With the increase of information resources, resources are uploaded to different cloud services in different domains. In order to facilitate cross-domain access, it is necessary to grant access authority to the subject before cross-domain access. Therefore, it has gradually become a necessary trend to apply pre-authorization access control mechanism in cross-domain. However, in this cloud service mode, pre-authorization for cross-domain access still has some problems, such as illegal access to resources, high cost of attribute mapping, easy disclosure of privacy, etc. The above problems bring a series of new requirements for cross-domain access control in cloud, such as fine-grained pre-authorization access control, privacy protection and reducing mapping cost. In order to meet these requirements, a pre-authorization usage control mechanism for attribute update in access execution (UCONpreA2) is proposed in this paper, and formally described. And then, the global attribute is divided into static attribute and dynamic attribute, and using local attributes for mapping. Our case analysis shows that the access control mechanism can meet the above series of requirements.
[1]
Eun-Jun Yoon,et al.
A user friendly authentication scheme with anonymity for wireless communications
,
2011,
Comput. Electr. Eng..
[2]
Jaehong Park,et al.
The UCONABC usage control model
,
2004,
TSEC.
[3]
Ravi S. Sandhu,et al.
Safety analysis of usage control authorization models
,
2006,
ASIACCS '06.
[4]
Liu Guang-qiang.
Identity-based anonymity authentication protocol in the heterogeneous wireless network
,
2011
.
[5]
LiangMin Wang,et al.
Composable-secure authentication protocol for mobile sensors roaming in the Internet of Things
,
2012
.
[6]
Liu Hong-yue,et al.
Identity-based roaming protocol with anonymity for heterogeneous wireless networks
,
2010
.