【摘要】：隨著Web應(yīng)用的迅速發(fā)展和軟件規(guī)模的日益擴(kuò)大,為了節(jié)約軟硬件成本及維護(hù)的費(fèi)用,軟件即服務(wù)(Software as a Service, SaaS)作為一種新的軟件應(yīng)用模式應(yīng)運(yùn)而生�！皢螌�(shí)例,多租戶”是SaaS的一種模式,在這種模式下處于同一實(shí)例下的租戶的數(shù)據(jù)有被其它租戶非法訪問的風(fēng)險(xiǎn)。訪問控制技術(shù)是控制主體對(duì)客體的訪問,它能夠保證授權(quán)用戶對(duì)資源的有效訪問,因此進(jìn)行訪問控制技術(shù)的研究對(duì)Web應(yīng)用的發(fā)展是非常有價(jià)值的。 本文首先研究)CACML策略描述語言的特點(diǎn),分析了XACML2.0和3.0版本的不同,并在支持XACML2.0版本的umu-xacml-editor-v1.3.2編輯器基礎(chǔ)上設(shè)計(jì)實(shí)現(xiàn)了滿足XACML3.0規(guī)范的編輯器。然后分析了當(dāng)前多租戶環(huán)境下訪問控制模型,擴(kuò)展了XACML的數(shù)據(jù)流模型,使其適合作為多租戶環(huán)境下的訪問控制模型。 在整個(gè)訪問控制過程中,租戶策略的安全性是我們必須要保證的,它是租戶正常訪問應(yīng)用的核心。本文設(shè)計(jì)并實(shí)現(xiàn)了基于文件過濾驅(qū)動(dòng)的模塊,在操作系統(tǒng)的底層對(duì)策略文件進(jìn)行保護(hù),同時(shí)設(shè)計(jì)并實(shí)現(xiàn)了基于Java實(shí)現(xiàn)的策略監(jiān)控、更新模塊來對(duì)策略文件進(jìn)行管理。最后將基于)CACML數(shù)據(jù)流的ABAC擴(kuò)展模型應(yīng)用到具體的多租戶系統(tǒng)中,并對(duì)系統(tǒng)進(jìn)行分析和測(cè)試,驗(yàn)證了該模型能夠適合靈活多變的多租戶環(huán)境。
[Abstract]:With the rapid development of Web applications and the increasing expansion of software scale, in order to save the cost of software and hardware and maintenance, (Software as a Service, SaaS) as a new software application model emerged as the times require. "single instance, multi-tenant" is a pattern of SaaS, in which the data of tenants in the same instance may be accessed illegally by other tenants. The access control technology is to control the subject to the object access, it can guarantee the authorized user to the resources effective access, therefore carries on the access control technology research to the Web application development is very valuable. This paper first studies the characteristics of CACML policy description language, and analyzes the differences between XACML2.0 and 3.0 versions. On the basis of the umu-xacml-editor-v1.3.2 editor which supports XACML2.0 version, the editor that meets the XACML3.0 specification is designed and implemented. Then, the access control model under the current multi-tenant environment is analyzed, and the data flow model of XACML is extended to make it suitable for the access control model in the multi-tenant environment. In the whole process of access control, the security of tenant policy must be guaranteed, and it is the core of tenant's normal access application. This paper designs and implements the module based on file filter driver to protect the policy file at the bottom of the operating system, and designs and implements the policy monitoring based on Java, and updates the module to manage the policy file. Finally, the extended ABAC model based on the CACML data flow is applied to the concrete multi-tenant system, and the system is analyzed and tested. It is verified that the model is suitable for the flexible multi-tenant environment.
【學(xué)位授予單位】：內(nèi)蒙古大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前9條

1 韓濤;郭荷清;高英;李冬;劉壯;;一個(gè)Web服務(wù)訪問控制模型[J];計(jì)算機(jī)科學(xué);2007年10期

2 趙亮,茅兵,謝立;訪問控制研究綜述[J];計(jì)算機(jī)工程;2004年02期

3 沈海波;;基于語義的訪問控制模型及其推理機(jī)制[J];計(jì)算機(jī)工程;2010年03期

4 馬曉普;李爭(zhēng)艷;魯劍鋒;;訪問控制策略描述語言與策略沖突研究[J];計(jì)算機(jī)工程與科學(xué);2012年10期

5 金詩劍;蔡鴻明;姜麗紅;;面向服務(wù)的多租戶訪問控制模型研究[J];計(jì)算機(jī)應(yīng)用研究;2013年07期

6 李曉峰;馮登國;陳朝武;房子河;;基于屬性的訪問控制模型[J];通信學(xué)報(bào);2008年04期

7 葛琨;郎波;;基于屬性訪問控制方法中的策略定義研究[J];微計(jì)算機(jī)信息;2008年33期

8 王曉賀;蔡國永;;基于描述邏輯的策略系統(tǒng)建模方法研究[J];計(jì)算機(jī)系統(tǒng)應(yīng)用;2007年09期

9 沈晴霓;楊雅輝;禹熹;張力哲;陳鐘;;一種面向多租戶云存儲(chǔ)平臺(tái)的訪問控制策略[J];小型微型計(jì)算機(jī)系統(tǒng);2011年11期

，

本文編號(hào)：2368623