| Cloud computing is an important paradigm, with the potential to significantly reduce costs through optimization and increased operating and economic efficiencies. Furthermore, cloud computing could significantly enhance multitenancy sharing, agility, and scale. At the same time, security has emerged as arguably the most significant barrier to faster and more widespread adoption of cloud computing, several surveys of potential cloud adopters indicate that security and privacy is the primary concern hindering its adoption in recent years. Without appropriate security and privacy solutions designed for clouds, the potentially revolutionizing computing paradigm could become a huge failure.Access control, as one of the key defence for data safety share and cloud service access, plays a crucial role. Cloud computing environment contains three entities:cloud user, cloud service provider and data owner. The user submits a request to access the cloud service or cloud environmental resources, the resources provided upon request by cloud service provider may come from different logic security domains, and these resources may belong to different data owners. It is possible that some entities may be malicious user entity or malicious service entity in different logic security domains. The special and complex form of cloud entities makes it difficult for the existing access control model to adapt to cloud computing environment. Furthermore, cloud computing belongs to multitenancy sharing environment and often needs to share data between all kinds of entities. How to protect security and privacy is a key technology of security access control on sharing data access. The highlights of this dissertation are as follows:(1) For the lack of traditional access control model, attribute based access control (ABAC) technology is applied to cloud computing environment. Through extending trust and privacy attribute in ABAC model, this paper has presented a fine-grained ABAC model with trust and privacy attribute in cloud computing. The access control decision relies on integrated attribute information with trust and privacy. The ABAC model has a fine-grained access control, better security and privacy protection ability.(2) A ABAC optimization technology based on trust evaluation is built. The key technology is to attach reputation computation between access subject and access object. A synthetical recommendation trust aggregating algorithm based on combination of direct trust and indirect trust and recommendation trust is given,which solves the low accuracy and unreliable problems of traditional trust evaluation algorithm by introducing entity familiarity factor and scoring similarity factor and evaluation credibility. The access control decision can resist the attack of malicious cloud user or cloud service effectively.(3) A fine-grained ABAC scheme based on multi Key Generation Center (KGC) and multi weight access authorization tree is proposed,which solves the trusted problem and security concerns of a single trusted key generation center The scheme allows data owner to define fine-grained and flexible access control policies.(4) A new removing trusted third party KGC of CP-ABE scheme is given,which solves the untrusted problem of a single key generation center by introducing security two-party computation in cloud computing. The scheme can avoid the security problem caused by key generation, key distribution and key update, and then the end-user only needs once addition operation and the computional efficiency and security is greatly improved. |
PDF Full Text Request