Xi Ning, Liu Jin, Li Yajie, Qin Bojun
School of Cyber Engineering, Xidian University, Taibai Road No. 2, Xi'an, 710071, China.
ISA Trans. 2023 Oct;141:44-51. doi: 10.1016/j.isatra.2023.07.018. Epub 2023 Jul 20.
With the rapid advancement of cloud-native computing, the microservice with high concurrency and low coupling has ushered in an unprecedented period of vigorous development. However, due to the mutability and complexity of cooperation procedures, it is difficult to realize high-efficient security management on these microservices. Traditional centralized access control has the defects of relying on a centralized cloud manager and a single point of failure. Meanwhile, decentralized mechanisms are defective by inconsistent policies defined by different participants. This paper first proposes a blockchain-based distributed access control policies and scheme, especially for microservices cooperation with dynamic access policies. We store the authorized security policies on the blockchain to solve the inconsistent policy problem while enabling individual management of personalized access policies by the providers rather than a central authority. Then we propose a graph-based decision-making scheme to achieve an efficient access control for microservices cooperation. Through the evaluations and experiments, it shows that our solution can realize effective distributed access control at an affordable cost.
随着云原生计算的快速发展,具有高并发和低耦合特性的微服务迎来了前所未有的蓬勃发展时期。然而,由于协作过程的多变性和复杂性,很难在这些微服务上实现高效的安全管理。传统的集中式访问控制存在依赖集中式云管理器和单点故障的缺陷。同时,分散式机制存在不同参与者定义的策略不一致的缺陷。本文首先提出了一种基于区块链的分布式访问控制策略和方案,特别是针对具有动态访问策略的微服务协作。我们将授权的安全策略存储在区块链上,以解决策略不一致问题,同时允许提供者而非中央机构对个性化访问策略进行单独管理。然后我们提出了一种基于图的决策方案,以实现对微服务协作的高效访问控制。通过评估和实验表明,我们的解决方案能够以可承受的成本实现有效的分布式访问控制。
