Model Of Attribute-based Access Control In Cloud Computing

With the rapid development of information technology, the Conditions of accessing non-localcomputing services（including data processing, data storage and information services） throughnetwork are more and more mature. So it comes to the “cloud computing” technology. The reasonwhy it called “cloud” is because computing facilities are not in the local but on the Internet, andusers don’t need to care about the specific location where they are. This characteristic of cloudcomputing has promoted the development of its applications greatly. However, there are also someproblems to be solved. Now, one of the most concern problems is security in the cloud computingenvironment. In this paper, on the basis of in-depth analysis of the present status of the cloudcomputing security, we have studied the access control in cloud computing environment deeply, andits main contents are as follows：Firstly, this paper introduces the definitions and the research status of access control. Weanalysis the characteristics of traditional access control methods: discretionary access control,mandatory access control, and role based access control methods and so on. Then we can come tothe conclusion that the traditional access control methods may suit for centralized environmentthrough a comparative analysis of their strengths and weaknesses. For distributed cloud computingenvironment, traditional access control methods can not take advantages of their access control.It isin need to choose a suitable method for the characteristic of access control in cloud computingenvironment.Secondly, this paper analyzes the characteristics of current cloud computing environment andsecurity issues that exist in the cloud computing environment. Compared with the traditionalcentralized environment, the constraints, which are needed by access control in cloud computingenvironment, are more complicated as well as the granularity is higher. Therefore, this article willintroduce the concept of attributes to the access control model, combined with the characteristicswhere exist some logical security domains in cloud computing environment. We propose a propertyaccess control model which oriented to cloud computing environment that is: CC-ABAC （CloudComputing Attribute-based Access Control）.The model is divided into three modules： security authentication module, with the positioning module and the access to decision-making module. Thethree modules collaborate to achieve the process of policy evaluation for access request and thestrategy for decision-making and so on. Access to decision-making module achieves the regionaland cross-domain access decisions based on attribute-based access control methods.Finally, the paper will describe the CC-ABAC model formally and gives the core algorithm ofthe decision. In terms of inter-domain synchronization properties, we design a semaphore and P/Voperation mechanism in order to address incompatible problems that caused by the property sheetcalls and update. We design the experimental scene to simulate cloud computing environment forsimulation experiments which test the results and the time of the decision upon access controlprocess. According to analyze the time and compare the theoretical results with the decision-makingresults, we prove our model is correct. The model not only achieves fine-grained access control, butalso shortensthe time to access controldecisions and improve efficiency ofdecision-making.