Journal of Jilin University(Engineering and Technology Edition) ›› 2023, Vol. 53 ›› Issue (10): 2897-2908.doi: 10.13229/j.cnki.jdxbgxb.20211336

Previous Articles     Next Articles

Adaptive access control method for SaaS privacy protection

Da-juan FAN1,2(),Zhi-qiu HUANG2,Yan CAO2   

  1. 1.School of Computer Engineering,Nanjing Institute of Technology,Nanjing 211167,China
    2.College of Computer Science and Technology,Nanjing University of Aeronautics and Astronautics,Nanjing 210016,China
  • Received:2021-12-06 Online:2023-10-01 Published:2023-12-13

RICH HTML

 3   

PDF (PC)

184

Abstract:

Aiming at the problem that the existing access control methods do not consider the features of cloud computing privacy protection, lack dynamic privacy authorization mechanism, and thus can not protect privacy data adaptively in the running process, an access control model TBRBAC for SaaS layer privacy protection in cloud computing is proposed by extending RBAC model with the trust degree and privacy use behavior. On this basis, a trust degree evaluation and dynamic update mechanism for SaaS services is proposed. Then, the architecture of adaptive privacy access control system based on TBRBAC model, its execution process and authorization analysis algorithm are given. The rationality of the adaptive access control process is also discussed. Finally, the feasibility and effectiveness of this method are illustrated by example analysis and experimental verification. This method can achieve dynamic privacy authorization and fine-grained privacy access control at run-time, and enhance the security protection of private data in cloud computing environment.

Key words: computer software, cloud computing, SaaS service, access control, privacy protection, adaptive

CLC Number: 

  • TP311

Fig.1

Trust and behavior based RBAC model"

Fig.2

An example for purpose tree"

Fig.3

Architecture of adaptive privacy access control system"

Fig.4

SaaS service interaction scenario in online shopexample"

Table 1

Privacy access control requirement table of user Jack"

隐私数据信任度期望目的期望保留时长
name,phone_number≥0.6{Purchase,Contract}2 weeks
name,credit_card_number≥0.8{Pay}1 hour
postal_address,E-mail≥0.3{Delivery,T-Email}permanent-retention

Table 2

Privacy data request table of SaaS services"

SaaS服务请求者隐私数据敏感度请求目的请求保留时长
Order Servicename,phone_number0.4{Purchase}1 day
Pay Servicename,credit_card_number0.5{Credit-Card-Pay}no-retention
Delivery Servicepostal_address,E-mail0.2{Delivery,Marketing}1 month

Fig.5

Influence of harm degree of privacy disclosureon trust degree"

Fig.6

Influence of decay rate on trust degree"

Table 3

Relationship between roles and permissions inauthorization dynamics verification"

角色信任度隐私权限数量隐私数据
r1≥0.32pd1,pd2
r2≥0.52pd3,pd4
r3≥0.73pd5,pd6,pd7
r4≥0.21pd8

Fig.7

Changes in number of privacy rights at differenttimes"

Fig.8

Time consumption comparison"

Fig.9

Memory usage comparison"

Table 4

Comparison of related work"

