KR20210069163A - Secure Role Based Access Control System and Method for Cloud Computing - Google Patents

Abstract

The present invention discloses a system and method for controlling a secure role-based access for a cloud computing. The system for controlling the secure role-based access for the cloud computing according to one aspect of the present invention comprises: a dimensional domain module that manages a resource and a user based on a physical location and a logical location, and includes a function to control access to a service by the user; a trust module including a function to monitor user behavior for secure access to the data; and a security data access control part that performs user identification to evade intruders and other internal and external attacks. Therefore, the present invention is capable of having an effect of securely sharing resources among untrusted users.

Description

Secure Role Based Access Control System and Method for Cloud Computing

The present invention relates to a secure role-based access control system and method for cloud computing, and more particularly, to a secure role-based access control system and method for cloud computing that provides efficient access control in a highly distributed cloud computing environment. will be.

In a distributed cloud environment, external customers are quickly processed through virtualization, management, and storage to provide a variety of platforms and services. To maintain the scalability and stability of cloud computing systems, users can access various resources in the form of services such as Infrastructure as a Services (IaaS), Platform as a Services (PaaS), and Software as a Services (SaaS). Thus, a public cloud is built around the Internet, but can be confusing compared to a private cloud that involves an enterprise to access resources with associated users. Among the three types of services, SaaS is the most vulnerable to internal/external attacks, which can lead to data leakage through various attacks such as malicious insider attacks. Confidentiality, integrity, and availability are key security services that play and implement key roles in public clouds. Security services should protect users' access against other security concerns in the cloud-based model.

Korean Patent Registration No. 10-1280753 (published on Jul. 5, 2013)

The present invention has been proposed to solve the above problems, and an object of the present invention is to provide a secure role-based access control system and method for cloud computing that can efficiently control access in a highly distributed cloud computing environment.

Other objects and advantages of the present invention may be understood by the following description, and will be more clearly understood by an embodiment of the present invention. Further, it will be readily apparent that the objects and advantages of the present invention can be realized by the means and combinations thereof indicated in the claims.

A secure role-based access control system for cloud computing according to an aspect of the present invention for achieving the above object manages resources and users based on physical and logical locations, and functions to control access to services of users A dimension domain module comprising; a trust module comprising the ability to monitor user behavior for secure access to data; and a security data access control unit that performs user identification to avoid intruders and other internal and external attacks.

The dimensional domain module includes a physical structure of a dimensional domain and a logical structure of a dimensional domain, and the physical structure of the dimensional domain is composed of a network object and a logical layer to manage operational requirements and controls, and Organizational requirements are managed using a logical layout, and the logical structure of the dimension domain is used to define resources and information according to standards, and to implement organizational policies according to the established logical structure, and use XACML to distribute domain-based It is characterized in that it facilitates the use of the file system.

The dimensional domain module is characterized by using context-aware and role-based access control to provide the user with the necessary time and location information.

The secure data access control unit is characterized in that by issuing an identification tag indicating the sensitivity of the data to perform task classification in order to protect data access displayed as a data label in the database.

An access control method in a secure role-based access control system for cloud computing according to another aspect of the present invention for achieving the above object includes: managing resources and users based on physical and logical locations; monitoring user behavior for secure access to data; and performing user identification to avoid intruders and other internal and external attacks.

The step of managing resources and users based on the physical location and the logical location includes a step of forming a physical structure of a dimensional domain and a step of forming a logical structure of a dimensional domain, and the step of forming a physical structure of the dimensional domain includes: Consisting of a logical layer, managing operational requirements and controls, and managing organizational requirements using a logical layout of a dimensional domain, wherein the step of forming a logical structure of the dimensional domain includes: resources and information according to a standard is used for implementation of organizational policies according to the set logical structure, and facilitating the use of a domain-based distributed file system using XACML.

The step of managing resources and users based on physical and logical locations may include using context-aware and role-based access control to provide users with necessary time and location information.

