| With the rapid economic developmentofthe information age and the amount of enterprise data growing fast by PB level, the limitation in data storage of the traditional storage mode isbecoming more and more prominent. This situation makes more and more research institute and enterprise realize that there must be a new storage mode to change the status quo of the current storage mechanism. In this case, cloud storage arises. The advent of the cloud storage meets the demand of the enterprise for large amount of data storage and accessing the data anytime and anywhere.But with the emergence of a variety of security issues during the using process, many enterprises are unwilling to try to use the cloud storage, which hinders the rapid development of cloud storage.Therefore, how to ensure the safety of cloud storage has become one of the key problems are discussed.As one of the most important link in the information security protection system, access control technology is particularly important to do well in the cloud storage access control. But because of many characteristics of cloud storage which is different from the traditional storage mode, such as high degree of openness, isomerism,etc, the traditional access control technology is not well to meet the security needs of cloud storage. In the meantime, we find that there are few access control schemes for the enterprise data which is stored in the cloud storage. On account of this, according to the characteristics of cloud storage, on the basis of fully consideringcloud storage requirements of enterprises and combined with the characteristics of the enterprise organization structure characteristics, this paper proposes a flexible and safe access control model-E-ABAC(Attribute-Based Access Control for Enterprise)for enterprise cloud storage,and then also analyze the security mechanisms of cloud storage system which is based on Hadoop. At last, E-ABAC is applied to it and the model is analyzed by experiments. The research subject of this paper is access control technology for the security requirements of enterprise cloud storage. The specificworks about the research in the paper can be summarized as follows:1. First, this paper studies the characteristics of cloud storage, the security problems, thedomestic and foreign access control technology for enterprise cloud storage, and analyzes the security requirements of enterprise cloud storage.On the basis, We find that there is lessresearch on access control for enterprise cloud storage.In addition, this paper studies the security mechanism of the typical open source cloud storage system-the cloud storage based on Hadoop and discovers that the access control mechanism of the platform doesn’t meet the security needs of the enterprise cloud storage.2. Based on the analysis above, this paper proposes an access control model –E-ABAC, which aims at the security in enterprise cloud storage. In the model, the enterprise subjects who enter to the cloud storage system are defined the organizational structure attribute. The attribute label can make the storage of subjects and objects more structural. It is also to determine whether the user is granted corresponding access right by strict attribute matching algorithm. For information share requirement in the enterprise and between enterprises, this paper designs a controlled share access control policy, which can achieve information share just by modifying the object attribute label.3. Finally, this paper applies the access control model to the security mechanism of the cloud storage system which is based on Hadoop. By modifying the source code of Hadoop-1.2.1, this paper implements the simplified E-ABAC model and uses the improved versionto deploy environment. At last, we design experiment scene and achieve function test and performance test for the model. |
PDF Full Text Request