Font Size: a A A

Research On Multi-tenant Data Security Protection Technology Based On Openstack

Posted on:2018-11-09Degree:MasterType:Thesis
Country:ChinaCandidate:X B YuanFull Text:PDF
GTID:2348330512984706Subject:Engineering
Abstract/Summary:PDF Full Text Request
In recent years due to the progress of cloud computing, there have been many excellent open source cloud computing platform, in which the OpenStack-based cloud computing platform is increasingly concerned about With IaaS built by OpenStack,cloud service providers can provide basic services such as computing, storage, and network and build and provide software services such as tools, applications, and so on,for which businesses or individuals can rent cloud service providers service. In this way,with the use of cloud computing technology can be efficient and convenient for tenants to provide services to reduce the operation and maintenance costs of the industry,multi-tenants become the development trend of cloud computing.In the multi-tenant mode, the difference between the traditional model and the hardware and software resources, each tenant can customize the resources, on-demand configuration of the service, which will face data isolation, architecture expansion,performance customization and other issues. Due to the sharing of resource platforms and complex tenant relationships, the tenant's data security is threatened, and the security of tenant data is urgently needed to improve its security.Based on the cloud environment of OpenStack, this thesis focuses on the security isolation and access control technology of tenant data. The access control is analyzed from the aspects of principle, structure, strategy and technology. Especially, in the case of access control model, the role assignment, the rights management, the role stratification and the dynamic and static constraints are studied in depth, and constructed the access control model suitable for the multi-tenant environment.This thesis contents are as follows: (1) Based on the RBAC96 and NIST RBAC models, in order to improve the flexibility of the assignment and simplify the authorization process, an improved role access control model is proposed, and the fine granular role access control based on data object Model, increase the management of user groups, role groups to simplify the authorization, fine-grained and fine-grained roles, separate functional permissions and data objects, so that they have a relatively independent allocation of authority to achieve fine-grained rights management, better isolation of tenants data; (2) in order to ensure multi-tenant data security, improve tenant data isolation, on the basis of fine-grained role-based access control model data objects on the proposed fine-grained role-based data objects multi-tenant model, model integration identity and role access control to realize the user identity safety certification,and the introduction of data security gateway verification tenant requested data to prevent unauthorized and malicious access to other tenants, increase the security of tenant data; (3) based on data objects Fine-grained role of multi-tenant model, designed and implemented Systems, and application example of the prototype system was validated.
Keywords/Search Tags:multi-tenant, access control, data isolation, RBAC
PDF Full Text Request
Related items