CAJ | 학술논문

针对电力信息云存储管理应用的安全需求，以降低传统访问控制方案在访问规则上的系统开销为目标，提出一种基于实体属性和安全标记相结合的云存储访问控制增强策略。采用面向实体属性管理权限方法优化访问控制，降低权限管理开销，避免访问权限与用户、存储进程、平台客体间的直接联系；通过多级安全标记，进行权限分配、确保策略在实施后维护上的灵活性。并以某电网企业的电力信息云存储管理系统为例，详细阐述该策略的具体配置过程。经过性能分析表明，所设计访问控制策略在可维护性、存储开销、安全性能等方面表现良好，具有应用可行性。
침대전력신식운존저관리응용적안전수구，이강저전통방문공제방안재방문규칙상적계통개소위목표，제출일충기우실체속성화안전표기상결합적운존저방문공제증강책략。채용면향실체속성관리권한방법우화방문공제，강저권한관리개소，피면방문권한여용호、존저진정、평태객체간적직접련계；통과다급안전표기，진행권한분배、학보책략재실시후유호상적령활성。병이모전망기업적전력신식운존저관리계통위례，상세천술해책략적구체배치과정。경과성능분석표명，소설계방문공제책략재가유호성、존저개소、안전성능등방면표현량호，구유응용가행성。
For the security need of cloud storage applications in power information management,we propose an enhancement strategy of cloud storage access control,which is based on the combination of entity attributes and security tag,and is targeted at reducing the system overhead of conventional access control schemes in regard to access rules. The strategy utilises entity attributes-oriented privileges management method to optimise the access control,reduces privileges management overhead,and prevents the direct contacts between the access privileges and the user,storage process and platform object.Moreover,it also uses multi-level security tag to carry out privileges allocation and to ensure the flexibility of the strategy in maintenance when implemented.A power information cloud storage management system at a certain power grid enterprises is taken for example to elaborate the specific configuration process of the strategy.It is illustrated by the performance analysis that the access control strategy designed in the paper has good performance in maintainability,storage overhead, security and other aspects,and has application feasibility.