The step of performing user identification to avoid intruders and other internal and external attacks includes performing task classification to secure access to data represented by data labels in the database by issuing identification tags indicating the sensitivity of the data. characterized in that

According to one aspect of the present invention, there is an effect that resources can be safely shared among untrusted users.

In addition, by supporting different access rights for the same user, it has the effect of allowing users to safely use multiple services.

In addition, it has the effect of protecting the cloud computing environment from privileged or unauthorized user access.

The effects obtainable in the present invention are not limited to the above-mentioned effects, and other effects not mentioned will be clearly understood by those of ordinary skill in the art to which the present invention belongs from the following description. .

The following drawings attached to this specification illustrate preferred embodiments of the present invention, and serve to further understand the technical spirit of the present invention together with specific contents for carrying out the invention, so the present invention is in such drawings It should not be construed as being limited only to the stated matters.
1 is a schematic configuration diagram of a secure role-based access control system for cloud computing according to an embodiment of the present invention;
2 is a structure of a system according to an embodiment of the present invention;
3 is an example of a physical structure of a dimensional domain according to an embodiment of the present invention;
4 is an example of a logical structure of a dimension domain according to an embodiment of the present invention;
5 is an example of the structure of a dimensional domain according to an embodiment of the present invention;
6 is an example of an inference relationship between dimension domains according to an embodiment of the present invention;
7 is an example of a trust module according to an embodiment of the present invention;
8 is a diagram illustrating an example of secure data access control according to an embodiment of the present invention;
9 is a schematic flowchart of an access control method in a secure role-based access control system for cloud computing according to an embodiment of the present invention.

The above-described objects, features and advantages will become more apparent through the following detailed description in relation to the accompanying drawings, and accordingly, those of ordinary skill in the art to which the present invention pertains can easily implement the technical idea of the present invention. There will be. In addition, in the description of the present invention, if it is determined that the detailed description of the known technology related to the present invention may unnecessarily obscure the gist of the present invention, the detailed description thereof will be omitted. Hereinafter, a preferred embodiment according to the present invention will be described in detail with reference to the accompanying drawings.

Throughout the specification, when a part "includes" a certain component, it means that other components may be further included, rather than excluding other components, unless otherwise stated. In addition, the “… The term “unit” means a unit that processes at least one function or operation, which may be implemented as hardware or software or a combination of hardware and software.

1 is a schematic configuration diagram of a secure role-based access control system for cloud computing according to an embodiment of the present invention, FIG. 2 is a structure of a system according to an embodiment of the present invention, and FIG. 3 is an embodiment of the present invention An example of a physical structure of a dimensional domain according to an example, FIG. 4 is an example of a logical structure of a dimensional domain according to an embodiment of the present invention, and FIG. 5 is an example of a structure of a dimensional domain according to an embodiment of the present invention , FIG. 6 is an example of an inference relationship between dimension domains according to an embodiment of the present invention, FIG. 7 is an example of a trust module according to an embodiment of the present invention, and FIG. 8 is a security according to an embodiment of the present invention It is a diagram illustrating an example of data access control.

Referring to FIG. 1 , the secure role-based access control system for cloud computing according to the present embodiment includes a dimension domain module 100 , a trust module 200 , and a secure data access control unit 300 .

According to this embodiment, relationships between various components of the system, such as users, resources and devices, can be developed to access resources in a secure manner. Integrity is maintained by registering the relevant device according to a particular domain. Among these domains, the dimensional domain is referred to as the spatial state responsible for the identification process. The system according to the present embodiment may be configured with a dimensional domain having an access control function and a trust module 200 for monitoring user behavior for secure access to data (see FIG. 2 ). Thus, these modified models use the principles of delegation and least privilege, while the Core RBAC model can use XACML to achieve the security of the system.

The dimension domain module 100 manages resources and users based on physical and logical locations, and includes a function of controlling access to services of users.

