摘要： 数据安全问题是云计算推广的一大阻碍，主要来源于数据共享带来的安全问题和云服务提供商的超级特权导致的潜在危险。为此，分析云计算中数据存储和用户群体的特点，提出一种基于任务角色的云计算访问控制模型，对不同访问主体采取不同访问控制策略，以提供分级的安全特性，使云服务提供商不再享有超级特权。分析结果表明，该访问控制模型使得云端数据访问安全无须依赖于服务器的绝对可信，为云计算提供了更为可靠的安全特性。

关键词: 云计算, 数据共享, 访问控制, 数据安全, 基于任务-角色的访问控制模型, 访问控制策略

Abstract: Data security is a big block for the promotion of cloud computing, which is mainly derived from data sharing and privileges of vendors. This paper analyzes features of data storage and user groups in cloud computing, proposes a kind of cloud computing access control based on Task-role-based Access Control(T-RBAC) model, which provides different access control policy for different object to achieve hierarchical safety. And vendors enjoy no privileges in this mode. Analysis indicates that this cloud computing access control model provides more reliable security feature which can no longer rely on credibility of server.

Key words: cloud computing, data sharing, access control, data security, Task-role-based Access Control(T-RBAC) model, access control policy

中图分类号: 

• TP391