| The particularity of resource distribution and the necessity of information sharing in the cloud computing environment determine that we need a secure access control mechanism to solve the needs of information sharing among multiple security domains in the distributed environment as well as the adaptability and dynamic change of cloud users and cloud resources.In the cloud computing environment,there exists the problem of secure access control for multi-tenant cross-domain access to cloud resources,and different cloud access domains have different access control strategies.In order to propose an access control policy synthesis mechanism suitable for the cloud computing environment,this paper mainly studies the attribute-based access control policy model,operator design and automatic selection mechanism,as well as policy conflict detection and reduction,so as to realize the security requirements of each domain in the process of cross-domain access.The main work of this paper is as follows:(1)Aiming at the cloud computing access control strategy synthesis model,based on the fine-grained requirements of multi-tenant access resources in the cloud environment,the subject trust penalty coefficient and trust attribute are introduced into the traditional attribute-based access control model,and a subject-based Cloud computing cross-domain attribute access control model of trust punishment and trust to solve the problem of users illegally accessing resources after obtaining high permissions.(2)Aiming at the design and selection of cross-domain access strategy synthesis operators in the cloud computing environment,in order to achieve the fine-grained requirements of resource access in the cloud environment,design and formalize the access control strategy synthesis algorithms that support multi-value evaluation It makes the access control strategy synthesis in the cloud environment more in line with the actual strategy synthesis scenario.It also supports the scenario where the strategy evaluation result is a multi-valuestrategy synthesis.At the same time,a mechanism for automatic selection of operators using policy similarity and subject trust attributes is given,which enables automatic synthesis of cross-domain access control strategies in a cloud computing environment.Secondly,in the cloud computing environment,the subject trust similarity is proposed,which simplifies the complex calculation of subject trust in inter-domain mutual visits,expands the access control strategy similarity calculation method,and takes the access resource attributes into consideration to enable it to Perform similarity analysis on access control strategies with inconsistent resource attributes.(3)Aiming at the problem of conflict detection and resolution of access control policies in cloud computing,Hicuts algorithm is used to classify the policies in terms of the efficiency and accuracy of conflict detection,so as to reduce the amount of access control for conflict detection and improve the efficiency of conflict detection.For the access control strategy with conflict,the corresponding reduction is made according to the defined conflict type,and the resolution principle is mainly used to determine the principal trust and policy similarity according to the operator design principle.The experimental results show that the conflict detection method is more efficient and more accurate in the cloud resource security environment. |
PDF Full Text Request