A is trustee, tenant B trustee.
If trusting relationship is the first type, after trusting relationship is established, tenant A can disclose its part or complete to tenant B Portion's user profile, it is therefore an objective to tenant B can user profile based on tenant A distribution tenant B authority to the user of tenant A, complete Across tenant's authorized appropriation.
If trusting relationship is the second type, after trusting relationship is established, the control of authorized appropriation can be entrusted by tenant A To tenant B, it is therefore an objective to tenant B can distribute to the user in tenant B the authority of tenant A, completes across tenant's authorized appropriation.
As it will be easily appreciated by one skilled in the art that and the foregoing is only presently preferred embodiments of the present invention, not in order to Limit the present invention, all any amendment, equivalent and improvement etc. made within the spirit and principles in the present invention, all should comprise Within protection scope of the present invention.

Claims (6)

1. based on trust model across tenant's access control method under a cloud environment, it is characterised in that to comprise the following steps:
(1) user sends access request, and the tenant receiving this access request judges whether user belongs to this tenant, if it is, Call authority partition function in the tenant in tenant's trust model, then proceed to step (6), otherwise enter step (2);
(2) judge whether the tenant belonging to user establishes trusting relationship, if it is, enter with the tenant receiving this access request Entering step (3), else process terminates;
(3) the trusting relationship type between the tenant belonging to user and the tenant receiving this access request is judged, if first Type, then proceed to step (4), if the second type, then proceeds to step (5);
(4) receive the tenant of this access request call in tenant's trust model across tenant's authority partition function, access sending The user of request authorizes authority, then proceeds to step (6);
(5) send the tenant belonging to user of access request call in tenant's trust model across tenant's authority partition function, from Receive and obtain authority at the tenant of access request and be granted to user, then proceed to step (6);
(6) user uses rights that have been granted to perform to access operation.
The most according to claim 1 across tenant's access control method, it is characterised in that tenant's trust model has such as lower mold Type element:
Tenant, it is to use the enterprise of cloud service, department or tissue;
User, it is to access the main body of tenant's resource in cloud platform, and each user has a unique owner tenant, and rents There is multiple user at family, and user accesses tenant's resource according to the authority authorized, and carries out the Business Processing being correlated with.
Authority, it is the privilege of a kind of specification being present in tenant, and each authority only one of which owner tenant, tenant has many Individual authority.
It is the most according to claim 2 across tenant's access control method, it is characterised in that if trusting relationship is the first kind Type, after trusting relationship is established, tenant A can disclose its part or all of user profile to tenant B, it is therefore an objective to tenant B can be based on The authority of the user profile distribution tenant B of tenant A, to the user of tenant A, completes across tenant's authorized appropriation;If trusting relationship is Two types, after trusting relationship is established, the control of authorized appropriation can be entrusted to tenant B by tenant A, it is therefore an objective to tenant B can Distribute to the user in tenant B with the authority tenant A, complete across tenant's authorized appropriation.
The most according to claim 3 across tenant's access control method, it is characterised in that tenant's trust model has following letter Number, in order to represent the relation between model element:
(1) trusting relationship is set up: the binary crelation that tenant collects Tenants and tenant collects between Tenants,
(2) tenant user creates: the binary crelation that tenant collects Tenants and user collects between Users,Rent Being many-one relationship between family and user, a tenant can have multiple user, a user can only belong to some tenant;
(3) tenant's authority creates: tenant collects a binary crelation between Tenants and authority set Permissions,Being many-one relationship between tenant and authority, a tenant can have multiple authority, a kind of authority to belong to In some tenant;
(4) authority distribution in tenant: authority set Permissions and user in tenant collect a binary pass between Users System,Being many-to-many relationship between user and authority, a user can have multiple authority, and a kind of authority can To distribute to multiple user.User-authority distribution is specified by tenant keeper.
(5) distribute across tenant's authority: the binary crelation between user's collection and the authority set of another tenant of a tenant,Being many-to-many relationship between user and authority, a user can have multiple authority, and a kind of authority is permissible Distribute to multiple user.
The most according to claim 4 across tenant's access control method, it is characterised in that tenant's trusting relationship is divided into two classes:
(1) trustee discloses its user profile to trustee, and trustee distributes its authority to the use of trustee based on user profile Family.
(2) control across tenant's authorized appropriation is entrusted to trustee by trustee, and trustee obtains access right at trustee Limit.
The most according to claim 5 across tenant's access control method, it is characterised in that tenant's trusting relationship has following property Matter:
(1) tenant's trusting relationship is that the binary crelation between tenant is from trustee to trustee;
(2) tenant always trusts itself, accesses not trusted relationship affect in tenant territory;
(3) in order to control the propagation of trusting relationship and enable, trusting relationship can only be initiated via trustee and same by trustee Set up after meaning, it is impossible to indirectly infer from the combination of other trusting relationships;
(4) trusting relationship is unidirectional and each directionally independent.Single tenant can be to entrust in a trusting relationship People, is trustee at another.
CN201610303258.8A 2016-05-10 2016-05-10 Across tenant access control method based on trust model under a kind of cloud environment Active CN105871880B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610303258.8A CN105871880B (en) 2016-05-10 2016-05-10 Across tenant access control method based on trust model under a kind of cloud environment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610303258.8A CN105871880B (en) 2016-05-10 2016-05-10 Across tenant access control method based on trust model under a kind of cloud environment

