云计算环境下基于信任的访问控制技术研究

发布时间：2018-04-25 19:03

本文选题：云计算 + 信任模型　；参考：《中国矿业大学》2014年硕士论文

【摘要】：云计算作为一种新型的计算模式，能够为用户提供强大的虚拟化、可扩展性的网络服务资源，但同时也面临着严峻的安全挑战。访问控制技术是保障云计算安全的重要措施，然而直接将传统的访问控制模型应用到云计算环境并不能有效地解决云计算开放环境所面临的不确定性及脆弱性问题。在云计算环境中，只有同时确保云计算环境内部与外部的可信性，才能够有效保证云用户与云服务端交互过程中双方的安全性。因此，本文重点研究云用户与云服务端之间的相互信任关系，并在此基础上实施云计算环境中基于行为互信任的动态角色访问控制。详细的研究内容总结如下：（1）提出了一个基于信任证据-信任属性-信任值三级结构的用户行为信任层次模型。在该模型中，首先搜集用户的历史行为信息作为原始信任证据，，然后对原始信任证据进行划分，按照其属性特征划分到不同的行为信任属性集中，最后根据用户的各个行为信任属性及其权重计算得出用户行为信任评估值。（2）设计了一个基于蚁群优化算法的云服务端信任评估模型。云计算中服务节点的信任评估应充分考虑用户对云服务端的信任关系随着交互次数以及时间的变化关系，该模型利用蚁群优化算法引入信任信息素作为判断服务节点的信任依据，在云计算环境中建立了一种动态且随时间和交互事件变化的节点行为信任模型，从而计算云服务节点的信任度，为用户推荐更加可信的云服务节点。（3）提出了一种云计算环境下基于行为互信任的动态角色访问控制方法（简称MTBAC）。本文分别从模型的定义、框架结构、算法流程以及多域授权决策机制等方面对MTBAC进行了详尽的定义与介绍。MTBAC充分结合RBAC模型的优势，并综合考虑云计算环境动态性、多域性的特点，在用户与云服务端相互信任的基础上，实施云计算本地域和跨域的动态角色访问控制策略。（4）设计两组仿真实验对MTBAC的性能进行比较和分析。通过与其他访问控制方法对比，来验证基于信任的访问控制方法在云计算环境中的有效性和适用性；通过云计算用户与云服务端双向信任与单向信任的对比实验，分析基于双向信任的访问控制的相对优势。
[Abstract]:Cloud computing as a new computing model can provide users with strong virtualization and scalability of network services resources, but also face severe security challenges. Access control technology is an important measure to ensure cloud computing security. However, the application of traditional access control model to cloud computing environment can not effectively solve the uncertainty and vulnerability of cloud computing open environment. In the cloud computing environment, only by ensuring the internal and external credibility of the cloud computing environment, can the security of both the cloud users and the cloud server can be effectively guaranteed. Therefore, this paper focuses on the relationship of mutual trust between cloud users and cloud service, and implements the dynamic role access control based on behavioral mutual trust in cloud computing environment. The detailed study is summarized as follows: 1) A trust hierarchy model of user behavior based on the three-level structure of trust evidence-trust attribute and trust value is proposed. In this model, the historical behavior information of the user is collected as the original trust evidence, and then the original trust evidence is divided into different behavioral trust attribute sets according to its attribute characteristics. Finally, the evaluation value of user behavior trust is obtained according to each behavior trust attribute and its weight. A cloud server-side trust evaluation model based on ant colony optimization algorithm is designed. The trust evaluation of service nodes in cloud computing should take into account the relationship between users' trust in the cloud service side and the number of interactions and time. In this model, the trust pheromone is introduced into the ant colony optimization algorithm as the basis for judging the trust of the service node, and a dynamic and time-dependent trust model of the node behavior is established in the cloud computing environment. The trust degree of the cloud service node is calculated, and the more trusted cloud service node is recommended to the user. In this paper, we propose a dynamic role access control method based on behavioral mutual trust (MTBACU) in cloud computing environment. This paper gives a detailed definition of MTBAC from the definition of model, framework structure, algorithm flow and multi-domain authorization decision mechanism, etc., which combines the advantages of RBAC model, and considers the dynamic of cloud computing environment. On the basis of mutual trust between user and cloud server, multi-domain dynamic role access control strategy of cloud computing is implemented. Design two groups of simulation experiments to compare and analyze the performance of MTBAC. Through comparing with other access control methods to verify the validity and applicability of the trust-based access control method in cloud computing environment, through the cloud computing users and cloud server two-way trust and one-way trust comparison experiment, The comparative advantages of bidirectional trust based access control are analyzed.
【学位授予单位】：中国矿业大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】