Access Control Model Based On Ucon Cloud Computing

With the rapid advances in cloud computing, there is a growing research interest in cloud security. Diverse aspects of cloud security problems have been studied including architecture security, data security, virtualization security, application security, and etc. One of the basic and most attractive features of cloud computing is its data accessing ability for authorized users at anytime anywhere. However, this more convenient data accessing property has also led to higher risk in data security. New challenges on access control emerge with this new computing environment, such as physical location restriction problem, on-going access control problem, etc.In this thesis, the author studies the problem of access control to resources in cloud computing environment. An approach based UCON is proposed to address the physical location restriction and on-going access control. The contributions include,First, the author studies the traditional access control techniques (e.g. trust management, digital rights management, etc), and discusses their advantages, disadvantages, and the possibility of adapting traditional access control techniques to the new cloud computing environment.Second, based on the above, the author also studies the UCON model and discusses the effectiveness and efficiency in using approach based UCON for access control in cloud computing. And proposes an idea of using the UCON based access control model to address the problem of restrictions on resource physical locations.Third, the disadvantages of UCON are discussed. Despite the obvious advantages of using UCON in access control, there is little work done on the authorization and privacy protection problems using UCON, especially on on-going control. This thesis takes a first step in addressing the authorization problem during data accessing using UCON. The effectiveness and efficiency of the proposed approach is evaluated using a real-world case study.Fourth, the author discusses the problem of protecting privacy policy information against interpolation. Comparing to existing approaches, the UCAMM method proposed in this thesis is capable of protecting privacy policy information from being interpolated.