Cloud computing provides a new way of communication network services,and has become the mainstream computing service platform.Therefore,the study of cloud computing technology has important practical significance.At present,in the cloud computing environment,security is one of the most noteworthy issues.In cloud security infrastructure,storage services should store data in the form of ciphertext.The implementation of cloud access control services is also associated with traditional access control models,such as role-based access control,attribute-based access control,free access control,etc.Traditional access control technology is only suitable for centralized and closed network environment,but it can not meet the needs of decentralized and open network environment in cloud computing environment.Therefore,it is necessary to propose a new access control model on this basis to protect data confidentiality and privacy.This thesis analyses the existing access control models of cloud computing,such as attribute-based,role-based and hierarchical identity management models.Based on role-based access control,two hybrid access control models are studied.One is based on user role and trust.The trust value of each node is calculated through the resource information provided by the service node.According to the trust value,the optimal transport node is determined to achieve the purpose of secure access between nodes.This model can not only avoid malicious attacks on service nodes,but also ensure the security of both sides.Secondly,a risk-aware access control model based on user roles and attributes is defined,and the components of the access control model based on encryption are defined,which can perceive the access risk.Through the analysis of user access process,design attribute value risk calculation method,and further simulation analysis,the two access control models proposed can meet the needs of distributed,fine-grained,dynamic authorization in cloud environment,make up for the lack of security in cloud computing environment,and enhance the security of cloud access control. |