CN105871880A - Cross-tenant access control method based on trust model in cloud environment - Google Patents
Cross-tenant access control method based on trust model in cloud environment Download PDFInfo
- Publication number
- CN105871880A CN105871880A CN201610303258.8A CN201610303258A CN105871880A CN 105871880 A CN105871880 A CN 105871880A CN 201610303258 A CN201610303258 A CN 201610303258A CN 105871880 A CN105871880 A CN 105871880A
- Authority
- CN
- China
- Prior art keywords
- tenant
- user
- authority
- trustee
- relationship
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0892—Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
Abstract
The invention discloses a cross-tenant access control method based on a trust model in a cloud environment. Based on the characteristics of a cloud computing multi-tenant architecture, a user of a tenant can have access to resources of other tenants after being authorized, so that the problems related to resource security and privacy caused during tenant cooperation are solved. By designing two types of tenant trust relationships, the tenant trust relationship concept is introduced to an access control model to reflect the access control requirement between two tenants. Through the definition of model elements and the formal description of a model function, a tenant trust model is built to adapt to the multi-tenant characteristic of cloud computing, and then cross-tenant access control is achieved.
Description
Technical field
The invention belongs to cloud computing information security field, more particularly, to based on trust model under a kind of cloud environment
Across tenant's access control method.
Background technology
Cloud computing is one of hot issue of current information technical field, is that academia, industrial circle, government etc. the most extremely close
Note focus, its core concept be by calculate in a large number resource, storage resource link together with software resource, formation huge size
Shared virtual IT resource pool.Many tenants technology makes different user share identical resource, is the crucial skill of cloud computing employing
Art, is also that resource can dynamic retractility and the key reason made full use of.Many tenants technology is by on-demand customization and shares storage
Interactive mode obtain while cloud service and be also faced with new challenges: 1. unauthorized tenant steals letter to obtain business secret
Breath;2. there is tenant's unauthorized access unauthorized resource of part authority;3. cloud service provider may be to outward leakage tenant's business
Information.It is thus desirable to explore the controllability difficult problem solving each inter-entity complex interaction, by effectively controlling the access rights of tenant
Protect safety and the privacy of its information.
Academia has expanded the research of the access control technology under cloud computing environment, and main research point concentrates on cloud meter
Calculate the aspects such as access control model under environment, access control based on encryption mechanism, virtual machine access control.But in cloud resource
Chi Zhong, logical security territory instead of the physical security border under conventional architectures pattern, and the cloud resource of tenant loses physical boundary
The security control in territory, the access control model of former distributed environment is not particularly suited for tenant's collaboration scenario cross-border in cloud.
Summary of the invention
For disadvantages described above or the Improvement requirement of prior art, the invention provides under a kind of cloud environment based on trust model
Across tenant's access control method, it is intended that by introduce tenant's trusting relationship to access control model, it is achieved a rent
The user at family can access the resource of other tenants through corresponding mandate, thus solves the resource security brought that cooperates between tenant
Property and privacy problem.
For achieving the above object, according to one aspect of the present invention, it is provided that based on trust model under a kind of cloud environment
Across tenant's access control method, comprise the following steps:
(1) user sends access request, and the tenant receiving this access request judges whether user belongs to this tenant, if
It is then to call authority partition function in the tenant in tenant's trust model, then proceeds to step (6), otherwise enter step (2);
(2) judge whether the tenant belonging to user establishes trusting relationship with the tenant receiving this access request, if it is,
Then entering step (3), else process terminates;
(3) the trusting relationship type between the tenant belonging to user and the tenant receiving this access request is judged, if
The first type, then proceed to step (4), if the second type, then proceeds to step (5);
(4) receive the tenant of this access request call in tenant's trust model across tenant's authority partition function, to transmission
The user of access request authorizes authority, then proceeds to step (6);
(5) send access request the tenant belonging to user call in tenant's trust model across tenant's authority distribute letter
Number, obtains authority at the tenant receiving access request and is granted to user, then proceeding to step (6);
(6) user uses rights that have been granted to perform to access operation.
Preferably, tenant's trust model has a following model element:
Tenant, it is to use the enterprise of cloud service, department or tissue;
User, it is to access the main body of tenant's resource in cloud platform, and each user has a unique owner tenant,
And tenant has multiple user, user accesses tenant's resource according to the authority authorized, and carries out the Business Processing being correlated with.
