Research And Implementation Of Cloud Resource Access Control Based On Microservice Architecture

With the rapid development of cloud services,the security of cloud resources is a matter of great concerned.Access control mechanism is a method which protect resources not to be used unauthorized users.This thesis aims at a series of problems exposed by the laboratory's existing cloud platform in resource access control: 1)implementation architecture,access control is only a functional module in a single architecture,with poor scalability? 2)access control technology,the use of access control technology has a single identity authentication mode,insufficient security and large granularity of authority control,which cannot be dynamically authorized.In view of the deficiency of implementation architecture,this thesis designs the overall architecture of access control platform based on micro-service architecture,and divides the overall architecture of access control platform into traffic access layer,micro-service governance layer and micro-service provision layer.The traffic access layer design realizes the high availability load scheme combining four layer load and seven layer load.The microservice governance layer is designed to implement a fault-tolerant scheme based on API gateway and Sentinel,and the client is designed to access the Nacos cluster.The communication and access control functions between services are designed in the microservices providing layer.In view of the shortage of access control technology,the micro-service provider layer implements dynamic fine-grained access control technology,which is divided into three modules: user management,access control and resource management.1)User management improves the problem of insufficient security in single authentication mode,and designs and implements multi-factor authentication.2)Permission control improves the problem that the granularity of permission control in access control technology is too large to dynamically authorize.The Access Control scheme Based on role-based Access Control(RBAC)and attribute-based Access Control(ABAC)is designed and implemented to realize fine-grained dynamic Access Control.In this thesis,attribute collection point,policy management point and policy decision point in ABAC authorization framework are implemented.In the policy management point,a scheme of conflict detection and resolution based on policy conflict probability is designed.In the policy decision point,redundant prefix coding and secondary index table are designed to improve the speed of policy retrieval.3)Resource management To manage and monitor cloud resources in real time.Considering the communication between services,the microservice provider layer implements efficient synchronous and asynchronous communication between services based on Dubbo RPC and Rocket MQ.Function and performance tests are carried out for the access control platform,function tests are carried out for the three functional modules of the micro-service delivery layer,reliability and concurrency tests are carried out for each functional layer in the system respectively,and efficiency of the strategy retrieval algorithm is tested.The test results show that the cloud resource access control platform implemented by microservices architecture can realize dynamic fine-grained access control and meet the expected performance requirements.