An Access Control Model For Cloud Computing Based On T-RBAC Model And Three-party Key Exchange Protocol

Cloud computing has been a hot topic in IT field for years, and is considered of the fourth generation of IT industry revolution following Internet, attracted variable IT enterprises. Computing Capability provided according to requirement and cheap cost for hardware platform enables the small and medium-sized enterprises no longer subjected to the hardware limitations, which promote the company development. Cloud computing not only to provide super computing and storage capacity through the Internet, but also form a new platform for information sharing between different company and industry.Cloud computing provides robust fault-tolerant mechanism and disaster recovery for data in the cloud, such as Amazon Simple Storage service(S3) and Google File System(GFS), that provide reliable data storage centers. But the data stored beyond the user’s control, and whose security relies on the cloud also brought hidden safe issues, which maybe a major obstacle to the development of cloud computing. On the other hand, data sharing is also a problem that should considered. One word, the security research on cloud storage needs to hurry-up.Through analyzing of the current cloud computing and cloud storage characteristics, we summarized the cloud data storage security issues, and point out security problems that may be resulted by that cloud service providers holds the highest privilege and access control requirement caused by sharing access.Then we propose a secure access control scheme based on the T-RBAC (task-role based access control) model and three key exchange protocol,face to data sharing, in which realizing the access control management through permission assignment and authorization. In the authorization aspect, we improved a-.password based three party key exchange protocol that provides more security characteristics, and with that, users can establish a secure authorization process in the open network environment. For permission assignment, we provide a special role for cloud server to limiting its permissions, which may reduce probability of illegal access and abuse of data that caused by incredible cloud computing venders.