| With the development of the Internet, computer network in people’s lives is more widely used, which has become indispensable in our daily work. In particularly, the development of cloud computing, which is also widely used around people’s lives, has overturned people’s understanding of computers and networks. People can easily enjoy the convenience of cloud computing neither need to understand the specific technical details cloud environment nor specialized knowledge of cloud computing. However, the development of cloud computing still have many security problems now, such as authenticating the identity of users when they access the cloud server and authorizating when they need to register, etc. These serious problems must be considered.This thesis studies security problems of user authorization and authentication services in cloud environment, firstly the study focuses on the concept、characteristics and the main service principles of cloud computing and how to achieve cloud virtualization and data management technology in cloud computing. Meanwhile, the related research by the following ways of current authorization and authentication services has been done. After in-depth analysis of could computing and authentication and authorization I do research on cloud computing problems which combined with the presence of cloud computing unauthorized user data confidentiality issues, the revocation of the user type attribute, user authentication and access authorization, then the core of the thesis design TBSSM(Trust based Security Service Mechanism) models is proposed. It uses a security mechanism to protect data from being accessed by non-authenticated users. This model will be seen as a semi-trusted server, such as credible but unintelligible. This means trying to find out as much secret information stored in a log file but at the same time it must faithfully follow the general agreement is needed. On the other hand, some users will attempt to access beyond their file permissions. In TBSSM model, the main design principle is the mechanism of the stack which the user’s identity can be authenticated, user’s behavior can be authorized, the server port services Portlet authentication and dependable computing in server can be solved, a comprehensive analysis of user behavior and user Attribute encryption can be achieved, etc. Then, in the theoretical analysis of the performance of TBSSM have been done, which including the safety analysis, access control, particle size analysis, analysis of user access privileges, the user secret key analysis and analysis of data confidentiality, the feasibility of the model is verified theoretically. On this bassis, a prototype system is designed and implemented based on the“service mechanism of authorization and authentication in cloud environments”.Finally, a cloud storage system has been designed according TBSSM model proposed by this thesis in a laboratory environment for deployment. Aspects of the system for testing, we find its effevtiveness of solving authorization and authentication in the cloud environment, the model does improve system security which compared to other cloud computing environment. |
PDF Full Text Request