Research Of User Behavior Assessment Based Access Control Model Under Cloud Computing

In cloud environment, users can access the variety of resources and services provided by cloud service providers through the Internet. The cloud users are the initiator of accessing to resources, however, the cloud users may be the initiator of attacking resources. Thus the legal identity of user cannot assure reliability of the user behavior, it is need to control the legitimate user’s behavior to protect cloud resources. In view of the problem that the static authorization mechanism of the traditional access control model cannot control the cloud users dynamically, the paper assesses user behavior based on the improved information security risk assessment equation and the trust model based on behavior risk evolution(TMBRE), and then the user trust degree, user behavior set and other tuples are introduced into the role-based access control(RBAC) model. Finally, this thesis proposes user behavior assessment based access control(UBAAC) model under cloud environment. The specific studies are as follows:(1) Combined with the security requirements of the three Cloud Service Models in cloud computing, the set of use’s threat behavior is divided. And then, using the risk assessment theory, the risk factors of cloud user behavior are defined by analyzing the risk of cloud user behavior. Moreover, taking into account the repeated threat behavior will affect the change of the risk value, the paper improves the risk assessment equation to assess and quantify the user behavior risk. For behavior risk and user trust calculation in TMBRE, the effect of the time and frequency of threat behavior risk value and trust degree are not considered, so in this paper, the time of use’s threat behavior is introduced into the calculation of user behavior assessment algorithm to realize the quantification of user behavior risk and user trust.(2) In view of the static authorization mechanism of traditional RBAC model cannot adapt to the dynamic characteristic of cloud computing, the paper introduces user trust degree, user behavior set and other tuples based on the traditional RBAC model to extend the RBAC model, and proposes UBAAC model under cloud environment. The model needs to further monitor the access behavior after authentication of cloud user, and calculates the user behavior risk value by analyzing the user behavior, and then, the user trust degree is calculated based on the behavior risk value. Finally, by mapping the trust level and permissions based on user trust degree, the permissions are adjusted dynamically and the model realizes dynamic authorization of the model.(3) The thesis uses the data and methods of verifying TMBRE to analyze the user behavior assessment algorithm. Compared with the TMBRE, the relationship between the behavior risk value and the trust degree in the UBAAC model is more reasonable. Then, by comparing the change of the user trust degree and trust level, the validity of the dynamic authorization mechanism is proved. Finally, comparing the performance of access control with other models, the UBAAC model has good dynamic performance and security credibility.The UBAAC model realizes the dynamic adjustment of the user permissions through associating trust levels and permissions based on user trust degree by dynamic monitoring and evaluation of user behavior. Through the verification and analysis, the research can dynamically control the cloud user behavior and permissions effectively and also improve the safety and reliability during accessing cloud resources and services by the cloud user which ensures the safety of cloud resources.