Font Size: a A A

Research On Access Control Technologies In Cloud Computing Environment

Posted on:2015-07-24Degree:DoctorType:Dissertation
Country:ChinaCandidate:M SuFull Text:PDF
GTID:1108330464468884Subject:Cryptography
Abstract/Summary:PDF Full Text Request
The cloud computing makes the issue of ―resource sharing‖ to become the topic of network development in the new era. Data communication goes beyond the limitation of time and location by hosting in cloud, which presents the characteristics of multi-level in management, objective in description, randomize in storage and dynamitic in security policy. The research on access control in cloud needs to face with the complicated and capricious network environment and solves the problems of random user accessing, changeable permission description, combination of access control and data creation, and dynamical adjustment of security policy, thereby the secure management requirement for trust, reliability and controllability of data will be satisfied.To solve the security problems of access control in cloud, we make the comprehensive analysis of the application scenarios on multi-level and multi-factor management, fine-grained description, creation, migratory and lifecycle control of data and explore the key technologies of access control in cloud by integrating the theories of action based access control, multi-level security and proxy re-encryption. the main contributions of this thesis are as follows:(1) An action-based multi-level access control model is proposed by discussing the combination of multi-factor access control and multi-level security. The model integrates the BLP and ABAC together by extending the subject’s security level to action. The definitions of reading level and writing level are given. The descriptions of security rules and implementing scheme of model are proposed. The model is able to solve the problem that the current models and mechanisms are inadequate in the considerations of time and environment by appending the multi-level security properties to multi-factor access control, which will provide the theoretic and practical supports for controlling and managing requirements of information system with diversity of usage patterns in cloud computing and mobile computing. This model is the basic for the further research and the starting point of the research on access control in cloud.(2) To implement the multi-level security management and fine-grained description of the object in action-based multi-level access control, the multi-factor and fine-grained mechanism for permission description has been researched. To satisfy the requirement for multi-level management of structured document, a novel structured document representation model is proposed. For the demand of objective permission description of structureddocument, an action-based fine-grained access control mechanism for structured documents and its protocols are given. The definitions by Z notation of functions are also presented. Finally, the security analysis of the above-mentioned mechanisms and the implementation scheme will be given. The structured document, which is the main representation and carrier of information, has played an important role in the research on cloud security. The discussion of multi-level security and fine-grained description for structured document is an indispensable part of research on access control in cloud.(3) Based on the model and mechanism above, we will discuss the corresponding technologies and schemes of data creation and management in cloud. A user-centric data secure creation scheme(UCDSC) is proposed, which is consisted of the system model, algorithm and protocols. Furthermore, to encrypt the data in UCDSC, an algorithm based on access control conditions proxy re-encryption(ACC-PRE) is presented, which is proved to be master secret secure and CCA(chosen-ciphertext attack) secure in the random oracle model. The secure and trusted application protocols are given based on the mature cryptography technologies. The analysis of security and performance of algorithm and protocols are made. Finally, the implementation of UCDSC on document creation is given. The data security creation scheme is based on the fine-grained and multi-level representation model, which will be the data basic of multi-level management and control for information in cloud.(4) For the characteristics of lifecycle data management in cloud, by integrating the model and schemes above, a resource-centric dynamic adaptive access control model(RCDA), which is extended from the action-based access control model(ABAC). It is able to be customized dynamically. The mechanism for the RCDA model based on the object’s different stages within the whole lifecycle is presented, which is able to be configured dynamically for different access control policies. The mechanism in this part integrated the multi-factor access control model, the multi-level security model and the fine-grained description mechanism together. It is an important extermination of lifecycle management in cloud and establishes the foundation for the research on security technologies in cloud.
Keywords/Search Tags:Cloud Computing, Action-Based Multi-Level Security Access Control, Fine-Grained Permission Description, Data Secure Creation, Dynamic Adaptive Access Control
PDF Full Text Request
Related items