Research On Attribute-based Access Control Technology In Cloud Computing Environment

The cloud computing service model improves the utilization of computing resource,reduces the cost of operation management and provides users with efficient and convenient services,the cloud security issues that follow also have a certain impact on the development of cloud computing technology.It is necessary to manage the storage and access of cloud data in the flexible,open and shared cloud computing environment,and access control technology can provide corresponding schemes for the control of user access services and data sharing and cloud security issues.The traditional access control technology may fail to meet some access control requirements proposed by the new cloud computing environment to ensure the confidentiality,integrity,and availability of cloud data due to its own shortcomings.Therefore,how to protect the security of data in the cloud and achieve dynamic,flexible,efficient security and fine-grained access control have brought greater challenges to access control technology in the cloud computing environment.In view of these problems,this thesis makes an study on the attribute-based access control technology in the cloud computing environment.The main research work are as follows:1.A detailed analysis of the research status of attribute-based access control model and attribute-based encryption access control scheme at home and abroad,and make a brief overview of the related knowledge of the access control model,attribute-based encryption and trust mechanism.2.Aiming at the problems of the traditional access control models cannot achieve dynamic,flexible and fine-grained access control of data in the cloud computing environment,a role and attribute-based access control model supporting trust management is proposed.The model calculates the user's trust value and judges the user's credibility by introducing the trust attribute,the Role-Based Access Control and Attribute-Based Access Control models are combined to complete the assignment of user-role and role-permission and filter roles and permissions,and dynamically reducethe user-role and role-permission mapping relationship according to relevant policies to obtain the user's minimum permission set.Security analysis and performance analysis show that the model can achieve a more dynamic authorization mechanism in the cloud computing environment and enhance the security and fine-grainedness in the access control process.3.Aiming at the problems of key security and user overhead of the Ciphertext Policy Attribute-Based Encryption(CP-ABE)scheme in the cloud storage access control process,a CP-ABE access control scheme based on multi-authorities in cloud storage is proposed.The scheme integrates trust into CP-ABE,and the multi-authorities are used to complete the generation and distribution of user keys by establishing a trust relationship between the attribute authorities and users,the user key is composed of a global key and an attribute key to enhance the ability to resist collusion attacks,the proxy server is used to store the user's attribute key and use it for partial decryption operations.Security analysis and performance analysis show that the scheme can achieve safe and efficient access control in a cloud storage environment by resisting selective plaintext attacks and user collusion attacks and reducing user-side overhead.4.Aiming at the problems of flexibility of key management and update brought by the change of user attributes in the CP-ABE scheme,a CP-ABE access control scheme based on RBAC and Attribute Certificate is proposed.The scheme connects RBAC,attribute certificate with CP-ABE,completes role-attribute mapping through RBAC and attribute information of roles in attribute certificate,and realizes effective management of role-attribute-permission mapping through the combination of RBAC and CP-ABE,the user key used for decryption is included in the attribute certificate,and the user key is updated by using the update of the attribute certificate in the case of attribute revocation.Security analysis and performance analysis show that the scheme has security and can effectively solve the problem of user key management and update when attribute revocation occurs.