方法采用技术是否支持信任度/敏感度是否支持目的是否支持保留时长是否支持自适应
文献[1417可满足性检测××××
文献[15可满足性检测×××
文献[16可满足性检测×
文献[89访问控制×××
文献[18访问控制×××
文献[19,20]访问控制×××
本文访问控制
1 Stephanie V, Chamikara M, Khalil I, et al. Privacy-preserving location data stream clustering on mobile edge computing and cloud[J]. Information Systems, 2021, 10(2): 17-28.
2 Iyengar R, Zoom Fung B., the video conferencing app everyone is using, faces questions over privacy[EB/OL]. [2020-04-01]. .
3 Sun P. Research on adaptive relationship between trust and privacy in cloud service[J]. IEEE Access, 2021, 9: 43214-43227.
4 彭焕峰, 黄志球, 范大娟, 等. 面向服务组合的用户隐私需求规约与验证方法[J]. 软件学报, 2016, 27(8): 1948-1963.
Peng Huan-feng, Huang Zhi-qiu, Fan Da-juan, et al. Specification and verification of user privacy requirements for web service composition[J]. Journal of Software, 2016, 27(8): 1948-1963.
5 Ding W, Hu R, Yan Z, et al. An extended framework of privacy-preserving computation with flexible access control[J]. IEEE Transactions on Network and Service Management, 2020, 17(2): 918-930.
6 Qun N, Bertino I E, Lobo J, et al. Privacy-aware role-based access control[J]. ACM Transactions on Information & System Security, 2010, 13(3): 1-31.
7 Wang H, Sun L L, Bertino E. Building access control policy model for privacy preserving and testing policy conflicting problems[J]. Journal of Computer & System Sciences, 2014, 80(8): 1493-1503.
8 Omoronyia I. Privacy engineering in dynamic settings[C]∥Proc of IEEE/ACM International Conference on Software Engineering Companion, Washington, USA, 2017: 297-299.
9 Sun P. Research on cloud computing service based on trust access control[J]. International Journal of Engineering Business Management, 2020, 12: 1-13.
10 余波, 台宪青, 马治杰. 云计算环境下基于属性和信任的RBAC模型研究[J]. 计算机工程与应用, 2020, 56(9): 84-92.
Yu Bo, Tai Xian-qing, Ma Zhi-jie. Study on attribute and trust-based RBAC model in cloud computing[J]. Computer Engineering and Applications, 2020, 56(9): 84-92.
11 Kolter J, Netter M, Pernul G. Visualizing past personal data disclosures[C]∥Proceedings of IEEE International Conference on Availability, Reliability, and Security, Krakow, Poland, 2010: 131-139.
12 Jiang J X, Huang Z Q, Ma W W, et al. Using information flow analysis to detect implicit information leaks for web service composition[J]. Frontiers of Information Technology & Electronic Engineering, 2018, 19(4): 494-502.
13 Pitsiladis G V, Stefaneas P. Implementation of privacy calculus and its type checking in Maude[C]∥Proc of the 8th International Symposium on Leveraging Applications of Formal Methods, Verification and Validation, Limassol, Cyprus, 2018: 477-493.
14 Costante E, Paci F, Zannone N. Privacy-aware web service composition and ranking[C]∥Proc of the 20th IEEE International Conference on Web Services, Salt Lake City, USA, 2013: 131-138.
15 Ke C B, Xiao F, Huang Z Q . et al. Ontology-based privacy data chain disclosure discovery method for big data[J]. IEEE Transactions on Services Computing,2022,15(1): 59-68.
16 Accorsi R, Lehmann A, Lohmann N. Information leak detection in business process models[J]. Theory, Application, and Tool Support: Information Systems, 2015, 47: 244-257.
17 Ding H F, Peng C G, Tian Y L, et al. Privacy risk adaptive access control model via evolutionary game[J]. Journal on Communications, 2019, 40(12): 9-20.
18 Amardeep K, Amandeep V. An abstract model for adaptive access control in cloud computing[C]∥Proc of International Conference on Recent Advancement on Computer and Communication, Andhra Pradesh, India, 2018: 269-277.
[1] Liu ZHANG,Qing-ming ZENG,Huan-yu ZHAO,Guo-wei FAN. Distributed adaptive vibration suppression control method of large solar panels for satellites based on Lyapunov theory [J]. Journal of Jilin University(Engineering and Technology Edition), 2023, 53(9): 2676-2685.
[2] Ya-jing YU,Jian GUO,Rong-hao WANG,Wei QIN,Ming-wu SONG,Zheng-rong XIANG. Time⁃varying formation control of multiquadrotor unmanned aerial vehicles based on state observer [J]. Journal of Jilin University(Engineering and Technology Edition), 2023, 53(3): 871-882.
[3] Min FAN,Shi-jun SONG. Intelligent recognition model of image features based on multi⁃source big data analysis [J]. Journal of Jilin University(Engineering and Technology Edition), 2023, 53(2): 555-561.
[4] Jian WU,Bin XU. Displacement interval prediction model and simulation of accumulation landslide based on ceemdan theory [J]. Journal of Jilin University(Engineering and Technology Edition), 2023, 53(2): 562-568.
[5] Min MA,Da-wei HU,Lan SHU,Zhuang-lin MA. Resilience assessment and recovery strategy on urban rail transit network [J]. Journal of Jilin University(Engineering and Technology Edition), 2023, 53(2): 396-404.
[6] Li-li BAI,Feng-guo JIANG,Yu-ming ZHOU,Xiao ZENG. Optimized design of structure reliability based on improved whale algorithm [J]. Journal of Jilin University(Engineering and Technology Edition), 2023, 53(11): 3160-3165.
[7] Di WU,Ming HE. Video SAR moving target detection method based on machine vision [J]. Journal of Jilin University(Engineering and Technology Edition), 2023, 53(11): 3214-3220.
[8] Yong-gang CHEN,Ji-ye XU,Hai-yong WANG,Wen-xiang XIONG. Fault diagnosis method of point machine based on adaptive neural fuzzy inference network system [J]. Journal of Jilin University(Engineering and Technology Edition), 2023, 53(11): 3274-3280.
[9] Rui-shan DU,Yu-xin CHEN,Ling-dong MENG. Trusted cloud computing platform poly source big data time sequence scheduling algorithm [J]. Journal of Jilin University(Engineering and Technology Edition), 2023, 53(11): 3194-3200.
[10] Li-yan DONG,Wei-ye LIANG,Yue-qun WANG,Yong-li LI. Global potential information combined graph neural networks for session-based recommendation [J]. Journal of Jilin University(Engineering and Technology Edition), 2023, 53(10): 2964-2972.
[11] Yan-yan QIN,Xiao-qing YANG,Hao WANG. Impacts of CO2 emissions and improving method for connected and automated mixed traffic flow [J]. Journal of Jilin University(Engineering and Technology Edition), 2023, 53(1): 150-158.
[12] Yong-ming LI,Xiao-xuan PEI,Shu-dong YI. Adaptive neural network optimal control of hybrid electric vehicle power battery [J]. Journal of Jilin University(Engineering and Technology Edition), 2022, 52(9): 2063-2068.
[13] Chong ZHANG,Yun-feng HU,Xun GONG,Yao SUN. Design of model⁃free adaptive sliding mode controller for cathode flow of fuel cell [J]. Journal of Jilin University(Engineering and Technology Edition), 2022, 52(9): 2085-2095.
[14] Yan LIU,Tian-wei DING,Yu-peng WANG,Jing DU,Hong-hui ZHAO. Thermal management strategy of fuel cell engine based on adaptive control strategy [J]. Journal of Jilin University(Engineering and Technology Edition), 2022, 52(9): 2168-2174.
[15] Guang-ming NIE,Bo XIE,Yan-tao TIAN. Design of cooperative adaptive cruise control algorithm based on Frenet framework [J]. Journal of Jilin University(Engineering and Technology Edition), 2022, 52(7): 1687-1695.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
Copyright © Journal of Jilin University(Engineering and Technology Edition), All Rights Reserved.
Tel: +86-431-85095297 Fax: +86-431-85094074 E-mail: xbgxb@jlu.edu.cn
Powered by Beijing Magtech Co. Ltd