Research And Implemnetation Of Fine-grained Access Control Scheme In Cloud Environment

With the deepening of cloud computing applications,data privacy protection in cloud environment has become not only the focus of attention,but also the primary consideration for users to choose cloud services.Access control is to control the user's access to prevent data leakage caused by illegal users that access the data owner's data,Therefore,access control is an important part of privacy protection in cloud environment.Yet current access control mechanisms are difficult to adapt to different tenants' requirements of fine-grained division of permissions and users' needs of cross-tenant access.When attributes meet requirements but users' or roles' credibility is low,User Role Assignment and Role Permission Assignment will reduce security of tenant's data.In addition,they haven't taken into account the trust problem between tenants when users access across tenants,which are not suitable for dynamic multi-tenant cloud environment.The thesis studies trust model and fine-grained access control scheme in cloud environment,include:First of all,the thesis constructs a trust model based on role and attributes,including single-tenant and multi-tenant trust sub-models.This trust model takes the attribute problem into account,including subject attributes,resource attributes and environment attributes,and it resolves the problem that when attributes meet requirements but users' or roles' credibility is low,User Role Assignment and Role Permission Assignment will reduce security of tenant's data.And the multi-tenant trust sub-model solves trust problem between tenants when users access across tenants.So it can be applied to access control in multi-tenant cloud environment.And then the thesis construct an access control mechanism suitable for multi-tenant cloud environment,which combines Role-Based Access Control,Attribute-Based Access Control and trust model.The access control mechanism has the advantages of both Role-Based Access Control and Attribute-Based Access Control.It is flexible and easy to check user's permission,and it meets different tenants'requirements of fine-grained division of permissions and users' needs of cross-tenant access,improving the security of tenant's data.It is a more fine-grained access control scheme suitable for dynamic cloud environment.Finally,this thesis designs the fine-grained access control mechanism mentioned above,and has implemented it in a research fund project of Cloud Computing Environment Data Privacy Support Platform.It includes the design of the modules within the access control mechanism,and the interaction among access control module and other modules in the cloud platform.