The dimension domain module 100 includes a physical structure of a dimension domain and a logical structure of a dimension domain. At this time, the physical structure of the dimension domain is composed of network entities and logical layers to manage operational requirements and controls, and the logical layout of the dimension domain is used to manage organizational requirements. On the other hand, the logical structure of the dimension domain defines resources and information according to the standard, and is used for the implementation of organizational policies according to the set logical structure, and XACML can be used to facilitate the use of a domain-based distributed file system.

Dimensional domain module 100 may use context-aware and role-based access control to provide users with the time and location information they need.

According to this embodiment, the physical location and the logical location are respectively pl = {pl1, pl2, ... … pln} and ll={ll1, ll2, ......, lln}. Depending on the location context scenario, there are the following relationships for LL and PL, subtypes: LL → 2LL, supertype: LL → 2LL, instance: LL → 2PL and type: PL → 2LL. These relationships are based on inclusion, overlap, sameness, fulfillment, and separation. Location-related situational scenarios require providing controlled cloud services and accessing information from other sources such as mobile grids and point-to-point environments. This scenario works with the role object where the advertising user accesses the service. RBAC mechanisms related to location context can use specific definitions to meet cloud security requirements.

According to the present embodiment, in the role-based access control (RBAC) model, the dimensional domain manager may configure network entities and logical layers. Domain administrators use delegation of duty and manage operational requirements and controls. Administrators use the logical layout of dimension domains to manage organizational requirements. The actual layout may include context collection, reason management, policy management unit, reason hierarchy management and dimension reason role and dimension domain relationship management characteristics. The physical domain may be composed of a reason module and a policy unit. As shown in FIG. 3 , the reason module may include a context collector that uses context information of the context analyzer. This information consists of resources and users' credentials and spatial information, and may include information. Session time, resource and user location and user profile. This information can be created through the context generator of the reason module. The system according to this embodiment uses context-aware and role-based access control to provide the user with the necessary time and location information. The reason module contains a reason manager, a managed user reasoning mechanism, and reasons activated using a reason activator. Dimensional Reason (DR) represents a hierarchical relationship between location and reason. Dimensional Reason Roles (DRR) are created due to the interrelationship between the role hierarchy and the reasoning hierarchy. It may also include a dimensional reason manager (DRS) for maintaining dimensional reasons in the Generalized Location Hierarchy (GLH) and Specific Location Hierarchy (SLH) via the DRS-GLH allocator and the DRS-SLH allocator via the DRS transmitter. . This technique captures the reason based on the context value. The actual layout of the domain shows the trust relationship of the model. Models can be implemented using XACML.

According to the present embodiment, the logical structure of the dimension domain may be helpful in understanding the configuration of the domain. Resources and information can be defined according to standards. Once the logical structure is established, it can be used to implement organizational policies. It can also be used to manage resources, users, and software distribution. You can also use XACML to facilitate domain-based distributed file systems. For better access control, logical structures can be used to segregate resources. It can be used to manage users, resources and networks using hierarchical properties (see Figure 4). It can provide simple resource management, reduce network management cost, and provide resource sharing. The dimension reason DRSslh <drsslh, rs, slh> relationship shows the location hierarchy at SLH level if there is a dimension reason, SLH_Occur_pl(slh) → DRSPS = {pl1, pl2 ..... pln}. In this case, the reason and dimensional domains may be connected to each other through SLH and GLH level relationships, which are classified into internal dimension reason relationships and external dimension reason relationships designated as INT_DRSDD and EXT_DRSDD, respectively (slh is glh). The system may collect dimensional inference information defined by a general schema at the location where a specific schema begins.

Meanwhile, the system according to the present embodiment may include the following basic functions and manager functions.

