Study Of Mechanisms And The Key Technologyson Access Control In Cloud Computing Environment

Cloud computing has been applied in every corner of networks. Most of technical companies have their plans of developing the cloud computing technologies. As the rapid development of the cloud computing, increasing attention has been paid to the cloud security issues. For example, personal files and private data owned by companies are probably monitored by National Security Agency (NSA), which makes the data security of clouds be a global focus. How to build a secure, reliable and effective defense system becomes a popular research topic. In particular, access control mechanisms can effectively address the security issue in cloud computing environments, in order to ensure the integrity and confidentiality of user data, and the data can only be accessed by authorized users.The access control mechanism,as a key service of security techniques, plays an important role in cloud computing.First, in a cloud computing platform, data will be managed in one or more data centers for data sharing. Traditional access control methods cannot satisfy the requirements of data protection in public networks. Thus, creating a practical data access mechanism is the first issue needed to be addressed in cloud environments. Second, due to limited computing and storage capacity of devices.an efficient access control mechanism and algorithm is required to reduce the workload in the clients with limited resources. Third, instead of clients, digital authentication and access control will be processed by cloud servers to prevent from invalid accesses and downloads. In this case, the security and interaction of the access control mechanism is another important topic.To effectively address the above issue, this paper mainly focuses on key techniques of access control in cloud. Based on the systematic analysis of existing access control methods, we propose several related systems and schemeswhichimprove the management, effectiveness and reliability of the existing. The major contributions of this paper are summarized below:1. Studying the state-of-art access control models in cloud computing environments and propose a practical theoretical framework for the access control model. First, we analyze the state-of-art access control models and explicitly demonstrate that an autonomous and distributed model is applicable to the access control models in cloud computing environments. The relation of access subject and right should be a direct or an indirect hybrid access control mechanism. Then, by comparing three existing cloud access control models, we find that an attribute-based access control model for clouds has many advantages, such as fine granularity, flexibility and scalability, and provides theoretical basis for novel access control schemes in cloud computing environments.2. Designing a novel attribute-based (CP-ABE) access control scheme and implement lightweight devices that can outsource encryption/decryption processing to the computing resources provided by cloud service provider without disclosing sensitive data. Our evaluation shows the advantages of the scheme in security, computing and storage areas, and ensures the legitimate interests of users in cloud computing. The scheme mainly addresses the following issues:1) when applying CP-ABE to design an access control scheme, a large amount of computing resources in clients will be used for encryption and decryption processing, we propose an efficient offloading mechanism with cloud computing;2) because a cloud environment would provide services to multiple users, we investigate how to avoid exposing users’sensitive data to cloud servers;3) the scheme significantly reduces the costs of uploading, downloading, updating and communication on devices.3. Creating an access control scheme that combines the attribute-based encryption and the identity-based signature for clouds. The scheme allows data to be securely managed by un-authorized servers in clouds. Under an assumption that the cloud service provider is not reliable, the scheme can guarantee the data security in clouds and reduce the complexity of data management. The advantages of the scheme include:1) low management complexity;2) fine-grained access control;3) adaptability to the clients with limited resources;4) data unforgeability. Our analysis and experimental results show that our access control scheme is efficient and can protect sensitive data from collusion attacks. Moreover, our scheme can also semantically resist adaptive chosen-ciphertext attacks under the random oracle mode. 4. Based on the attribute-based encryption and the dual encryption system, proposing an access control scheme constructed over the composite-order bilinear groups and prove its security under standard models. Then, in the scheme, we introduce a fully fine-grained revocation scheme based on the direct revocation model, which can efficiently revoke access rights from users on cloud servers. The main contributions of this scheme include:1) on the basis of the dual encryption system proposed by Waters et al and the composite-order bilinear groups proposed by Lewko et al, we develop an adaptive attribute-based encryption model for the fine-grained access control in clouds;2) motivated by the direct revocation model proposed by Attrapadung et al, we design a fully fine-grained revocation scheme as a supplement;3) the scheme guarantees the data security under standard models.5. Presenting novel access control architecture for mobile clouds, in which a middle layer (access cloudlet layer) between mobile devices and the cloud infrastructure is introduced. The main contributions include:1) we explore the original ABE access control schemes on this architecture, which moves the cost of access processing from mobile devices to the cloudlet layer;2) we propose a decision-making mechanism of access control, which analyzes the energy consumption and the response time during data accessing, and selects an optimal access path;3) our simulation results show the high security and low energy consumption of the architecture.Last, by considering current status and challenges in cloud security, we present the future work that would apply the access control in cloud applications.