Research On User Behavior Authentication And Security Control In Cloud Computing

Cloud computing draws the attention of researchers recently, since itexemplifies favorable properties such like low cost, easy maintenance, scalabledeployment, and reliable service, etc. Nowadays there is a trend that governmentsinvest huge amount of financial aid to support cutting-edge research as well asbuild the underling infrastructure in this field. One of the biggest challenges facedduring the development of cloud computing technology is the information securityissue. Traditional researches on information security aspect in cloud computinggenerally focus on whether the service provider can support trusted service.However, as clients can directly access to the software/hardware resources in thecloud computing platform, the potential risks incurred by client's misbehaviorsare greater than ever before. The classic user identification mechanism is far fromenough. In a nutshell, it is incumbent for the researchers to develop strategies tograntee the legitimacy of the client's behaviors and perform risk monitoring. Tothe best of our knowledge, there are few works on this topic, and a generalizedmathematical model is needed for describing user behaviors and conductingquantative analysis.This dissertation is motivated by the above challenges. We propose a conceptof User Behavior Authentification (UBA) based on the characteristics of cloudcomputing environment as well as user identity authentification. Equipped withthis concept, we develop two key techniques, i.e., identity re-authentication basedon user behaviors and behavior trust authentication. We further evaluate theperformance and security of these techniques using stochastic models, andconstruct an integrated theoretical framework for UBA. The results in this workshed light on how to design a network security control mechanism from theend-user. The highlights of this dissertation are as follows:(1) A UBA mechanism in the environment of cloud computing is proposed.We define the attributes of UBA evidence set, and then bring out the learningalgorithm to generate the evidence set according to the demands of cloudcomputing. The UBA strategy and actions to handle various authentificationresults are also given.(2) A UBA model based on Stochastic Petri Nets is built, which is in accordwith the stochastic nature of user behavior. The concept of place, transition, arch, and token is used to describe the authentification process and game problem,resulting in an intuitive graphical approach to analyze UBA. A quantativeevaluation is conducted for the performance of UBA mechanism.(3) A performance equivalent simplification of the UBA model is given. Toaddress this issue, we use the top-down hierarchal decomposition method andbottom up analysis techniques to reduce the complexity of the model and thecorresponding state space of underling Markov process, and provide a formalproof to validate the reduction procedure.(4) A model of behavior risk analysis based on incomplete informationmulti-stage dynamic games is proposed, which analyzes the classification of endusers, determination of the end-user trustworthiness, and belief updating. Thisapproach can dynamically adjust the trust level of end users and take relatedaccess control actions. The advantage of this approach is it can reduce theprobability of malicious request initiated by end users. The results can provideinsights into the designing of effective measure for security control.