* Basic function

1) Subjects

)2) User

)

3) Objects

4) Operation

5) TASKS

6) Permissions

7) Physical locations

8) Logical locations

9) Role

10) Session

11) Dimensional reasons

Dimensional reasons role

* Admin function

1) User assignment

2) Permission assignment

3) Reasons location assignment

4) User Assignment (Danwei, Xiuli, & Xunyi)

5) Dimensional Reasons Role Assignment (DRSRA)

According to this embodiment, the RACC entity can be extended by creating a multidimensional domain using XACML. A dimensional domain can consist of physically and logically bound spaces and objects. An object can be an application in an ordered domain in whole or in part. Domains can represent the departmental structure of an organization to provide a flexible means to partition objects. A relationship between the inference and the domain can be established. In the next step, this relationship creates a multidimensional domain. Roles represent participants in a domain and can provide a grouping mechanism for various tasks. This grouping mechanism is based on the tasks performed by an employee under a specific organizational structure. Therefore, the system must identify domains, objects, and roles. A dimension domain is logically constrained and surrounded by one object or list of objects, and a role containing a dimension reason role is called a dimension domain (DD). The system must be aware of this dimensional domain. DD is composed of an object based on dimensional reason role → DD <DD, DD_HOP> D, where the logical location can be expressed as DD_HOP: occurLDD (DD) → ll ε LL.

[Equation 1]

One) Multiple level domain

Includes

and

Includes

and

2)

Overlapping

[Equation 2]

Disjoint

The overlap forms an inheritance relationship between the two DDs, one can access the resource in the other domain (a set of drss dimension reasons indicating that DD1 can access the resource in DD2). According to FIG. 5 , the hospital emergency situation is referred to as one of the domains partially included in the cardiac unit area, while the small operating room is another domain of the scenario referred to as another domain fully included in both the emergency and cardiac units.

Trust module 200 includes functionality to monitor user behavior for secure access to data.

According to this embodiment, a user can access a necessary resource by performing a specific action according to the security privacy policy. Such access may depend on the validity of the reason the user has provided to access the resource. These reasons can be classified into two categories: permitted intended reasons and prohibited intended reasons. These categories include context-specific values such as RSA ÆU x R x T x L_ATR. In such a system involving context values, the generalized location layer and the specific location layer are directly proportional to the generalized and specific inferences, respectively, as shown in FIG. 6 . The reason the user can access the task by making a resource access request can be specified in the task as reason (rs) → DRSR x T x L_ATR. In the same position, these reasons can be classified into hierarchies as sp ≤ sb including constraints. Therefore, the relationship between the reason and the location is called a dimensional reason, and can be designated as DRS <drs, ll, rs>. According to FIG. 6 , the dimension reason may be defined as follows.

<Insurance, hospital, insurance company {insurance claim, insurance marketing}>

Similarly, inference between multiple domains can be defined as follows.

<University hospital laboratory {laboratory data analysis}>

The multi-domain relationship is given as follows: ll1 DD1 and ll2 DD2 are between hospital and study. Equations 1 and 2 can be used to define dimensional reason domains for DD2 and DD3 between Research and Cardiac Units.

According to this embodiment, a trusted user is a user with a valid ID and authenticated and authorized. Trust is the user's behavior, authenticity or dissatisfaction. Users who are guests need to be identified. Since the user has a history of malicious behavior, such a user may be regarded as the trust module 200 in order to find proof of identity. The trust module 200 may consider finding an administrator. The findings of these managers can be compared to identification. This module can also take into account the credibility of the proof because user behavior is influenced by many reasons such as fraud, error and other motives. However, in this model, trust can be situational. A trust context can highlight trust and other trust characteristics for users as well as administrators. Contextual expression is also essential. During the design of the trust module 200, proofs can be incorporated to support stability and proof types. The proof type is information about the proof. Proofs serve as instances of proof types. Some major components of the trust module 200 in the policy server are shown in FIG. 7 .

One) IA = Identification Administration →Identification of Proof declaration.

2) PA = Proof Assessment → Reliability of Proof Assessment

3) RA = Role Assignment → Mapping of Proof assessment and role assignment policy.