Authority, it is the privilege of a kind of specification being present in tenant, each authority only one of which owner tenant, tenant
There is multiple authority.
Preferably, if trusting relationship is the first type, after trusting relationship is established, tenant A can disclose its portion to tenant B
Divide or whole user profile, it is therefore an objective to tenant B user profile based on tenant A can distribute the authority of tenant B to the use of tenant A
Family, completes across tenant's authorized appropriation;If trusting relationship is the second type, after trusting relationship is established, tenant A can divide authorizing
The control joined entrusts to tenant B, it is therefore an objective to tenant B can distribute to the user in tenant B the authority of tenant A, complete across
Tenant's authorized appropriation.
Preferably, tenant's trust model has such as minor function, in order to represent the relation between model element:
(1) trusting relationship is set up: the binary crelation that tenant collects Tenants and tenant collects between Tenants,
(2) tenant user creates: the binary crelation that tenant collects Tenants and user collects between Users,Being many-one relationship between tenant and user, a tenant can have multiple user, a user to belong to
Some tenant;
(3) tenant's authority creates: tenant collects a binary crelation between Tenants and authority set Permissions,Being many-one relationship between tenant and authority, a tenant can have multiple authority, a kind of authority to belong to
In some tenant;
(4) authority distribution in tenant: authority set Permissions and user in tenant collect two between Users
Unit's relation,Being many-to-many relationship between user and authority, a user can have multiple authority, Yi Zhongquan
Limit can distribute to multiple user.User-authority distribution is specified by tenant keeper.
(5) distribute across tenant's authority: the binary crelation between user's collection and the authority set of another tenant of a tenant,Being many-to-many relationship between user and authority, a user can have multiple authority, and a kind of authority is permissible
Distribute to multiple user.
Preferably, tenant's trusting relationship is divided into two classes:
(1) trustee discloses its user profile to trustee, and trustee distributes its authority to trustee based on user profile
User.
(2) control across tenant's authorized appropriation is entrusted to trustee by trustee, and trustee obtains visit at trustee
Ask authority.
Preferably, tenant's trusting relationship has the property that
(1) tenant's trusting relationship is that the binary crelation between tenant is from trustee to trustee;
(2) tenant always trusts itself, accesses not trusted relationship affect in tenant territory;
(3) in order to control the propagation of trusting relationship and enable, trusting relationship can only be initiated and by being commissioned via trustee
People sets up after agreeing to, it is impossible to indirectly infer from the combination of other trusting relationships;
(4) trusting relationship is unidirectional and each directionally independent.Single tenant can be in a trusting relationship
Trustee, is trustee at another.
In general, by the contemplated above technical scheme of the present invention compared with prior art, it is possible to show under acquirement
Benefit effect:
(1) present invention be applicable between cloud platform tenant cooperation scene: user's identification division, owing to have employed step (1)
With step (2), make tenant can select corresponding access control scheme according to the situation of user, it is achieved fine granularity is with tenant as list
The access of position controls, and meets the diversified demand under cloud environment.
(2) present invention solves and accesses safety and privacy concern across tenant: owing to have employed step (3), step (4) and step
Suddenly establishing trusting relationship between (5), only tenant, user can be awarded the resource access rights of other tenants, it is achieved across
Tenant accesses control, provides personalized demand for services for tenant.
(3) present invention has the features such as reasonable in design, simple in construction, flexible configuration, can expand further based on the method
Represent and have access control model, have good value for applications.
Accompanying drawing explanation
Fig. 1 is the flow chart across tenant's access control method based on trust model under cloud environment of the present invention;
Fig. 2 is the schematic diagram of the tenant's trust model that the present invention relates to.
Detailed description of the invention
In order to make the purpose of the present invention, technical scheme and advantage clearer, below in conjunction with drawings and Examples, right
The present invention is further elaborated.Should be appreciated that specific embodiment described herein only in order to explain the present invention, and
It is not used in the restriction present invention.If additionally, technical characteristic involved in each embodiment of invention described below
The conflict of not constituting each other just can be mutually combined.
