Attribute-Based Hierarchical Access Control With Hidden Policy Supporting Attribute Revocation In Cloud Computing

Cloud computing provides services to users with resource renting, service outsourcing, and application hosting, it has a high degree of scalability and reliability. In recent years, cloud computing has become a hot topic in the IT industry. More and more enterprises and institutions show strong interest on cloud computing, many human and material resources has been invested to study the cloud computing technology and develop cloud computing products. With the promotion of cloud computing products by cloud service providers, cloud computing has entered people’s lives widely. However, privacy disclosure of cloud computing products appears frequently in recent years, cloud security issues has become one of the most concerned issues. The main security problems include cloud computing administration, data security, user data privacy protection and cloud computing platform stability.First, this thesis introduces the development of the cloud computing, including the concept, architecture, features, security of the cloud computing technology. Then the thesis analyzes of the access control mechanisms in cloud computing, and points out the problems existed in the current cloud computing environment, then the thesis proposed two schemes of access control in the cloud computing environment. The first scheme is an attribute-based access control scheme with access policy hidden. This scheme also integrates the hierarchical authorization structure to reduce the burden and risk in the case of one single authority. In the second scheme, the technique of proxy re-encryption is integrated into CP-ABE scheme, an attribute-based access control scheme with attribute revocation is proposed. The scheme takes into account the problem of frequent changes of user’s attributes in the system. Then this thesis proves the security of two schemes and analyzes ciphertext length and computational complexity. The analysis demonstrates the advantages of these two schemes compared with the existing hidden access policy access control scheme and support attributes revocation of access control scheme and proves that the superiority of the proposed scheme.