| Cloud computing is a very important research topic in the industry and academia. Com-pared to the tranditional mode, cloud computing has a lower cost, easier deployment, and greater stability, so more and more companies make cloud computing as their service plat-form. We can hope that cloud computing may become the most popular service mode due to the rapid development of Internet and big data.We have lots of open source cloud computing projects in the community, OpenStack is one of the most popular. It is called "cloud operating system", a number of high-tech compa-nies are making contributes to it, such as Intel, Microsoft, Cisco, HP, and so on. OpenStack is a general purpose software, and is not designed for specific occasion, but OpenStack is released under the Apache license, it allows us to close source after modification, so many companies build their own cloud based on OpenStack. This thesis designed and implemented a cloud computing resource management platform based on OpenStack, and we also designed a new access control method.Access control is an important problem in cloud computing. Build service on the cloud means less privacy, traditional access control methods are not very suitable for cloud comput-ing situation.Attribute-based encryption(ABE) is a new class of asymmetric encryption method in recent years, it connect ciphertext and privacy key to some certain attributes sets. In the Ciphertext-Policy Attribute-based Encryption(CP-ABE) method, access structure tree is in-tegrated in ciphertext, and ciphertext can be decrypt by a receiver only if his attributes set satisfies this particular tree. Unlike traditional public-key cryptography, sender in CP-ABE does not have to obtain receiver’s public key, and nor do they need encrypt message respec-tively for every single receiver. These properties make CP-ABE very suitable for distributed environment, so we use it to build an access control management system in our cloud comput-ing platform.This thesis did some research on OpenStack and CP-ABE, our main work is designed and implemented a cloud computing management platform named "vLab" based on OpenStack, and users can create and manage virtual compute instances in this platform. We also designed remote access methods on virtual instances, it is helpful to deal with the lack of IPv4 address issue, especially for schools, research institutes, and other non-profit organizations. Also there is an access control management system and corresponding revoke scheme in vLab, the basic idea is challenge-response authentication based on CP-ABE, servers do not have to maintain users’ permission information any more. |
PDF Full Text Request