[Cloud Computing]Mechanisms: Attribute-Based Access Control System

最新推荐文章于 2024-02-04 21:39:32 发布
最新推荐文章于 2024-02-04 21:39:32 发布
阅读量793 收藏
点赞数
分类专栏: Cloud Computing 文章标签: 云计算 云计算机制

Attribute-Based Access Control System


Attribute-based access control (ABAC) is an access control method where consumer requests to access or perform operations on resources are granted or denied based on attributes of the consumer, attributes of the resource, environment conditions, and a set of policies that are specified in terms of those attributes and conditions. ABAC determines access or operations on resources by matching the current value of consumer attributes, resource attributes, and environment conditions with the requirements specified in the access control rules.

The ABAC mechanism is made up of a policy decision point that evaluates authorization of the consumer and a policy enforcement point that considers the decision point decision and executes the actual access if approved.

  • Attributes are characteristics of the consumer, resource, or environment conditions.
  • The consumer is a person or non-person entity (NPE), such as a service or device that requests resources or to perform operations on resources.
  • A resource is a system resource for which access is managed by the ABAC system, including devices, files, records, tables, processes, programs, networks, or domains containing or receiving information. It can be anything on which an operation may be performed by a consumer, including data, applications, services, devices, and networks.
  • Policy is the representation of rules and relationships for determining if a requested access should be allowed, given the values of the attributes of the consumer, provider, and environmental conditions.
  • Environmental conditions are the operational or situational context in which access requests occur. They are independent of the consumer and resource, and as an example can be the current time, day of the week, location of a consumer, or the current threat level.

Figure 1 - An example of a basic ABAC architecture.

The following steps are involved in ABAC, as shown in Figure 1:

  1. The consumer requests access to the resource. The consumer must prove possession of an authentication token, which is not shown. Refer to the Cloud Resource Access Control pattern.
  2. The ABAC mechanism evaluates (a) rules, (b) access policy, (c) consumer and resource attributes, and (d) environmental conditions, and renders an access decision.
  3. If authorized, the consumer is given access to the resource by the policy enforcement point.

In its most complete form, ABAC relies on the evaluation of attributes of the consumer, attributes of the resource, environment conditions, and the formal relationship, access control rule or policy defining the allowable operations for subject-object attribute combinations. Lesser combinations of the components of the architecture can be used as required. When policy is used, this architecture can also be referred to as policy-based access control.

Related Patterns:

