A cross-domain access control model is proposed based on user domain set.Firstly,user domain set information and inter domain role mapping were used as the basis for inter domain authorization.Then,minimum authorization principle combined with the user's history authorization records was used to cross-domain authorization.The simulation results show that the inhibitory effect of the improved model on covert role promotion and privilege penetration can reach 100%.It is far better than the traditional role-based access control model.It shows that the modified model can effectively solve the problem of covert role promotion and privilege penetration in the process of cross domain access for the multi domain environment with complex mapping.%在对云环境下用户的跨域授权研究过程中,由于传统的基于角色的访问控制(RBAC)模型仅采用域间角色映射技术来实现域间授权,导致权限渗透和隐蔽提升的问题.为确保跨域授权的安全性,提出了一种基于用户域集的跨域访问控制(UD-RBAC)模型,模型先将用户域集信息和域间角色映射同时作为域间授权依据,再结合用户的历史授权记录采用最小授权原则进行跨域授权.仿真结果表明,改进的模型对权限渗透和隐蔽的抑制率都有较大的提高,优于传统的基于角色的访问控制模型.说明改进的模型能够有效解决存在复杂映射的多域环境下用户跨域访问过程中产生的权限渗透和隐蔽提升的问题.
展开▼
