Research On Cloud Storage Data Access Control Mechanism With Privacy Protection

As an emerging computing paradigm, Cloud computing is leading IT industry in rapid development. Because of cloud storage service has the benefits of low cost, everywhere and infinite virtual storage, more and more people use it as massive data storage and sharing platform. The problem of data security and privacy is a major challenge for cloud storage service to develop. To achieve security cloud storage data access control, a research work on cloud storage data access control mechanism with privacy protection is presented.Based on the analysis of the existing cloud storage access control mechanism, the disadvantages of the existing mechanism in the aspect of users' privilege revocation are found, and virtual group revocation policy is proposed. The policy divides all users in the system into several virtual groups, and each user is assigned a corresponding virtual group number as his special dynamic attribute. On the basis of the original access tree, the policy also rebuilds the access tree by adding a subtree. The subtree assigns the logic "and" as root node, and the leaf nodes contain all virtual group numbers in the system. When a user' privilege is revoked, the system doesn't need to generate the private keys for all users, but only the users whose virtual group number is the same as the revoked user's. In this way, the policy greatly improves the users' privilege revocation efficiency, but doesn't destroy the fine-grained access control. With the increase in the numbers of users, this advantage is more obvious.On the basis of ciphertext policy attribute-based encryption and the proposed virtual group revoked policy, cloud storage data access control mechanism with privacy protection is designed. According to the designing goals, the framework and algorithm are designed. In the work of designing framework, the overall framework, users' privilege granting and privilege revocation are completed. In the work of designing algorithm, the main algorithms are designed, and its complexity analysis is presented, the security certification is also completed.Under the Ubuntu operating system, Hadoop platform is built. By using the file system HDFS to simulate cloud storage environment, and adopting the Java programming language, simulation experiment is realized. In the simulation system, the experimental data is analyzed, and contrast experiment is made. The experiment results demonstrate that our model is effective, and has higher efficiency on users' privilege revocation.