4) TPA = Trust Proof Administration →User and administrator assessment.

5) PS = Proof Statement →Administrative Estimation + Proof

6) Proof Statement PS1 = <administrator, user, proof, finding>

PS1 sentences can be used to mark malicious users. In this way, access can be restricted if the actions of internal or external users are malicious.

* Setup (PS1): The data access algorithm can use PS1 as input to generate ID tags. The expected probability of a proof statement may vary according to the formula (belief + 0.5 * uncertainty).

* Extraction (PS1, IT): An administrator runs this algorithm, then a class is assigned according to an ID tag and access to the data object is allowed but may be allowed based on limited criteria. In this way, access can be restricted if the behavior of internal and external users is malicious.

The secure data access control unit 300 performs user identification to avoid intruders and other internal and external attacks. The secure data access control unit 300 may perform task classification in order to protect data access displayed as a data label in the database by issuing an identification tag indicating the sensitivity of the data.

According to this embodiment, user identification can be made to avoid intruders and other internal/external attacks. Thus, task classification can be performed to secure access to data represented by data labels in the database by issuing identification tags indicating the sensitivity of the data. In general, users can assume more roles because strong relationships develop between tasks and sessions that enable one-to-one relationships. These roles, tasks, and permissions are each {r1 … … rn}, {tsk1, … … tskn} and {prms1, … … prmsn}, complete the task and the classification scl can access the data.

SCL={Secured(S)>Concealed(C)>solated(I)>Public(P)}.

In this scenario, a user cannot activate a role outside of an existing session. All relationships are considered one-to-one. ∀User∈USER→si∈S, where si is the current session of the user belonging to session (S), but ∀tsk∈TSK→scli∈SCL; In this situation, a single user can have more than one role. Data tags are attached with data and the system must identify the attached tags (both data tags and identification tags). User access can be controlled according to the classification and hierarchical order of data tags. User access is restricted by dominating data tags. Data tags and data sets can be defined as follows.

Set of Identity tag is defining as:

You can use the same tagging method of data tagging to categorize tasks for employees.

access object

.

access object

.

Here, D represents a data set, SCI is a classification set, and DT is a data tag. Identification tags used in this context may arise, particularly in environments where a lack of trust arises.

In this session, the task for user stsk belongs to STSK context inference and ∀ prms∈PRMS→{Permissions}.

According to this embodiment, the system can support and provide a supervisory role with a strong internal control function. This can provide a dependency for completing tasks efficiently through classification. 8 shows an example of the overall operation of secure data access control.

9 is a schematic flowchart of an access control method in a secure role-based access control system for cloud computing according to an embodiment of the present invention.

Referring to FIG. 9 , the system according to the present embodiment manages resources and users based on a physical location and a logical location ( S910 ). The dimension domain module includes the physical structure of the dimension domain and the logical structure of the dimension domain. At this time, the physical structure of the dimension domain is composed of network entities and logical layers to manage operational requirements and controls, and the logical layout of the dimension domain is used to manage organizational requirements. On the other hand, the logical structure of the dimension domain defines resources and information according to the standard, and is used for the implementation of organizational policies according to the set logical structure, and XACML can be used to facilitate the use of a domain-based distributed file system.

Next, the user behavior is monitored for secure access to data (S920). According to this embodiment, a user can access a necessary resource by performing a specific action according to the security privacy policy. Such access may depend on the validity of the reason the user has provided to access the resource.

Next, user identification is performed to avoid intruders and other internal and external attacks (S930). The secure data access control unit may perform task classification to secure data access represented by data labels in the database by issuing identification tags indicating the sensitivity of the data.

