Research On Cloud Computing Data Security Access Control Mechanism

As the network structure becomes more and more complex and dynamic,cloud computing has brought great convenience to computer users and has met people's requirements for computers to quickly process data.However,due to the characteristics of cloud virtualization,uploading data to the cloud will cause users to lose control of the data,coupled with frequent data leaks,making users worry about cloud data security.After the data is uploaded to the cloud,users want to control their own data for access by legitimate users.Because of the huge amount of data and the large number of users in the cloud,how to protect the privacy of users,and prevent illegal access to data has become a key issue for cloud computing which the purpose is to achieve legitimate access for users.Access control technology is an effective way to solve cloud security problems.Appropriate access mechanisms are important to identify the legal identity of users and improve the security of cloud computing systems.This paper develops the access control mechanism to ensure data security in the cloud environment.The research content and innovation of the paper mainly include the following aspects.Firstly,this paper analyzes the security threats in the current cloud environment,explains the significance of studying cloud computing access control strategies,describes the current research status of access control,attribute encryption mechanisms,and the advantages of attribute encryption applied to access control.After discussing the shortcomings of the access control scheme in solving the data security problem,the solutions to the existing problems are proposed to improve.Only users who meet the attributes of the access policy can decrypt and obtain the encrypted plaintext key after decryption,so as to decrypt the plaintext.This method can strengthen the management of the key,protect the data in plain text,and effectively avoid the problem of key leakage.It uses a combination of symmetric encryption and asymmetric encryption to ensure security and reduce computing overhead.Secondly,this paper focuses on the key leakage and heavy computational overhead in access control.Based on the commonly used encryption system CP-ABE,it conducts research and introduces hierarchical key management technology to solve the key leakage problem.It is divided into upper and lower layers to encrypt the plaintext and key respectively.The lower layer encrypts the plaintext.The upper layer encrypts the data according to the data access policy.Thirdly,this paper addresses the need for data owners to be unable to modify user access permissions dynamically and efficiently.When the upper-level plaintext data is encrypted,the first step is to add data permission control key to achieve fine-grained access.The data owner authorizes trusted users to overwrite the data.In order to achieve the permission control of data resources,the second step is the introduction of the key version,aiming to ensure that users get the latest version of the private key according to their own attributes.The attribute organization in the access model attaches the private key version when generating a private key for each user.Each private key will be updated to the system.Only the latest private key and the attributes match the policy can decrypt the ciphertext,otherwise it cannot be decrypted.This method implements access control after user attributes are revoked,the key version is maintained in the access policy,and the system is updated in real time to implement an attribute revocation method that does not require updating of other users' keys.Finally,Aiming at the problems of data attacks in the process of cloud computing data security access control,this paper presents a cloud computing data access control scheme based on integrity protection.In role-based access control,a group-oriented digital signature scheme is proposed.The ELGamal encryption algorithm is used to generate a signature that can be used to verify user access in the group to ensure the reliability and integrity of the message source.When calculating the digital signature,the private key of the signer and the public key of all users are used.When verifying the data integrity,the cloud service provider cannot derive the signature source through the key,effectively protecting the user's identity privacy.