Comprise the following steps as it is shown in figure 1, based on trust model under cloud environment of the present invention across tenant's access control method:
(1) tenant receives the access request that user sends, and judges whether user belongs to this tenant, if it is, call
Authority partition function in tenant in tenant's trust model, then proceeds to step (6), otherwise enters step (2);
(2) judge whether the tenant belonging to user establishes trusting relationship with the tenant receiving this access request, if it is,
Then entering step (3), else process terminates;
(3) the trusting relationship type between the tenant belonging to user and the tenant receiving this access request is judged, if
The first type, then proceed to step (4), if the second type, then proceeds to step (5);
(4) receive the tenant of this access request call in tenant's trust model across tenant's authority partition function, to transmission
The user of access request authorizes authority, then proceeds to step (6);
(5) send access request the tenant belonging to user call in tenant's trust model across tenant's authority distribute letter
Number, obtains authority at the tenant receiving access request and is granted to user, then proceeding to step (6);
(6) user uses rights that have been granted to perform to access operation.
As in figure 2 it is shown, in the present invention, tenant's trust model has a following model element:
(1) tenant: use the enterprise of cloud service, department or tissue, be designated as Tenants={t1, t2..., tn, represent institute
Have a set of tenant, generally tenant be mapped to cloud service particular virtual territory of its lease in practice, the activity of cloud user and
Resource accesses and is defined within a tenant territory.
(2) user: access the main body of tenant's resource in cloud platform, be designated as Users={u1, u2..., un, represent that institute is useful
The set at family.Each user has a unique owner tenant, and tenant has multiple user.User is according to the authority authorized
Access tenant's resource, carry out the Business Processing being correlated with.
(3) authority: the privilege of a kind of specification that authority is present in tenant, is designated as Permissions={p1, p2...,
pn, represent the set of all permissions.Each authority only one of which owner tenant, tenant has multiple authority.
Tenant's trust model has such as minor function, in order to represent the relation between model element:
(1) trusting relationship is set up: the binary crelation that tenant collects Tenants and tenant collects between Tenants,
Tenant's trusting relationship is divided into two classes:
1-1) trustee discloses its user profile to trustee, and trustee distributes its authority to trustee based on user profile
User.
1-2) control across tenant's authorized appropriation is entrusted to trustee by trustee, and trustee obtains visit at trustee
Ask authority.
(2) tenant user creates: the binary crelation that tenant collects Tenants and user collects between Users,
Being many-one relationship between tenant and user, a tenant can have multiple user, a user can only belong to some tenant.
Correspondingly, function userOwner (u) maps the user owner tenant to it, and when meeting, (u, t) during ∈ TU
UserOwner (u)=t;
(3) tenant's authority creates: tenant collects a binary crelation between Tenants and authority set Permissions,Being many-one relationship between tenant and authority, a tenant can have multiple authority, a kind of authority to belong to
In some tenant.Correspondingly, function permOwner (p) maps the authority owner tenant to it, when meet (p, t)
PermOwner (p)=t during ∈ TP;
(4) authority distribution in tenant: authority set Permissions and user in tenant collect two between Users
Unit's relation,Being many-to-many relationship between user and authority, a user can have multiple authority, Yi Zhongquan
Limit can distribute to multiple user.User-authority distribution is specified by tenant keeper.
(5) distribute across tenant's authority: the binary crelation between user's collection and the authority set of another tenant of a tenant,Being many-to-many relationship between user and authority, a user can have multiple authority, and a kind of authority is permissible
Distribute to multiple user.The premise that across tenant, authority is distributed to user is to there is following trusting relationship (to use symbolTable
Show) one of which:
Embodiment
(1) tenant's registration
Enterprise tenant plans the tenant's trusting relationship management service using cloud service provider to be provided.First enterprise tenant
By register flow path, file an application to cloud service provider, register tenant's information, believe including enterprise name, address, phone etc.
Breath;Tenant Administrator Info is then provided (using this keeper to create tenant's internal user and authority distribution) later, selects letter
Appoint the specific functional modules of relationship management service, as applied for, allow, cancelling.
(2) inter access control model
It is (self contained navigation, strong that tenant keeper may select three kinds of access Control Cooling that cloud service provider provided
System access control and role-base access control) one of which, complete tenant's inter access control model.
(3) control model is accessed across tenant
When tenant A need cooperate with tenant B, tenant A send trust application via tenant B permission after, both pass through
Trusting relationship is set up in the management service of tenant's trusting relationship.Tenant A is trustee, tenant B trustee.
