Design And Implementation Of Cloud Platform Access Control System Based On Hyper-Converged Infrastructure

In recent years,with the characteristics of on-demand use and pay as you go,and forming a resource pool and providing a unified scheduling interface serves users through the integration of hardware resources and software resources through virtualization technology,etc.,cloud computing has greatly reduces costs and improves ease of use.Cloud computing based on hyper converged architecture adopts distributed storage,and has many resources and technologies such as information network,information storage and virtualization in a single unit device,which reduces the difficulty of server architecture management,and multi unit devices realize their own modular horizontal expansion with the help of network aggregation,which has become the mainstream of cloud computing architecture.However,the cloud security problem of illegal users' unauthorized access to resources has brought a great threat to cloud platforms,and access control technology is an important means to solve illegal unauthorized access.However,the current access control model cannot meet the fine-grained,dynamic,and manageable needs of cloud platforms.Therefore,this paper will research on the access control of the cloud platform.The main research contents are as follows:(1)This paper proposes a multi-level,multi dynamic attribute access control model,namely MIDE-BAC model.In view of the characteristics of hierarchical elements,the attribute value of each element changes dynamically at any time,and the individual attribute restricts the fine-grained change of permissions in the cloud platform.This paper constructs a dynamic permission inheritance method based on multi-element hierarchy to realize effective management of role,resource,and operation element hierarchy permissions;This paper introduces dynamic atomic attributes as authorization constraints,designs a permission decision process based on dynamic attributes to achieve dynamic evaluation and fine-grained control of permissions;This paper has formalized the definition and description of the model,and proved that the MIDE-BAC model can effectively and safely realize the access control of the cloud platform from the characteristics of the model and the security principle.(2)Design an access control mechanism based on ontology model.Due to manual permission decision-making,there are problems of complex logic and low semantic scalability.This article combines the ontology with the MIDE-BAC model,and firstly,the ontology language is used to describe the elements in the MIDE-BAC model to realize the ontology representation of the MIDE-BAC model.Secondly,the mechanism realizes knowledge extraction based on ontology model and structured data to complete the establishment of knowledge base.Thirdly,this mechanism constructs a dynamic authorization reasoning method based on the knowledge base and custom rules to realize dynamic permission discrimination and implicit semantic mining.(3)This paper proposes a policies optimization method based on similarity measurement.Through the analysis of the optimization pair based on the hierarchy,it is judged whether the elements containing the hierarchy inheritance relationship in the policies meet the optimization conditions.For policies with optimized pairs,the similarity measurement based on the atomic attribute constraint set is used to realize static conflict/redundancy detection and automatic resolution,so as to realize the optimal management of the access control policies.(4)The access control model is applied to the cloud platform based on the hyper-converged architecture,and the cloud platform access control system based on the hyper-converged architecture is designed and implemented.The system consists of polices decision module,polices management module,polices optimization module and other modules.Finally,the function and performance of the MIDE-BAC model are tested.The experimental results show that the MIDE-BAC model improves the certainty of the authorization result and reduces the management cost under different policies scales.In addition,compared with traditional optimization methods,the policies management optimization algorithm designed in this paper has more optimization pairs detected and the optimization effect is more obvious.