| Cloud computing is widely used as a rapidly developing network information technology.Users can obtain cloud computing services that are provided by cloud service providers dynamically and flexibly according to their own needs without having real physical computing resources.However,with the rapid development of cloud computing,it also brings many new security risks and challenges for users.How to ensure the security of users' data in the use of cloud computing services has become a key scientific problem that needs urgent solution.The issue of safe sharing of cloud environment data is studied in the following areas:(1)Multi-center identity management technology for hybrid cloud environment is proposedWe have conducted in-depth analysis of the system architecture and interaction modes of the hybrid cloud environment and the current mainstream unified identity management mechanism.Aiming at the cross-domain access and single sign-on application requirements of identity management in hybrid cloud environment and the performance bottleneck and security bottleneck of traditional centralized identity management technology,a multi-center identity management technology for hybrid cloud environment is proposed.The technology realizes the whole process tracking and management of user identity information in the cloud environment,and adopts a strong authentication mechanism for mutual authentication between the cloud service user and the cloud service provider to ensure two-way trust between the user and the service provider.It can effectively resist replay attacks and man-in-the-middle attacks on cloud platforms by malicious attackers.The reliability and efficiency of the single sign-on service of the user is ensured through multiple centers,and the proposed single sign-on protocol is analyzed for security and experimental verification.(2)A distributed access control mechanism based on attribute encryption for cloud services is proposedIn response to the severe security challenges faced by users currently storing data in the cloud computing environment,the combination of cryptographic technologies and access control technologies is applied to the security protection of cloud storage data.We propose a distributed access control mechanism based on attribute encryption for cloud services.This mechanism can effectively ensure the confidentiality of data in the cloud storage service,and can achieve fine-grained access control and permission management of data resources.And based on the distributed multi-center access control system to manage the entity attributes,it can effectively improve the management efficiency of the system key,effectively improve the availability and robustness of the system,effectively reduce the need for the cloud platform encryption and decryption system Overhead,effectively reduce the potential security risks in the operation of a single authorization center.(3)Data Security Framework for Hybrid Cloud Environments is proposedResearch and analysis of data security protection frameworks and related technologies in the current cloud environment,and the existence of complex security environments and application requirements for private clouds,public clouds,trusted cloud services,untrusted cloud services,etc.In a cloud environment where trust relationships are difficult to establish and trust levels are difficult to assess,we propose a data security protection framework for hybrid cloud environments.It implements full-process data security protection for each stage of public,private clouds and their hybrid clouds,and solves the dynamic problem of access control under cross-cloud conditions.The framework is based on the ABAC model and can effectively enable users to access resources across the cloud.Fine-grained access control improves service and resource awareness of entity attributes.The framework is versatile,flexible,and extensible. |
PDF Full Text Request