| As an emerging computing paradigm, a cloud computing abstract networked resources and integrates them through virtualization technology, which builds a huge virtual resource pool to manage resource. According to a dependable service model, resource is available and apparent for users over Internet, without the knowledge of details and management. Since the challenge and value are in economy, many IT enterprises are focusing on it. And governments and armies have also put forward some preliminary practices in the cloud computing fields.Although the cloud computing upgrades the efficiency, its security problem should not be neglected, which is the key issue hinder the development of cloud computing. Recently some cloud computing providers, like Microsoft,Google and so on, have meet security incidents. In 2009 the Gartner's report shows that 70% of the interviewed CTO express their concerns on the cloud computing security that is the main problem for the applications of cloud computing. At the same time, the integration of different services is the direction of the development for cloud computing. When two or more clouds (private or public) compose a larger cloud, which is called hybrid cloud, many new security challenges are booming up just like multi-level security and cross-domain security. Now the security of hybrid cloud framework requires academic attention.Based on the security requirements of cross-domain authentication and access control in the hybrid cloud environment, this dissertation studies the cloud infrastructure security, cross-cloud identity management, cross-cloud access control and so on to improve the security of hybrid cloud service. The contributions of this dissertation can be listed in the following aspects:1. With the requirement of authentication in the hybrid cloud, a cross-cloud authentication mechanism is proposed, through building a trust among private clouds. And analysis on the efficiency and security is carried out. In this mechanism, Bilinear paring signcryption is integrates into PKI system, which satisfies the requirement of integrity and reality for user attribute token, and realizes a uniform authentication in a hybrid cloud framework. The authentication mechanism mainly includes the design of authentication protocol, token service and cross-cloud security exchange of parameter, provides the support of authentication for access control based atrribe-centric. Compared to the other traditional approach, the mechanism possesses more efficient and lightweight characteristic, and can satisfy the requirement of a great lot of users, frequently accessing service, high dynamic and isomerous in the hybrid cloud.2. Large numbers of users, roles, permissions and authorization restrictions in the hybrid cloud demand to manage availably. To overcome the deficiency in the hybrid cloud cooperative service application with the current model of authorization management, colligating the advantages of ABAC and RBAC, based upon the analysis of the relationship of distribution, possession, inclusion and composition among the element set in the hybrid-cloud cooperative organization, the time, security and environment of the permissions composition structure is analyzed. And the hybrid cloud authorization management model based on policy combination is proposed, the basic connection and authorization regulation of policies composition of HCAMMPC is designed, the method of policies composition is advanced, and theorems of the HCAMMPC are proved. The HCAMMPC can compose policies dynamic, access control fine granularity and expand well, and satisfy the requirement of dynamic authorization management in the hybrid cloud cooperative service application.3. Aiming at the problem of simplicity of daisy-chain structure for parallel and concurrent operations in cloud computing, a secure scalable star-style measurement structure is introduced. And to resolve the deficiency of attention method for construction of cloud computing infrastructure, a non-interaction remote attestation method with TPM restriction is proposed. Through these methods, the measurement and attestation requirements of cloud computing infrastructure are satisfied.
|
PDF Full Text Request