The Research On Access Control Model And Strategy In Cloud Computing

Cloud computing is a new kind of computing mode which developed on the basis of grid computing, parallel computing, distributed computing, high performance computing technologies and so on. The characteristics of Cloud computing such as flexibility,economical, high scalability and transparency have brought a huge benefit to enterprises.At the same time, the development of Cloud computing has brought many security problems. These security issues have caught more and more attentions from people, and have become a bottleneck hinder to the development of Cloud computing. It is particularly important to solve the security problems in Cloud computing for its development.Access control technology is an important part in the field of information security.While, the characteristics of Cloud computing such as dynamic, openness, virtualization have made the traditional access control technologies can’t meet the security requirements in Cloud computing well. In order to solve these security problems better, an access control model named CRUAC which mainly improved and expanded on the basis of Usage Control model is put forward in Cloud computing. The main research contents of this paper are as follows:1. In order to solve the data security problems in Cloud computing, the access control model in Cloud computing is researched. The paper introduces an access control model named CRUAC. The model is studied on the basis of Usage Control model. The concept of role is introduced into the model, the security level of Cloud users and Cloud objects are divided and the constraint information is added to the decision-making factors in the model.2. The architecture and the safety management of CRUAC have been researched. The elements of CRUAC are defined formally. The state and action in CRUAC are analyzed.What’s more, the security management is studied from user management, constraint management, resource management and authorization management. Among them, the user management emphasizes the object owner’s monitor ability for its objects, which can avoid the permissions of Cloud Server becoming too large.3. The access control strategy of the model is researched for the authorization decision problems. The authorization decision framework of CRUAC is designed especially. The structure, function and working process of the main components such as Monitor in CRUAC are analyzed in detail and designed logically. The access control process of the model is given. The access control strategy of the model is described by using the extensible access control policy language, which makes the model have goodscalability, portability and other advantages.4. Aimed at the problem of resource sharing, in order to improve the security of resource sharing, the access control process of Cloud computing environments is researched. The access control process in Cloud computing environments are divided into two stages: the access control in Clouds and the access control across the Clouds. The Virtual Resources Manager designed in this paper can manage the resources in Cloud Servers and estimate the storage location of resources, which provides a basis for access control across Clouds and can improve the security of resources sharing to some extent.