Research And Implementation Of Access Control Mechanism For Data Platform In Cloud Environment

In the cloud computing environment, the data services an of the data platform are characterized by mass and heterogeneity. Users on the platform make dynamic access requests for data.Therefore,the access control is facing several difficulities,such as massice variety of resources,dynamic access environment, the multi-domain information environment,fine-grained access and etc. It's necessary to design a safe and effective access control mechanism to protecet the data platform and service.Aiming at these problems, this paper proposes a multi-attribute access control mechanism to ensure the security of data platform access control in cloud environment. Firstly, we study the design idea and implementation process of existing attribute-based access control mechanisms, and analyzing their advantages and disadvantages. On the basis, combining the characteristics of multi-attribute partition and access control policies in cloud environment, we propose the algorithm of policy tree and LSSS attribute matrix and the corresponding authorization verification algorithm.Because of that the large number of access control needs frequent read strategy of the situation, In order to improve the system performance, we design the policy cache scheduling and management shceme based on the policy weight. On the basis of the LRU scheduling algorithm, two key eigenvalues, the policy associated data size and the policy life-length, are added to calculate the weight of policy.According to the weights, we sort the policies and schedule them to realize the efficient and dynamic cache scheduling. Finally, we build a data service platform to verify the effectiveness and feasibility of the attribute-based access control mechanism.This design improves the efficiency of access control from the aspects of efficient policy resolution,fast authorization verification and dynamic policy cache scheduling. The experiments show that this design is feasible. Therefore, it can realize efficient, secure, fine-grained access control and adapt the data platform in cloud environment where there are complex and diverse attributes, dynamic access,and etc.