Methods according to an embodiment of the present invention may be implemented as an application or implemented in the form of program instructions that may be executed through various computer components and recorded in a computer-readable recording medium. The computer-readable recording medium may include program instructions, data files, data structures, etc. alone or in combination. The program instructions recorded on the computer-readable recording medium are specially designed and configured for the present invention, and may be known and used by those skilled in the art of computer software. Examples of the computer-readable recording medium include a hard disk, a magnetic medium such as a floppy disk and a magnetic tape, an optical recording medium such as a CD-ROM, a DVD, and a magneto-optical medium such as a floppy disk. media) and hardware devices specially configured to store and execute program instructions such as ROM, RAM, flash memory, and the like. Examples of program instructions include not only machine language codes such as those generated by a compiler, but also high-level language codes that can be executed by a computer using an interpreter or the like. The hardware device may be configured to operate as one or more software modules to perform processing according to the present invention, and vice versa.

While this specification contains many features, such features should not be construed as limiting the scope of the invention or the claims. Also, features described in individual embodiments herein may be implemented in combination in a single embodiment. Conversely, various features described in a single embodiment herein may be implemented in various embodiments individually, or may be implemented in appropriate combination.

Although operations have been described in a particular order in the drawings, it should not be understood that such operations are performed in the specific order as illustrated, or that all described operations are performed in a continuous sequence, or to obtain a desired result. Multitasking and parallel processing can be advantageous in certain circumstances. In addition, it should be understood that the division of various system components in the above-described embodiments does not require such division in all embodiments. The app components and systems described above may generally be implemented as a package in a single software product or multiple software products.

The present invention described above, for those of ordinary skill in the art to which the present invention pertains, various substitutions, modifications and changes are possible without departing from the technical spirit of the present invention. It is not limited by the drawings.

100: dimension domain module
200: trust module
300: secure data access control

Claims (8)

a dimension domain module that manages resources and users based on physical and logical locations, and includes access control functions for users'services;
a trust module comprising the ability to monitor user behavior for secure access to data; and
A secure role-based access control system for cloud computing, comprising a secure data access control unit that performs user identification to avoid intruders and other internal and external attacks. The method of claim 1,
The dimension domain module,
including the physical structure of the dimensional domain and the logical structure of the dimensional domain;
The physical structure of the dimensional domain is,
It is composed of network objects and logical layers to manage operational requirements and controls, use logical layouts of dimensional domains to manage organizational requirements,
The logical structure of the dimension domain is,
Secure role-based access for cloud computing, characterized by defining resources and information according to standards, used for implementation of organizational policies according to established logical structures, and facilitating the use of domain-based distributed file systems using XACML control system. 3. The method of claim 2,
The dimension domain module,
A secure role-based access control system for cloud computing, characterized by using context-aware and role-based access control to provide users with the time and location information they need. The method of claim 1,
The secure data access control unit,
A secure role-based access control system for cloud computing, characterized by performing task classification to secure access to data represented by data labels in a database by issuing an identification tag indicating the sensitivity of the data. An access control method in a secure role-based access control system for cloud computing,
managing resources and users based on physical and logical locations;
monitoring user behavior for secure access to data; and
Access control method comprising; performing user identification to avoid intruders and other internal and external attacks. 6. The method of claim 5,
The step of managing resources and users based on the physical location and logical location comprises:
a step of forming a physical structure of a dimensional domain and a step of forming a logical structure of a dimensional domain;
The step of forming the physical structure of the dimensional domain,
Consisting of network objects and logical layers, managing operational requirements and controls, and managing organizational requirements using logical layouts of dimensional domains;
The step of forming the logical structure of the dimension domain is,
An access control method comprising the steps of defining resources and information according to a standard, used in the implementation of an organizational policy according to a set logical structure, and facilitating the use of a domain-based distributed file system using XACML. 7. The method of claim 6,
The step of managing resources and users based on the physical location and logical location comprises:
and using context-aware and role-based access control to provide the user with the required time and location information. 6. The method of claim 5,
The step of performing user identification to avoid the intruder and other internal and external attacks,
and performing task classification to secure access to data represented by data labels in a database by issuing an identification tag indicating the sensitivity of the data.

Images