| With the rapid development of cloud computing, cloud computing application in society is becoming more and more widely.At the same time, the problem of cloud computing security get more and more people's attention. Due to the distributed nature of the cloud, the traditional access control technology is not suitable for the cloud environment.So it is very necessary to research a kind of access control method which is suitable for cloud computing. This paper presents a cloud computing access control method based on attribute encryption.The attribute hierarchy mechanism is proposed, which is used to simplify the authorization mechanism and the revocation mechanism of the attribute. At the same time, the stratified attribute is managed by multiple attribute authority mechanism with different authority. Attribute authority center is only used to manage the subordinate attribute authority and initialize the system parameters. Each attribute authority manages the partial attribute set, and carries on the authorization to the user. The system use XACML language to describe the policy of access control. When they perform cross-domain access, using SAML protocol to identify user identity and pass the user attributes, and according to the conversion rules will be converted to the target domain attributes of the user attributes. At the same time to regulate the behavior of users, by reducing the value of the user's trust value in real time, to achieve the effect of dynamic adjustment rights. The proxy re-encryption technology is applied to attribute revocation.Finally, the availability of the system is tested. Experiments show that the access control system basically achieves the design purpose: fine granularity control, and the ability to dynamically adjust the permissions. In addition, this paper analyzes the security of the access control model from the aspects of algorithm security, data security, anti collusion attack security and forward security. |
PDF Full Text Request