If trusting relationship is the first type, after trusting relationship is established, tenant A can disclose its part or complete to tenant B
Portion's user profile, it is therefore an objective to tenant B can user profile based on tenant A distribution tenant B authority to the user of tenant A, complete
Across tenant's authorized appropriation.
If trusting relationship is the second type, after trusting relationship is established, the control of authorized appropriation can be entrusted by tenant A
To tenant B, it is therefore an objective to tenant B can distribute to the user in tenant B the authority of tenant A, completes across tenant's authorized appropriation.
As it will be easily appreciated by one skilled in the art that and the foregoing is only presently preferred embodiments of the present invention, not in order to
Limit the present invention, all any amendment, equivalent and improvement etc. made within the spirit and principles in the present invention, all should comprise
Within protection scope of the present invention.
Claims (6)
1. based on trust model across tenant's access control method under a cloud environment, it is characterised in that to comprise the following steps:
(1) user sends access request, and the tenant receiving this access request judges whether user belongs to this tenant, if it is,
Call authority partition function in the tenant in tenant's trust model, then proceed to step (6), otherwise enter step (2);
(2) judge whether the tenant belonging to user establishes trusting relationship, if it is, enter with the tenant receiving this access request
Entering step (3), else process terminates;
(3) the trusting relationship type between the tenant belonging to user and the tenant receiving this access request is judged, if first
Type, then proceed to step (4), if the second type, then proceeds to step (5);
(4) receive the tenant of this access request call in tenant's trust model across tenant's authority partition function, access sending
The user of request authorizes authority, then proceeds to step (6);
(5) send the tenant belonging to user of access request call in tenant's trust model across tenant's authority partition function, from
Receive and obtain authority at the tenant of access request and be granted to user, then proceed to step (6);
(6) user uses rights that have been granted to perform to access operation.
The most according to claim 1 across tenant's access control method, it is characterised in that tenant's trust model has such as lower mold
Type element:
Tenant, it is to use the enterprise of cloud service, department or tissue;
User, it is to access the main body of tenant's resource in cloud platform, and each user has a unique owner tenant, and rents
There is multiple user at family, and user accesses tenant's resource according to the authority authorized, and carries out the Business Processing being correlated with.
Authority, it is the privilege of a kind of specification being present in tenant, and each authority only one of which owner tenant, tenant has many
Individual authority.
It is the most according to claim 2 across tenant's access control method, it is characterised in that if trusting relationship is the first kind
Type, after trusting relationship is established, tenant A can disclose its part or all of user profile to tenant B, it is therefore an objective to tenant B can be based on
The authority of the user profile distribution tenant B of tenant A, to the user of tenant A, completes across tenant's authorized appropriation;If trusting relationship is
Two types, after trusting relationship is established, the control of authorized appropriation can be entrusted to tenant B by tenant A, it is therefore an objective to tenant B can
Distribute to the user in tenant B with the authority tenant A, complete across tenant's authorized appropriation.
The most according to claim 3 across tenant's access control method, it is characterised in that tenant's trust model has following letter
Number, in order to represent the relation between model element:
(1) trusting relationship is set up: the binary crelation that tenant collects Tenants and tenant collects between Tenants,
(2) tenant user creates: the binary crelation that tenant collects Tenants and user collects between Users,Rent
Being many-one relationship between family and user, a tenant can have multiple user, a user can only belong to some tenant;
(3) tenant's authority creates: tenant collects a binary crelation between Tenants and authority set Permissions,Being many-one relationship between tenant and authority, a tenant can have multiple authority, a kind of authority to belong to
In some tenant;
(4) authority distribution in tenant: authority set Permissions and user in tenant collect a binary pass between Users
System,Being many-to-many relationship between user and authority, a user can have multiple authority, and a kind of authority can
To distribute to multiple user.User-authority distribution is specified by tenant keeper.
(5) distribute across tenant's authority: the binary crelation between user's collection and the authority set of another tenant of a tenant,Being many-to-many relationship between user and authority, a user can have multiple authority, and a kind of authority is permissible
Distribute to multiple user.
The most according to claim 4 across tenant's access control method, it is characterised in that tenant's trusting relationship is divided into two classes:
(1) trustee discloses its user profile to trustee, and trustee distributes its authority to the use of trustee based on user profile
Family.