  • Cloud Resource Access Control
破小孩儿
关注
专栏目录
论文笔记:A Novel Attribute-Based Access Control Scheme Using Blockchain for IoT
qq_35771020的博客
11-11 971
一、基本信息 论文题目:《A Novel Attribute-Based Access Control Scheme Using Blockchain for IoT》 发表时间:IEEE Access 2019 论文作者及单位: 二、摘要 随着智能设备数量的急剧增加,物联网近年来得到了越来越多的关注和快速发展。它有效地将物理世界与因特网结合在现有的网络基础设施上,以便于在智能...
基于属性的访问控制模型ABAC
mlynb的博客
06-23 2904
针对传统访问控制模型难以解决的动态、细粒度访问控制问题,研究人员提出了基于属性的访问控制模型(attribute-based access control,简称ABAC).ABAC 模型基于实体属性而不是用户身份来判决允许或拒绝用户对 资源的访问控制请求.ABAC 模型的核心要素包括主体、资源、操作以及环境约束,这些要素统一使用属性和属性值来进行表示,属性间的关系可以根据访问控制需求进行灵活的设置,提高了访问控制策略语义的表达能力和模型的灵活性,并且能够将其他访问控制模型中权限、安全标签、角色等概念用属性来
基于属性的访问控制模型及其展望Attribute-Based Access Control Models and Beyond
01-29
基于属性的访问控制模型及其展望Attribute-Based Access Control Models and Beyond 云计算
ABAC - 基于属性的访问控制 - 复杂场景下访问控制解决之道
Yuchen 的博客
09-12 2万+
引言 引言 在一个典型的软件开发场景中,你作为一名开发人员加入到某个项目后,假设是“超人组”,你往往需要访问这个项目的代码库然后才能开始工作。当你的 Team Lead 将你加入 Git Organization 后,你自然可以访问到“超人组”的代码仓库,然后就可以愉快的进行开发工作了。但是,当你的任务完成后,可能你需要参与另一个项目,你自然就没有权利去访问“超人组”的代码库,所以你的 TL 会将...
Fabric的权限管理:Attribute-Based Access Control
baihe9649的博客
05-31 704
之前稍微了解过Client Identity Chaincode Library,这几天正好开始实际应用。 虽然了解过,还是发现了不少之前理解的不足,也踩了不少坑。 先列出官方介绍: https://github.com/hyperledger/fabric/blob/release-1.1/core/chaincode/lib/cid/README.md 1,首先要给注册的us...
A002-185-1203
GONGZIXUY的博客
01-04 3388
目录 一、查词文档 3 1、第一次查词 3 1.1需求基线(Requirements baseline) 3 1.2 概念聚类(Conceptual clustering) 7 1.3图形元素(Graphic elements) 10 1.4状态机(State machine) 13 1.5章节回顾(Chapter Review) 15 1.6对象流(Object Flow) 31 1.7需求工程师(Requirements Engineer) 33 1.8实体关系模型(Entity-relationshi
HCI-人机交互
aazqy1234的博客
11-13 4657
what is it about? Humans Machines Interface About the system development Interface:present instructions to human and translate instruction from human to machine Interaction offer mode of operation a...
AR law : Privacy
weixin_42786150的博客
02-17 4538
ar law privacy
乔布斯传中的英文词频统计
热门推荐
yujiaao的专栏
09-30 3万+
0: 1 0.9: 1 0006939: 1 03.html: 1 1: 49 1,000: 9 1,200: 1 1,299: 1 1,300: 1 1,500: 3 1,995: 3 1-866-248-3049: 1 1.0: 4 1.04: 1 1.2: 3 1.3: 2 1.5: 1 1.7: 2 1.79: 1 1.8-inch: 3 10: 6...
RAC: Frequently Asked Questions [ID 220970.1]
11-22 1186
RAC: Frequently Asked Questions [ID 220970.1]Applies to: Oracle Server - Enterprise Edition - Version 9....
论文研究-Cooperative Attribute-Based Access Control.pdf
08-15
支持协作的基于属性访问控制,李梦婷,黄欣沂,本文介绍了一种为企业计算系统设计的 支持协作的基于属性访问控制机制。该系统中用户被划分为不同的群体,且都关联着不同的属性。�
Python面向对象之类的内置attr属性示例
09-19
主要介绍了Python面向对象之类的内置attr属性,结合实例形式分析了Python面向对象中类的属性相关定义、赋值、修改等操作技巧与注意事项,需要的朋友可以参考下
权限系统设计详解(三):ABAC 基于属性的访问控制
最新发布
路多辛的所思所想
02-04 4090
ABAC(Attribute-Based Access Control,基于属性的访问控制)是一种灵活的访问控制机制,可以根据多个属性来控制用户对资源的访问。这些属性可以是用户属性(如职位、年龄、部门)、资源属性(如文档分类、创建日期)、环境属性(如访问时间、网络位置)和行为属性(如读取、写入、执行)等。ABAC 通过定义一系列的访问策略,这些策略基于属性进行评估,以决定是否允许用户执行特定的操作。ABAC 提供了比传统的访问控制模型(如基于角色的访问控制 RBAC)更高的灵活性和更细的粒度。
[Cloud Computing]Mechanisms: Attribute Authority
zjysource的专栏
07-01 362
Attribute Authority The attribute authority, also known as an attribute store, is a directory or database in which systems can create, read, update and delete (CRUD) consumer attributes. It is a
权限设计,设计模型分析(DAC,MAC,RBAC,ABAC) 之 RBAC
qq_40861800的博客
07-09 3616
权限设计,设计模型分析(DAC,MAC,RBAC,ABAC) 之 RBAC:角色的权限控制
【权限控制】ACL、RBAC、ABAC三大权限管理模型,到底怎么选?
余浩的博客
07-03 3630
系统规模:对于小型系统,ACL 可能是足够简单的解决方案。而对于大型系统,RBAC 或 ABAC 可能更适合。复杂性:RBAC 和 ABAC 提供了更高级别的权限管理功能,但也带来了更多的复杂性。根据系统需求和管理员的技能来评估是否需要更复杂的模型。灵活性:如果需要灵活性和动态的权限管理,ABAC 是更好的选择。RBAC 提供了一种适度的灵活性,而 ACL 则较为静态。
第14章 控制和监控访问
HeLLo_a119的博客
12-02 777
控制和监控访问
ABAC权限模型的设计
Passerby_one的博客
11-03 8565
ABAC(Attribute Base Access Control) 基于属性的权限控制 ​ 不同于常见的将用户通过某些方式关联到权限的方式,ABAC则是通过动态计算一个或一组属性来 ​ 判断是否满足某种条件来进行授权判断(可以编写简单的逻辑)。 属性通常来说分为四类: ​ 用户属性(如用户年龄 用户地址) ​ 环境属性(比如当前时间) ​ 操作属性(增、删、改、查) ​ 对象属性(比如一篇文章,又称资源属性) 例如: ​ 规则:“允许所有班主任在上课时间可以自由出入校门”这条规则,其中,“班主任”是用户
OPA 实现 ABAC 权限模型
qq798280904的博客
03-28 1629
基于角色的访问控制(Role-based access control,简称 RBAC),指的是通过用户的角色(Role)赋予其相关权限,这实现了细粒度的访问控制,并提供了一个相比直接授予单个用户权限,更简单、可控的管理方式。当使用 RBAC 时,通过分析系统用户的实际情况,基于共同的职责和需求,将他们分配给不同的角色。
Java for High-Performance Computing: MPI-Based Solutions and Integration
"Java for High Performance Computing (HPC) 是一门专门针对高性能计算领域而设计的Java技术课程。该课程主要探讨如何利用Java语言与高性能计算平台上的Message Passing Interface (MPI)标准进行集成,以提升在...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值