Research And Application Of Data Protection And RBAC For Cloud Service

With the development of computer science and technology and the continuous process of global information technology,cloud computing has played an increasingly important role in people's daily lives.Cloud service providers put resources,including servers,storage,networking,applications and the others together to supply efficient and inexpensive resource services to the majority of enterprises and various types of users,through virtualization,distributed computing technology or other technologies.However,data security issues in the development of cloud computing continue to be exposed,the frequent occurrence of data leakage has become the main reason restricting its development.Based on the analysis and summarization of the domestic and international research results on cloud computing access control and data encryption technology,this thesis takes the CRM cloud service which is widely used by small and medium-sized enterprises and the majority of users as the practical application background,and analyzes the data security risks of multi-tenant environment in cloud computing faced by the enterprise and the actual data security requirements of the enterprises.Data security strategies has been put forward,implemented and analysed from the point of view of access control and data encryption protection,which is based on the characteristics,like the frequent data operation and sensitive data accumulation,of CRM cloud service.The strategies include two parts.The first part is to extend the role-based access control model commonly used in CRM cloud service.The extended access control model called CT-RBAC includes the client environment constraints and allocates the system administrative privileges to the system administrator,the security administrator and the review administrator based on the three-power separation management thought to control the administrator's authority.The "review information generation tool" and the review process,which can be used in cloud services,is designed to enable review administrators to audit data operation and access conditions within tenant's scope in cloud.They enhance the review and traceability of data usage in cloud.The second part is to design and implement data encryption protecting and sharing methods.Based on the symmetric encryption algorithm and identity-based proxy re-encryption algorithm,a file encryption and decryption client tool and key management service are designed and implemented for CRM service users.They can be used to encrypt important files and share safely in groups.By deploying the multi-tenant CRM system using CT-RBAC model and key management service in the cloud server,the effect of CT-RBAC model is tested and the methods of data encryption and sharing is implemented,which prove the effectiveness of the strategies to enhance the data security.