Publications (2)

Publication Number Publication Date
CN105871880A true CN105871880A (en) 2016-08-17
CN105871880B CN105871880B (en) 2018-11-06

Family

ID=56631592

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610303258.8A Active CN105871880B (en) 2016-05-10 2016-05-10 Across tenant access control method based on trust model under a kind of cloud environment

Country Status (1)

Country Link
CN (1) CN105871880B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109756527A (en) * 2017-11-01 2019-05-14 阿里巴巴集团控股有限公司 Data sharing method, apparatus and system
CN110968858A (en) * 2018-09-30 2020-04-07 北京国双科技有限公司 User authority control method and system
CN111182058A (en) * 2019-12-30 2020-05-19 福建天泉教育科技有限公司 Method and storage medium for realizing cross-tenant access at Android terminal
CN111988173A (en) * 2020-08-19 2020-11-24 北京安瑞志远科技有限公司 Tenant management platform and tenant management method based on multi-layer parent-child structure tenant
CN112579999A (en) * 2019-09-30 2021-03-30 北京国双科技有限公司 Data processing method and device
CN114070600A (en) * 2021-11-11 2022-02-18 上海电气集团数字科技有限公司 Industrial Internet field identity access control method based on zero trust model

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101242277A (en) * 2008-03-11 2008-08-13 南京邮电大学 Authorization trust method based on trust under grid environment
CN101453476A (en) * 2009-01-06 2009-06-10 中国人民解放军信息工程大学 Cross domain authentication method and system
CN101729321A (en) * 2009-12-22 2010-06-09 北京理工大学 Dynamic cross-domain access control method based on trust valuation mechanism
CN101888341A (en) * 2010-07-20 2010-11-17 上海交通大学 Calculable creditworthiness-based access control method under distributed environment of multiple trusting domains
WO2012004185A1 (en) * 2010-07-08 2012-01-12 International Business Machines Corporation Resource access management
CN102571821A (en) * 2012-02-22 2012-07-11 浪潮电子信息产业股份有限公司 Cloud security access control model
CN105074685A (en) * 2013-03-15 2015-11-18 国际商业机器公司 Multi-tenancy support for enterprise social business computing

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101242277A (en) * 2008-03-11 2008-08-13 南京邮电大学 Authorization trust method based on trust under grid environment
CN101453476A (en) * 2009-01-06 2009-06-10 中国人民解放军信息工程大学 Cross domain authentication method and system
CN101729321A (en) * 2009-12-22 2010-06-09 北京理工大学 Dynamic cross-domain access control method based on trust valuation mechanism
WO2012004185A1 (en) * 2010-07-08 2012-01-12 International Business Machines Corporation Resource access management
CN101888341A (en) * 2010-07-20 2010-11-17 上海交通大学 Calculable creditworthiness-based access control method under distributed environment of multiple trusting domains
CN102571821A (en) * 2012-02-22 2012-07-11 浪潮电子信息产业股份有限公司 Cloud security access control model
CN105074685A (en) * 2013-03-15 2015-11-18 国际商业机器公司 Multi-tenancy support for enterprise social business computing

