| Nowadays, scholars and enterprises both at home and abroad pay extensive attention to cloud computing because of its easy maintenance, low cost, flexible deployment and reliable service. However, with the further development of cloud computing application and technology, security issues are emerging, and become the key factor hindering the development of the cloud computing. In consideration of the service environment and data, including the privacy information of users, are deployed in the cloud terminals, the cloud service providers can't guarantee the quality of the service they promised with the existing technical means. What's worse, they might steal the personal privacy information of cloud users, and some malicious users might attack other normal users. Consequently, it's necessary to study how to guarantee the comprehensiveness and reliability of the monitoring information of the cloud platform. This paper presents the access control technology of cloud computing in the future based on the above discussion. We expect it could make contribution to the scientific research and industry development of the cloud computing in our country.First, we proposed an authentication mechanism for the dynamic user behavior in the cloud environment in view of the existing cloud computing security issues. Through the analysis of the demand for cloud computing application environment, we determine properties of the user's behavior certification, set up scientific evidence set, propose the strategy to obtain, maintain, transfer evidence and certificate behavioral evidence. According to different behavior authentication results, we adopt corresponding control measures, put forward the runtime evidence collection methods. In order to provide objective, authentic, full-scale trusted evidence of the dynamic runtime environment of the credible terminals, we designed and implemented a dynamic terminals runtime environment credible evidence collection agent based on trusted platform model (TPM). The agent's main function is to collect the state and operating information of the key object of trusted terminals such as memory, disk file, network port, strategic data.Secondly, aiming at the openness and complexity of the cloud computing environment, we analyzed the shortage of the architecture based on TPM system, and proposed a kind of remote authentication mechanism, with dynamic feedback, which is highly efficient and flexible. The mechanism we put forward in this paper makes the TPM trusted access can be applied to the cloud computing environment by enhancing the existing functions of TMP. This article expounds the functions of TPM_ Credit instruction in new mechanism which enhances the existing TMP, and analyzed the pseudo code and advantages of new mechanism. By quantitative processing of evidence using the algorithms proposed in this paper, we can monitor the user and change the access permission dynamically, so as to prevent hackers impersonation attack and realize security access to the cloud.Finally, on the basis of evidence collection, we proposed the subjective trust quantitative evaluation based on cloud model. We gave out quantitative evaluation on the credibility of users with the mathematics characteristic value of the evidence set, so as to provide the basis for further trust decision according to the change of evidence. According to the simulation results of the CloudSim software, we demonstrated that the model is practical and effective. |
PDF Full Text Request