(2) control across tenant's authorized appropriation is entrusted to trustee by trustee, and trustee obtains access right at trustee
Limit.
The most according to claim 5 across tenant's access control method, it is characterised in that tenant's trusting relationship has following property
Matter:
(1) tenant's trusting relationship is that the binary crelation between tenant is from trustee to trustee;
(2) tenant always trusts itself, accesses not trusted relationship affect in tenant territory;
(3) in order to control the propagation of trusting relationship and enable, trusting relationship can only be initiated via trustee and same by trustee
Set up after meaning, it is impossible to indirectly infer from the combination of other trusting relationships;
(4) trusting relationship is unidirectional and each directionally independent.Single tenant can be to entrust in a trusting relationship
People, is trustee at another.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610303258.8A CN105871880B (en) | 2016-05-10 | 2016-05-10 | Across tenant access control method based on trust model under a kind of cloud environment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610303258.8A CN105871880B (en) | 2016-05-10 | 2016-05-10 | Across tenant access control method based on trust model under a kind of cloud environment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105871880A true CN105871880A (en) | 2016-08-17 |
CN105871880B CN105871880B (en) | 2018-11-06 |
Family
ID=56631592
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610303258.8A Active CN105871880B (en) | 2016-05-10 | 2016-05-10 | Across tenant access control method based on trust model under a kind of cloud environment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105871880B (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109756527A (en) * | 2017-11-01 | 2019-05-14 | 阿里巴巴集团控股有限公司 | Data sharing method, apparatus and system |
CN110968858A (en) * | 2018-09-30 | 2020-04-07 | 北京国双科技有限公司 | User authority control method and system |
CN111182058A (en) * | 2019-12-30 | 2020-05-19 | 福建天泉教育科技有限公司 | Method and storage medium for realizing cross-tenant access at Android terminal |
CN111988173A (en) * | 2020-08-19 | 2020-11-24 | 北京安瑞志远科技有限公司 | Tenant management platform and tenant management method based on multi-layer parent-child structure tenant |
CN112579999A (en) * | 2019-09-30 | 2021-03-30 | 北京国双科技有限公司 | Data processing method and device |
CN114070600A (en) * | 2021-11-11 | 2022-02-18 | 上海电气集团数字科技有限公司 | Industrial Internet field identity access control method based on zero trust model |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101242277A (en) * | 2008-03-11 | 2008-08-13 | 南京邮电大学 | Authorization trust method based on trust under grid environment |
CN101453476A (en) * | 2009-01-06 | 2009-06-10 | 中国人民解放军信息工程大学 | Cross domain authentication method and system |
CN101729321A (en) * | 2009-12-22 | 2010-06-09 | 北京理工大学 | Dynamic cross-domain access control method based on trust valuation mechanism |
CN101888341A (en) * | 2010-07-20 | 2010-11-17 | 上海交通大学 | Calculable creditworthiness-based access control method under distributed environment of multiple trusting domains |
WO2012004185A1 (en) * | 2010-07-08 | 2012-01-12 | International Business Machines Corporation | Resource access management |
CN102571821A (en) * | 2012-02-22 | 2012-07-11 | 浪潮电子信息产业股份有限公司 | Cloud security access control model |
CN105074685A (en) * | 2013-03-15 | 2015-11-18 | 国际商业机器公司 | Multi-tenancy support for enterprise social business computing |
-
2016
- 2016-05-10 CN CN201610303258.8A patent/CN105871880B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101242277A (en) * | 2008-03-11 | 2008-08-13 | 南京邮电大学 | Authorization trust method based on trust under grid environment |
CN101453476A (en) * | 2009-01-06 | 2009-06-10 | 中国人民解放军信息工程大学 | Cross domain authentication method and system |
CN101729321A (en) * | 2009-12-22 | 2010-06-09 | 北京理工大学 | Dynamic cross-domain access control method based on trust valuation mechanism |
WO2012004185A1 (en) * | 2010-07-08 | 2012-01-12 | International Business Machines Corporation | Resource access management |
CN101888341A (en) * | 2010-07-20 | 2010-11-17 | 上海交通大学 | Calculable creditworthiness-based access control method under distributed environment of multiple trusting domains |
