The Research Of Dynamic Access Control Based On Risk And Role In Cloud Computing Environment

With rapid development and progress of computer science and technology,accelerating the process of information globalization,as an advanced technology in today's society,cloud computing is more and more respected by the community,all of people benefit from its rapid development whether corporation or individuals,people can more easily use resources on the network,However,cloud computing technology has many security problems,such as privileged user access,auditability,data location,isolation and recovery,long-term viability.Access control is one of the main strategies commonly used in information systems to authorize access and protect resources,it can adapt a variety of operating systems,databases and application systems,technologies upgrade the rapid development in recent years,single and simple access control policy already can not meet today's needs,access control model needs to improve scalability,security,flexibility,coordination of all aspects.In this paper,a dynamic risk-based and role-based access control model is proposed for access control in cloud computing environment,and the definition and construction of the model are given respectively in the management domain and between the management domains.Firstly,the technical architecture,functions and characteristics of cloud computing platform are analyzed.The existing access control technologies and models are compared and analyzed,and the conclusions are drawn that the access control model has not appropriate been applied to the cloud computing environment.This paper studies the application scenario of access control technology in cloud environment.Based on RBAC(Role-based access control)model,the concept of risk is introduced to combine the risk to make up the shortcoming of RBAC model.To the cloud environment can be flexible and dynamic licensing purposes,and ultimately ensure that the cloud of data security.In the field of intra-domain access,the paper separates roles and permissions,joins the concept of transactions between the two,makes the access authority no longer rigidly dependent on the role and permissions mapping,but by dynamic changes in risk value assigned to the corresponding user permissions.In this paper,we introduce the concept definition of new model and the matching relationship between entities,and describe the construction of permission structure(adjacency linked list),and give the algorithm of constructing privilege structure.It also describes the important parts of access control,request detection,risk calculation and authority update.The request detection is the system check whether there are authorization elements in the request to meet the conditions,if there is then authorized users to access,if not then rejected;The risk value is the dependency attribute of the authorization adjustment.After the end of each interaction,the risk value is re-calculated according to the interaction situation.The risk basic data and the risk value calculation method are given in the paper.At last,the author re-awards the authorization based on the above access situation.In the aspect of cross-domain access,the paper also introduces the concept of risk so that cross-domain access can be dynamically authorized.Firstly,several concepts are introduced,such as privilege expression,cross-domain trust degree and cross-domain risk function,the risk of an operation level can be get based on the risk value.Then,the basic variables of the model and their relationship are expatiated.The whole process of access is divided into three steps: rights matching,risk level calculation and dynamic authorization.Finally,the new model's safety is analyzed.The new model supports the principle of least privilege,separation principle,more adaptable to the complex and the environment changing characteristics,to ensure the security of cross-domain access.After a full and effective experiment,it is proved that the non-static model based on risk and role researched in this paper can reduce or avoid the action of the malicious group to the system and high risk,and succeeded in realizing the re-authorization of users at all levels.And the reliability and security of cloud resources are ensured.The research in this paper provides a reference for the implementation of access control technology in biased towards practical application.