Research On Access Control Technology Based On Negative Rule In Cloud Computing

The cooperative enterprises share a part of the data without involvingconfidential information in the cloud environment. Whether to permit a query amongcooperative enterprise is determined by specifying authorization rules. However, thereare three problems in traditional ways to ensure data security: firstly, authorizationrules can only authorize directly rather than be mixed into other authorization rules,which brings managerial problems as queries increase; secondly, without filteringirrelevant authorization rules to the query leads to inefficiency of query; finally, theattributes of those authorization rules given to the same enterprise will composelocally, which will cause more disclosure of confidential information in the queryprocedure. In order to solve these problems, this paper puts forward an access controltechnology based on negative rules, at the same time, designs and realizes t he querychecking algorithm based on the graph model and the consistency checking algorithm.The query checking algorithm aims to settle the former two problems, and the finaldifficulty is left to the consistency checking algorithm. The combination of the abovetwo algorithms will help the access control technique do better in ensuring thesecurity of public data and preventing the disclosure of confid ential data.The query checking algorithm based on the graph model includes three aspects:first, the algorithm finds out the join path of query and authorization rules through thegraph model, and then identifies those authorization rules, called query composablerules, which defined on sub paths of the query join path; Then, assemble these rulesinto join group lists according to query connection attributes, link relevant entities toform a bigger join group list, and then acquire the connected entities g roup having themaximum number of relations; At last, compose these rules in entity group into abigger rule, and then check whether this big rule can authorize the query.The consistency checking algorithm is proposed for checking whether thereexists conflict between authorization rules with negative rule, and for reminding thedata owner of changing granted permissions to their cooperative enterprises so as torelieve the conflict. The algorithm consists of two aspects: On the one hand, it takesthe join group list approach to check the possible rule composition, which experiencesthe similar methods of the query checking algorithm; On the other hand, composethese rules in entity group into a bigger rule, and then check whether attributes of these bigger rules contain all the attributes of negative rules.Simulation results and performance analysis show that, the interception rate ofillegal access, which is achieved by the query checking approach combined with theconsistency checking algorithm, is between82.3%and90, while the rate of querychecking algorithm only is between58.3%and80%. Therefore, the combination ofthe query checking algorithm and the consistency checking algorithm will be of moresafety. What’s more, with the increase of the negative rules, the disclosure rate ofsensitive data is decreasing in the query procedure and will finally go almost downgreatly. Consequently, the key to the accuracy of access control is the reasonabilityand improvement of the rules.