CN102571821A (en) * | 2012-02-22 | 2012-07-11 | 浪潮电子信息产业股份有限公司 | Cloud security access control model |
CN105074685A (en) * | 2013-03-15 | 2015-11-18 | 国际商业机器公司 | Multi-tenancy support for enterprise social business computing |
Non-Patent Citations (1)
Title |
---|
羌卫中,金海,石宣化,邹德清: "基于分布式信任管理机制的网络授权研究", 《华中科技大学学报》 * |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109756527A (en) * | 2017-11-01 | 2019-05-14 | 阿里巴巴集团控股有限公司 | Data sharing method, apparatus and system |
CN109756527B (en) * | 2017-11-01 | 2022-01-21 | 阿里巴巴集团控股有限公司 | Data sharing method, device and system |
CN110968858A (en) * | 2018-09-30 | 2020-04-07 | 北京国双科技有限公司 | User authority control method and system |
CN112579999A (en) * | 2019-09-30 | 2021-03-30 | 北京国双科技有限公司 | Data processing method and device |
CN111182058A (en) * | 2019-12-30 | 2020-05-19 | 福建天泉教育科技有限公司 | Method and storage medium for realizing cross-tenant access at Android terminal |
CN111182058B (en) * | 2019-12-30 | 2022-07-26 | 福建天泉教育科技有限公司 | Method and storage medium for realizing cross-tenant access at Android terminal |
CN111988173A (en) * | 2020-08-19 | 2020-11-24 | 北京安瑞志远科技有限公司 | Tenant management platform and tenant management method based on multi-layer parent-child structure tenant |
CN111988173B (en) * | 2020-08-19 | 2023-09-12 | 北京安瑞志远科技有限公司 | Tenant management platform and tenant management method based on multi-layer father-son structure tenant |
CN114070600A (en) * | 2021-11-11 | 2022-02-18 | 上海电气集团数字科技有限公司 | Industrial Internet field identity access control method based on zero trust model |
CN114070600B (en) * | 2021-11-11 | 2023-09-29 | 上海电气集团数字科技有限公司 | Industrial Internet domain identity access control method based on zero trust model |
Also Published As
Publication number | Publication date |
---|---|
CN105871880B (en) | 2018-11-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105871880A (en) | Cross-tenant access control method based on trust model in cloud environment | |
US10949557B2 (en) | Blockchain-based auditing, instantiation and maintenance of 5G network slices | |
Bhaskaran et al. | Double-blind consent-driven data sharing on blockchain | |
Kaiwen et al. | Attribute-role-based hybrid access control in the internet of things | |
CN106792692B (en) | A kind of physics dicing method based on SDN technology | |
CN104573478A (en) | User authority management system of Web application | |
CN108092945B (en) | Method and device for determining access authority and terminal | |
WO2016188153A1 (en) | Access role acquiring method, device and system | |
US10432642B2 (en) | Secure data corridors for data feeds | |
CN102932340A (en) | System and method for role-based access control | |
CN110809006A (en) | Block chain-based Internet of things access control architecture and method | |
CN111404910B (en) | Manufacturing cross-domain data security sharing control method based on block chain | |
CN106878084A (en) | A kind of authority control method and device | |
CN109413080B (en) | Cross-domain dynamic authority control method and system | |
CN112187800B (en) | Attribute-based access control method with anonymous access capability | |
Li et al. | Towards secure dynamic collaborations with group-based RBAC model | |
CN107846676A (en) | Safety communicating method and system based on network section security architecture | |
KR20190025981A (en) | Authorization revocation methods and devices | |
CN103581200A (en) | Method and system for achieving fast circulation of structural file among multiple levels of safety domains | |
CN110414213A (en) | A kind of method and device to rights management in operation management system based on keycloak | |
Yahya et al. | Multi-organizational access control model based on mobile agents for cloud computing | |
CN113904875B (en) | Multi-chain fusion authority control system based on block chain | |
Chai et al. | SFAC: A Smart Contract-Based Fine-Grained Access Control for Internet of Things | |
Bouras et al. | A Lightweight Blockchain-Based IoT Identity Management Approach. Future Internet 2021, 13, 24 | |
Xie et al. | Pre-authorization Usage Control Mechanism for Cross-Domain in Cloud |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |