Research On Attribute-based Access Control In Cloud Computing

Cloud computing is a way of computing with dynamic extension ability, it can bethought of as the development and application of the concept of distributed computing,parallel processing computing and grid computing. At the same time of rapiddevelopment of cloud computing, cloud computing security issues is also growing andhas become the important factors hinder the further development of cloud computing.Access control technology is the key to ensure the security of information technology, itcan prevent illegal users access protected resources and prevent legitimate users accessresources that is not authorized. However, as the cloud computing platform is an opennetwork environment, traditional access control can’t meet the requirements of theaccess control in the cloud computing, therefore how to design an access control systemin the cloud computing environment is of great significance for the development ofcloud computing, especially in data sharing.The paper mainly studies on the attribute-based access control in cloud computing.Attribute-based access control serves subject, object and environment attributes as thebasis of authorization decisions, that is, all of the entities use attributes to describethemselves.Attribute-based access control has the properties of high polymerization,high flexibility, high scalability and supports anonymous access, etc. The main worksand researches of this paper are as follows:1. We study the formalized definition of ABAC, and introduced the general modelof ABE, present the ABAC model in the domain of cloud computingenvironment combine with the XACML, discuss the access request, attributeauthority and the relationship between the PEP(Policy Enforcement Point) andPDP(Policy Decision Point), PAP(PolicyAdministration Point) in the model.2. We study the attribute mapping model of the cross-domain access control modeland authorized mediation system, and give the cross-domain ABAC model incloud computing.3. We study the specific method of how to bulid a hadoop cluster.4. We develop a test system about attribute-based access control in the cloudcomputing.