›› 2019, Vol. 25 ›› Issue (第4): 894-900.DOI: 10.13196/j.cims.2019.04.011

Previous Articles     Next Articles

Privacy-aware multi-tenant access control for cloud workflow

  

  • Online:2019-04-30 Published:2019-04-30
  • Supported by:
    Project supported by the National Natural Science Foundation,China(No.61402167,61772193,61572187),the Hunan Provincial Natural Science Foundation,China(No.2017JJ4036,2018JJ2139),and the Innovation Platform Open Foundation of Hunan Provincial Education Department,China(No.17K033).

云工作流环境下隐私感知的多租户访问控制模型

文一凭1,刘建勋1,窦万春2,陈爱民3,周昱昊4   

  1. 1.湖南科技大学知识处理与网络化制造湖南省普通高校重点实验室
    2.南京大学计算机科学与技术系
    3.湘潭市规划信息技术研究中心
    4.湖南华菱湘潭钢铁有限公司
  • 基金资助:
    国家自然科学基金资助项目(61402167,61772193,61572187);湖南省自然科学基金资助项目(2017JJ4036,2018JJ2139);湖南省教育厅创新平台开放基金资助项目(17K033)。

Abstract: The multi-tenant service mode and needs of protecting user's privacy in cloud computing environment bring some new problems and challenges to the access control of a workflow management system.By considering the different degrees related to privacy involved in the workflow tasks and task combinations,the different privacy requirements of tenants and task execution constraints on characteristic elements of cloud computing environment such as time and service provider,a model of Privacy-aware Multi-tenant Access Control for Cloud Workflow (PMAC-CW) was proposed.A privacy-aware authorization method supporting dynamic separation of duty for PMAC-CW model was also proposed.It was proved that PMAC-CW model and privacy-aware authorization method were practical and feasible by applying them in real cloud workflow applications.

Key words: access control, multi-tenant, cloud workflow, privacy, authorization method

摘要: 云环境中的多租户服务模式与隐私保护需求给工作流系统访问控制提出了新挑战。通过考虑不同工作流任务与任务组合中的数据包含隐私信息的程度、租户对隐私保护的不同需求以及与时间、服务提供者等云环境特性因素相关的任务执行约束,提出一种云工作流环境下隐私感知的多租户访问控制模型,并结合该模型提出了一种隐私感知、动态责任分离的授权约束方法。通过应用实例验证了所提模型与方法的有效性。

关键词: 访问控制, 多租户, 云工作流, 隐私, 授权约束方法

CLC Number: