Pre-authorization Usage Control Mechanism for Cross-Domain in Cloud

With the increase of information resources, resources are uploaded to different cloud services in different domains. In order to facilitate cross-domain access, it is necessary to grant access authority to the subject before cross-domain access. Therefore, it has gradually become a necessary trend to apply pre-authorization access control mechanism in cross-domain. However, in this cloud service mode, pre-authorization for cross-domain access still has some problems, such as illegal access to resources, high cost of attribute mapping, easy disclosure of privacy, etc. The above problems bring a series of new requirements for cross-domain access control in cloud, such as fine-grained pre-authorization access control, privacy protection and reducing mapping cost. In order to meet these requirements, a pre-authorization usage control mechanism for attribute update in access execution (UCONpreA2) is proposed in this paper, and formally described. And then, the global attribute is divided into static attribute and dynamic attribute, and using local attributes for mapping. Our case analysis shows that the access control mechanism can meet the above series of requirements.