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
羌卫中,金海,石宣化,邹德清: "基于分布式信任管理机制的网络授权研究", 《华中科技大学学报》 *

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109756527A (en) * 2017-11-01 2019-05-14 阿里巴巴集团控股有限公司 Data sharing method, apparatus and system
CN109756527B (en) * 2017-11-01 2022-01-21 阿里巴巴集团控股有限公司 Data sharing method, device and system
CN110968858A (en) * 2018-09-30 2020-04-07 北京国双科技有限公司 User authority control method and system
CN112579999A (en) * 2019-09-30 2021-03-30 北京国双科技有限公司 Data processing method and device
CN111182058A (en) * 2019-12-30 2020-05-19 福建天泉教育科技有限公司 Method and storage medium for realizing cross-tenant access at Android terminal
CN111182058B (en) * 2019-12-30 2022-07-26 福建天泉教育科技有限公司 Method and storage medium for realizing cross-tenant access at Android terminal
CN111988173A (en) * 2020-08-19 2020-11-24 北京安瑞志远科技有限公司 Tenant management platform and tenant management method based on multi-layer parent-child structure tenant
CN111988173B (en) * 2020-08-19 2023-09-12 北京安瑞志远科技有限公司 Tenant management platform and tenant management method based on multi-layer father-son structure tenant
CN114070600A (en) * 2021-11-11 2022-02-18 上海电气集团数字科技有限公司 Industrial Internet field identity access control method based on zero trust model
CN114070600B (en) * 2021-11-11 2023-09-29 上海电气集团数字科技有限公司 Industrial Internet domain identity access control method based on zero trust model

Also Published As

Publication number Publication date
CN105871880B (en) 2018-11-06

Similar Documents

Publication Publication Date Title
CN105871880A (en) Cross-tenant access control method based on trust model in cloud environment
US10949557B2 (en) Blockchain-based auditing, instantiation and maintenance of 5G network slices
Bhaskaran et al. Double-blind consent-driven data sharing on blockchain
Kaiwen et al. Attribute-role-based hybrid access control in the internet of things
CN106792692B (en) A kind of physics dicing method based on SDN technology
CN104573478A (en) User authority management system of Web application
CN108092945B (en) Method and device for determining access authority and terminal
WO2016188153A1 (en) Access role acquiring method, device and system
US10432642B2 (en) Secure data corridors for data feeds
CN102932340A (en) System and method for role-based access control
CN110809006A (en) Block chain-based Internet of things access control architecture and method
CN111404910B (en) Manufacturing cross-domain data security sharing control method based on block chain
CN106878084A (en) A kind of authority control method and device
CN109413080B (en) Cross-domain dynamic authority control method and system
CN112187800B (en) Attribute-based access control method with anonymous access capability
Li et al. Towards secure dynamic collaborations with group-based RBAC model
CN107846676A (en) Safety communicating method and system based on network section security architecture
KR20190025981A (en) Authorization revocation methods and devices
CN103581200A (en) Method and system for achieving fast circulation of structural file among multiple levels of safety domains
CN110414213A (en) A kind of method and device to rights management in operation management system based on keycloak
Yahya et al. Multi-organizational access control model based on mobile agents for cloud computing
CN113904875B (en) Multi-chain fusion authority control system based on block chain
Chai et al. SFAC: A Smart Contract-Based Fine-Grained Access Control for Internet of Things
Bouras et al. A Lightweight Blockchain-Based IoT Identity Management Approach. Future Internet 2021, 13, 24
Xie et al. Pre-authorization Usage Control Mechanism for Cross-Domain in Cloud

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant