Identity Authentication And Access Control Based On S-UCON

As a rapidly emerging technology, Cloud computing see internet as the center, and provides virtual, open, scalable service to the users. It is because of this special network environment that make cloud computing service face many security problems. Many safety problems such as the user’s privacy data suffer from illegal access, data tampering and others make cloud users just face such attractive service but have to step back. So the security of cloud computing services is a major problem to be solved currently. And secure access control can prevent illegal unauthorized access, effectively solve these security risks. But most access control models are static, pre-authorized.And they are not applied to dynamic network environment in cloud computing.Therefore it is necessary to put forward a new access control method in order to adapt to the cloud computing environment.In view of the above problems, I have done the following work: First of all I have studied some of the traditional access control models and other based on task model and role based access control model, But these access control model has the characteristic of pre-authorization and static. And it’s not suitable for cloud computing environment.Secondly through comparing the characteristics of access control model of the previous and next generation access control model, found the UCON model(usage control model,namely the next generation access control model), has some new characteristics, the introduction of obligations and conditions provide a more comprehensive basis for the authorization decision, there is a most remarkable characteristic is the introduction of variable attributes, and flexible authorization, very suitable for use under the cloud computing environment. Therefore, the design is based on the UCON model, combined with the characteristics of cloud computing and the SSO on SAML. At last designed the S-UCON model which combined the UCON access control and authentication to ensure the security of user’s data.In this design, we have introduced the model of S-UCON, its most prominent feature is that the identity authentication and access control are combined. Reflect the characteristics of UCON model suitable for cloud environments and identity authentication based on SAML single sign on in function. Make the user once sign on and can access the associated system without repeated authentication function. Transfer of single sign on SAML message according to the three kinds of assertion message.These assertions not only provide single sign on function but also the access control of secure information transmission. The subject and object attribute information and access rules are stored separately in the LDAP directory server, makes authentication and access control convenient and improves the safety.The UCON model analyzes these assertions and makes authorization decision, implements flexible authorization. Finally,the design model is applied to the electronic medical record which has high safety requirements at present. Ensure the user’s data security and privacy. And provide a simple authentication for users.