Research On Access Control Model Based On Role In Cloud Computing Environment

Cloud computing is an emerging industry in the development of socialinformation, and it brings a new service model to the whole IT industry. Cloudcomputing is a new integration way of resource, it puts cloud provider’s computingresources, including networks, servers, storage devices, and applications together viathe Internet, and use virtualization and distributed processing technology to supplyself-service and on-demand service to users.With providing efficient, convenient, dynamic and scalable service, cloudcomputing also brings great impact to the security of users information and dataprivacy protection. User authentication and access rights control is an importantmeasure to ensure cloud computing environment security. The traditional accesscontrol models no longer apply to the complex and dynamic cloud computingenvironment. After analyzing the need of cloud computing access control, I proposeAccess Control Model based on Role in Cloud Computing Environment TKRBACwhich combines separation of power with encryption technology to completepermission control. First the work done in my paper is fine-grained division of role.There are five sets of roles, they are system maintain manager, cloud service managerset of roles, cloud tenants set of roles, cloud data managers set and data owners.Secondly, the model structure, work processes and related policy rule are introduced.For cloud service managers, separation of powers program is adopted to control theadministrative privileges which is divided to the roles assigned administrators,security administrators and audit administrator. Finally, the paper introducesciphertext storage of data and access control management. The unauthorized userscan’t obtain decryption key to decrypt data when they bypass access control to obtainunauthorized permissions.Three validation of users access control is proposed in this model. The first stageis identity authentication, the second-level access control is to obtain the appropriatepermissions, and the third stage is the validation of the cryptographic resources. Themodel not only has a high level of security, but also a certain degree of flexibility.