Study And Application Of Policy-Based Access Control Model On Cloud Computing

Due to the widespread application of cloud computing, its security problem has become increasingly prominent, which results in new requirements in access control mechanism. Therefore, the PACMCC(Policy-based Access Control Model on Cloud Computing) designed and implemented in this thesis is presented according to the requirements in access control provided by cloud computing PACMCC is able to improve the flexibility as well as enhance the adaptability and multi-policy supporting of access control, which leads to its overcoming the shortcomings of current access control models for cloud computing.On the basis of poring over plentiful of related literature, this thesis presents the design and implementation of PACMCC. The main research results and innovations are described as follows:(1) This thesis applies the PBAC(Policy-Based Access Control) to cloud computing and further proposes our scheme of PACMCC. By introducing the concept of environment into existing models of PBAC and perfecting the design of model we make the model become more flexible. Next to that, this thesis introduces subject attribute into the model and adds the support to policy decision in mobile cloud, which has extended the model's adaptability. Furthermore, we also exploit the supporting for multi-policy decision from original models so as to enable the supporting ability for PACMCC. After designing the model, we give the context and work process of the model as well as the design of policy decision algorithm which adopts prior enforcement of reverse policy with its decision rules. And the policy decision of the model is consequently implemented.(2) Focusing on the availability and consistency problems of the policy in this model, this thesis designs and implements a corresponding refinement and conflict detection mechanism of policy. Subsequently, the design and implementation of corresponding conflict detection algorithm are presented on the basis of entity conflict detection. Then several experiments are conducted to verify the feasibility and security of this conflict resolution method.At last, This thesis applies the model to CloudSim cloud simulation platform, we conduct a series of simulation experiments by extending this platform. Through the verification of this model's security, decision ability on the mobile client side and ability of resolving conflicts, its availability and effectiveness have been guaranteed.