[1]刘青芳,郭银章,胡鹰.基于SAMBA和CP-ABE的异构系统访问控制方法[J].计算机技术与发展,2024,34(11):80-86.[doi:10.20165/j.cnki.ISSN1673-629X.2024.0243]
 LIU Qing-fang,GUO Yin-zhang,HU Ying.Access Control Method for Heterogeneous Systems Based on SAMBA and CP-ABE[J].,2024,34(11):80-86.[doi:10.20165/j.cnki.ISSN1673-629X.2024.0243]
点击复制

基于SAMBA和CP-ABE的异构系统访问控制方法()

《计算机技术与发展》[ISSN:1006-6977/CN:61-1281/TN]

卷:
34
期数:
2024年11期
页码:
80-86
栏目:
软件技术与工程
出版日期:
2024-11-10

文章信息/Info

Title:
Access Control Method for Heterogeneous Systems Based on SAMBA and CP-ABE
文章编号:
1673-629X(2024)11-0080-07
作者:
刘青芳郭银章胡鹰
太原科技大学 群智计算与云计算实验室,山西 太原 034000
Author(s):
LIU Qing-fangGUO Yin-zhangHU Ying
Group Computing and Cloud Computing Laboratory,Taiyuan University of Science and Technology,Taiyuan 034000,China
关键词:
AD单点登陆异构系统SAMBACP-ABE混合云环境
Keywords:
AD single sign-onheterogeneous systemSAMBACP-ABEhybrid cloud
分类号:
TP309
DOI:
10.20165/j.cnki.ISSN1673-629X.2024.0243
摘要:
针对企业私有云计算环境下原有的 Windows 操作系统所采用的 AD 单点登录不能直接访问云服务器的问题,提出一种基于 SAMBA 协议的异构系统 CP-ABE 加密访问控制方法。 现有的异构系统单点登录依赖外部服务器完成身份认证,存在安全隐患且响应速度受网络环境影响,通过在 Linux 服务器上配置 SAMBA 本地服务器作为中介,利用 Winbind 组件和 Kerberos 组件实现 AD 账户到 SAMBA 服务器的映射和身份认证,避免了依赖第三方认证服务器存在的安全风险以及信息交互期间存在的网络性能隐患,同时 iSCSI 组件将云存储系统与 SAMBA 服务器相连,Quota 工具对不同用户和组设置磁盘配额,实现了对云存储空间的合理利用。 最后,采用 CP-ABE 技术进行访问控制和文件加密确保数据的安全传输和隐私保护,最终实现 AD 账户单点登录云存储系统。 实验表明,该方法在企业私有云环境下能够有效解决异构系统的加密访问控制问题,为混合云环境下的访问控制提供了一种有效的解决方案,为企业数据安全和管理提供了有力支持。
Abstract:
The issue of the original Active Directory (AD) single sign-on used in the enterprise private cloud computing environment not being able to directly access cloud servers is addressed by proposing a cloud storage heterogeneous system CP-ABE encryption access control method based on the SAMBA protocol. Existing cross-platform single sign-on relies on external servers to complete identity au-thentication,which introduces security risks and is influenced by network environments in terms of response speed. By configuring the SAMBA local server as an intermediary on a Linux server, mapping AD accounts to the SAMBA server, and completing identity authentication using Winbind and Kerberos components, reliance on third - party authentication servers ’ security risks and network performance issues during information exchange are avoided. Additionally,the iSCSI component connects the cloud storage system with the SAMBA server,and disk quotas for different users and groups are set using the Quota tool,ensuring the rational utilization of cloud storage space. Finally,CP-ABE technology is employed for access control and file encryption to ensure secure data transmission and privacy protection,ultimately achieving AD account single sign - on to the cloud storage system. Experiments demonstrate that the proposed method effectively resolves the cross - platform encrypted access control problem in enterprise private cloud environments,providing an effective solution for access control in hybrid cloud environments and strong support for enterprise data security and manage-ment.

相似文献/References:

[1]何为 侯锋 徐东平.基于本体的数据交换系统研究[J].计算机技术与发展,2008,(06):47.
 HE Wei,HOU Feng,XU Dong-ping.Research on Ontology- Based Data Exchange System[J].,2008,(11):47.
[2]江湧 于建武 刘镇 李征.电子政务系统中数据交换平台设计[J].计算机技术与发展,2008,(07):218.
 JIANG Yong,YU Jian-wu,LIU Zhen,et al.Design of Data Exchange Platform in E - Government[J].,2008,(11):218.
[3]唐山峰 王淑营.面向电子政务的异构数据交换解决方案[J].计算机技术与发展,2011,(04):13.
 TANG Shan-feng,WANG Shu-ying.Solution to Heterogeneous Data Exchange for E-Government[J].,2011,(11):13.
[4]刘品阳.一种多处理器异构系统设计与实现[J].计算机技术与发展,2011,(05):179.
 LIU Pin-yang.Design and Implementation of a Heterogeneous Multi-Processor System[J].,2011,(11):179.
[5]李君,殷小龙,万明祥. 异构云中综合时间能耗成本的任务调度算法[J].计算机技术与发展,2014,24(08):121.
 LI Jun,YIN Xiao-long,WAN Ming-xiang. Task Scheduling Algorithm Based on Time and Energy Consumption Cost in Heterogeneous Cloud[J].,2014,24(11):121.
[6]张娓娓,郭军.异构可重构计算系统的 Petri 网模型[J].计算机技术与发展,2018,28(09):112.[doi:10.3969/j.issn.1673-629X.2018.09.023]
 ZHANG Weiwei,GUO Jun.A Petri Net Model for Heterogeneous Reconfigurable Computing Systems[J].,2018,28(11):112.[doi:10.3969/j.issn.1673-629X.2018.09.023]
[7]张 庆,冯 晨,余江涛,等.IMS 网络中最优负载均衡的服务触发算法研究[J].计算机技术与发展,2019,29(10):191.[doi:10. 3969 / j. issn. 1673-629X. 2019. 10. 037]
 ZHANG Qing,FENG Chen,YU Jiang-tao,et al.Research on Service Triggering Algorithm for Optimal Load Balancing in IMS Network[J].,2019,29(11):191.[doi:10. 3969 / j. issn. 1673-629X. 2019. 10. 037]

更新日期/Last Update: 2024-11-10