| With the growth of Internet, cloud computing is becoming more and morepopular. It gathered a lot of computer resources together to form a virtual IT resourcepool, therefore, it is available to the user and is convenient and economical to use.With the popularity of cloud computing, the data security issues in the cloudbecomes the most concerned problem in cloud computing, and is restricting thedevelopment and promotion of cloud computing. As we know, the cloud computingplatform is a collaboration platform to users and cloud service providers. Once user’sdata is uploaded to the server, the user is hard to guarantee that the data is protectedand can only to trust the cloud service provider.In order to protect the privacy of data stored in the cloud independently, wepresent DIFC-AC, an access control method based on the decentralized informationflow control model. DIFC-AC uses security labels to track data as it flows throughthe system. Capabilities are annotated with labels which describe the controldemands of the users. A reference monitor is implemented on the cloud node tointercept the system calls related with data flow. In that way it controls how dataflows between the application and the outside world. Hence, the user’s ability tocontrol of data is extended to the cloud, reaching the purpose of protection of theprivacy of the data according to the user’s requirements.In this paper, we analyze the background of cloud computing, and accesscontrol technology in cloud computing systems in depth. We analyze the informationflow control model and the associated safety systems as well. Based on this, theDIFC-AC access control methods is aroused. In the paper we elaborated on the labelof the access control mechanism, authorization and access control strategy as well assecurity. A prototype system of DIFC-AC is implemented to protect the data privacyin the whole life-time in the cloud server. Performance evaluation shows that theprototype system imposes reasonably low runtime overhead. |
PDF Full Text Request