Research on multicloud access control policy integration framework

摘要

Multicloud access control is important for resource sharing and security interoperability across different clouds, and heterogeneity of access control policy is an important challenge for cloud mashups. XACML is widely used in distributed environment as a declaratively fine-grained, attribute-based access control policy language, but the policy integration of XACML lacks formal description and theory foundation. Multicloud Access Control Policy Integration Framework (MACPIF) is proposed in the paper, which consists of Attribute-based Policy Evaluation Model (ABPEM), Four-value Logic with Completeness (FLC) and Four-value Logic based Policy Integration Operators (FLPIOs). ABPEM evaluates access control policy and extends XACML decision to four-value. According to policy decision set and policy integration characteristics, we construct FLC and define FLPIOs including Intersection, Union, Difference, Implication and Equivalence. We prove that MACPIF can achieve policy monotonicity, functional completeness, canonical suitability and canonical completeness. Analysis results show that this framework can meet the requirements of policy integration in Multicloud.