Access Control Research On Data Security In Cloud Computing

With the advantages of easy maintenance,low investment,reliable service,flexible deployment,cloud computing has been widely concerned by enterprises and scholars at home and abroad.Each country has invested a lot of material and financial resources for the study and construction of cloud computing.Cloud computing is facing a security threat while it is developing continuously.The needs of the security of cloud computing applications cannot be satisfied only using the identity authentication technology.So ensuring the credibility of the user's behavior has become one of the important issues of cloud computing applications.In recent years,an increasing number of researches has been done on the trust based access control.Any trust based access control model should have a relatively high security control strength.However,some factors that affect the trust value and the factors of the network itself are still not considered in most of the research models.If the safety control strength is not changed with the changes of these factors,the data stored in the cloud will face a great security threat.The existing access control models are often implemented in centralized security policy management and static authorization based on the information.The security rules and security policies in the models are all set in advance.As long as they are set,the system's security strength will not change.In this thesis,we study the access control model based on trust and role deeply and carry out the main works as follows:(1)This thesis introduces the research status of cloud computing,access control technology and trust management,describes the basic knowledge of cloud computing,access control and trust model briefly and analyzes the advantages and disadvantages of the traditional access control models and trust models.(2)TBeth trust model and A.J?psang trust model do not take into account the dynamics and differences of the trust relationship.To solve these problems.In this paper,we consider various trust relationship,while increasing the confidence threshold concept.This thesis improves the existing trust based access control technology,adding the concept of trust threshold.In order to improve the security of the cloud data,we control the final distribution of the authority by the trust threshold.Firstly,we calculate the comprehensive trust value of users.Secondly,we classify the degree of the user's comprehensive trust and set a threshold for each level of trust value.The user can obtain the corresponding authority and access to the resources only when his or her comprehensive trust value is greater than or equal to the corresponding threshold.Thirdly,we calculate the trust value of the user's behavior by the fuzzy comprehensive evaluation method.Finally according to the historical and current trust value of the user,we take into account the direct trust degree and the recommendatory trust degree to adjust the user's trust degree dynamically in real time.The trust degree of the user is not only influenced by the current user's trust value but also influenced by the historical trust value.So the user's malicious behavior will impact on his or her subsequent access.The experiment shows that the improved model can be used to punish malicious users,which can improve the safety factor in the process of conversation.(3)The concept of security strength,the security strength adaptive adjustment module and the security strength judging module are added in the improved trust access control model.We take the context information such as the network's load,the service's allowing access time,the user's trust value and so on as the impacts of the security strength.Then we calculate the security strength through fuzzy reasoning and compare it with the preset security strength threshold.Finally we determined if the user's role should be activated according to the above comparison.