Research On Cross-domain Access Control Model And Method In Cloud Service

The development of the society cannot get rid of the information dissemination and interaction,especially cloud computing has been developing very fast in recent years,generating more and more users spread and share information via "cloud".In order to insure the security of the information user stored in "cloud",a safe and efficient cross-domain access control will be especially important.For cross-domain access control model researching mainly having IRBAC2000 and based on the attribute mapping model,and some improved and developed model on the basis of them.But these models are not good to apply in the cloud computing platform.Therefore,it is very important to research the cross-domain access control model under cloud platform.This paper mainly studies the based on Third Party attribute mapping cross-domain access control in cloud services.Using GPL Hadoop to build cloud platform,and using the method tha t based on attribute mapping,and entrust the Trusted Third Party(Trusted Third Party,TTP),to control cross-domain access between different security domain sunified by the Trusted Third Party on the basis of previous studies.The main working and researching contents are as follows in this paper:(1)To import the trusted third party(TTP),in the first place the TTP's TVEM module will according to the subject's behavior history and environmental factors and others factors to calculate the inter-domain trust value,and the trust value between users and accessed domain.Then,through the SALM module mapping attributes,to solve problem that different security domains making many different mapping rules for same attribute that named different.Finally,jud ging by the AAM module,subject whether to meet conditions to cross-domain access.Hence,realizing the aim of cross-domain access control.(2)To study how to make the TVEM,SALM and AAM methods of the TTP come true,and to provide the model of cloud services based on attribute mapping of the TTP.First of all,analyzing and processing of each module to coordinate between the modules work and ensure the feasibility of the system.Then,analyzing and researching of the model based on TTP attribute mapping in cloud service to ensure the whole system process become more intuitive.Finally,summarizing the of the whole system's algorithm and giving the algorithm flow,and realizing the system's functional modules from the idea of programming.(3)To study the method constructs a cloud platform using GPL Hadoop,and to exploit a test system based on TTP attribute mapping of cross-domain access control on the platform.First,analyzing the system requirements and selecting the appropriate software version.Then,installing the software,building the server,and modifying the correspond system configuration to ensure the system running normally.Finally,developing a cross-domain access control system based on TTP attribute mapping on the platform,and testing the system to verify the feasibility of the method proposed in this paper.